Two years following the "Cyber EO" naming zero trust as the security architecture of the future and after one year of implementing the Federal Zero Trust Strategy, federal agencies have made important progress predicting and identifying roadblocks. With the first major deadlines coming at the end of 2023, this year is critical for figuring out how to overcome identified barriers.
A survey found that 35% of federal CIOs say they have "intermediate or advanced" zero trust capabilities in place, but there are concerns about having the right resources and funding to fully meet administration mandates. Nine in 10 respondents agreed a key step is having a zero trust assessment performed by an outside resource to identify gaps and key focus areas, but contracting and finding funding for this effort is difficult. With this assessment, existing resources can be assigned to the most critical and impactful areas, and the need for additional funding and resources can be prioritized. Funding specifically earmarked for zero trust will be in FY24 budgets. This funding is determined by aligning the work and tools needed across each capability area.Continue reading →
Selling into the government means abiding by a number of strict procurement rules around RFP submission, security and clearance compliance, and even buying lunch for customers. Luckily, in addition to these rules, government contractors can hone in their B2G marketing with clear, publicly available guidance on exactly the solutions government needs.
Each administration brings with it a new set of priorities that inform budgets and investments. As we near the halfway point of the first term of the Biden administration, there are a number of key documents that will guide what technologies and solutions government customers will buy.Continue reading →
Zero Trust is a logical evolution of security in a world where remote access to networks and applications is more common than being on-site with an organization's data center. From cloud applications to the explosion of remote work, the traditional "castle and moat approach" simply does not scale or protect networks that are constantly being accessed by outside users.