Ransomware, malware, phishing, DDoS, social engineering, zero-day exploit, botnets – the list of types of attacks out there is long enough to keep even the most seasoned cybersecurity expert awake at night. And with the increased use of remote computing, the cyber attack surface grows as more edge devices are added to networks. Creating a zero trust environment holds a lot of promise to provide significantly improved cybersecurity. In th...

The cybersecurity slogan for zero trust is a simple one: Never trust, always verify. This slogan fits into the Department of Defense mindset, which is always focused on how to reduce risk, but it’s a challenge to apply it to the federal government’s largest agency. An important tool in pursuing zero trust is to implement microsegmentation – partitioning a network into small, isolated sections to reduce the attack surface in e...

Cybersecurity is akin to the 20th century Cold War. On the one hand, bad actors – whether nation-states or common criminals – are constantly searching for new vulnerabilities and creating new tools to attack them. On the other, all government agencies and private sector companies are trying to remain alert and find new ways to fend off those attacks. Among the innovative ways agencies are responding to the ever-evolving threat land...

The central premise of Office of Management and Budget Memo 22-09 laying out the Federal Zero Trust Strategy is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Controlling access is everything. This makes defining identity crucial – not just for people, but for every device of any kind that tries to access an agency system. The strongest form of identity management is attribute-ba...

As agencies move to implement a zero trust architecture, the dispersed nature of their cloud-based and hybrid networks means more attention than ever must be paid to the security of Active Directory (AD), which administrators use to manage permissions and access to network resources by far-flung endpoints. Attackers can gain unauthorized access to a company’s data if Active Directory is compromised; monitoring your AD will help protect s...

The cybersecurity slogan for zero trust is a simple one: Never trust, always verify. States, localities, tribes and territories face the same cyber threats as the federal government, and many of their agencies are wrestling through how they can implement zero trust architectures. One of the most important elements in pursuing zero trust is implementing microsegmentation — partitioning a network into small, isolated sections to reduce the...

One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

As State and Local agencies pursue their zero trust goals taking into consideration the Executive Order 14028, “Improving the Nation’s Cybersecurity,” it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that will use the redesigned systems to better meet their agency’s mission. If a zero-trust impl...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

It has been almost seven years since the White House issued Presidential Policy Directive 40, setting out the federal continuity policy “to maintain a comprehensive and effective continuity capability through Continuity of Operations (COOP), Continuity of Government (COG), and Enduring Constitutional Government (ECG) programs, ensuring the resilience and preservation of government structure under the United States Constitution and the co...