Selling into the government means abiding by a number of strict procurement rules around RFP submission, security and clearance compliance, and even buying lunch for customers. Luckily, in addition to these rules, government contractors can hone in their B2G marketing with clear, publicly available guidance on exactly the solutions government needs.
Each administration brings with it a new set of priorities that inform budgets and investments. As we near the halfway point of the first term of the Biden administration, there are a number of key documents that will guide what technologies and solutions government customers will buy.Continue reading →
Zero Trust is a logical evolution of security in a world where remote access to networks and applications is more common than being on-site with an organization's data center. From cloud applications to the explosion of remote work, the traditional "castle and moat approach" simply does not scale or protect networks that are constantly being accessed by outside users.
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
For the past 17 years, the Cybersecurity & Infrastructure Security Agency and the National Cybersecurity Alliance have led a month-long national focus on cybersecurity best practices. In coordination with a number of organizations around the country, each October features events and campaigns to help educate businesses and individuals on avoiding dangers lurking online. As with everything else, the activities for the 2020 Cybersecurity Awareness Month will look a bit different. But perhaps it is fitting that most of it will be taking place online. It's a great opportunity to practice what you preach when hosting virtual events and resources.
The theme for 2020 is "Do Your Part. #BeCyberSmart," encouraging individuals and organizations to look at their own role in protecting cyberspace and providing proactive steps to enhance cybersecurity. A big part of this is the idea of "if you connect it, protect it." Resources and speakers will focus on securing devices at home and at work, securing Internet-connected healthcare devices, and looking ahead to the future of connected devices.
In government, doing "your part" means making a transition to a zero trust security environment where access controls are maintained around data and systems even after someone has shown the proper credentials to get into the network. The name "zero trust" implies a difficult hurdle that has to be overcome to earn the trust, but that is not the case. A different way of looking at it is "context-based trust" or "variable trust" meaning that devices with network access will receive immediate entry. Other devices that are unknown to the network will be subject to additional checks and balances. Key to this is establishing what is perceived as normal behavior on the network and by users. As activity deviates from that norm, systems and data can be locked up until legitimate access is verified. Continue reading →