As agencies move to implement a zero trust architecture, the dispersed nature of their cloud-based and hybrid networks means more attention than ever must be paid to the security of Active Directory (AD), which administrators use to manage permissions and access to network resources by far-flung endpoints. Attackers can gain unauthorized access to a company’s data if Active Directory is compromised; monitoring your AD will help protect s...

The cybersecurity slogan for zero trust is a simple one: Never trust, always verify. States, localities, tribes and territories face the same cyber threats as the federal government, and many of their agencies are wrestling through how they can implement zero trust architectures. One of the most important elements in pursuing zero trust is implementing microsegmentation — partitioning a network into small, isolated sections to reduce the...

One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

As State and Local agencies pursue their zero trust goals taking into consideration the Executive Order 14028, “Improving the Nation’s Cybersecurity,” it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that will use the redesigned systems to better meet their agency’s mission. If a zero-trust impl...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

It has been almost seven years since the White House issued Presidential Policy Directive 40, setting out the federal continuity policy “to maintain a comprehensive and effective continuity capability through Continuity of Operations (COOP), Continuity of Government (COG), and Enduring Constitutional Government (ECG) programs, ensuring the resilience and preservation of government structure under the United States Constitution and the co...

After decades of delay, cybersecurity has become a defining issue for the United States. In response, when the White House laid out its zero trust requirements in January 2022, it set an ambitious goal – that all agencies have their zero trust infrastructure in place before October 1, 2024. This is because of the reality of the digital age: a persistent threat environment is the norm in the IT world, and agencies have to assume they...

Cyber attacks are on the increase across all levels of government – and state and local governments are often targeted because they have fewer resources for security. For instance, an October 2022 survey found that more than half of state and local governments faced ransomware attacks in 2021, and just one in five organizations successfully stopped the attack. Strengthening the security and resilience of these agencies’ systems req...

The entire concept of zero trust can be boiled down to four words – never trust, always verify. But short, simple statements usually have a lot of moving parts to make them reality. When the Office of Management and Budget issued its Federal Zero Trust Strategy in January 2022, it set the end of Fiscal Year 2024 – September 30, 2024 – as the completion date for a host of cybersecurity standards and objectives to be completed...

The state of Colorado is undertaking a top-to-bottom modernization of its IT infrastructure, aimed at achieving what the Governor’s Office of Information Technology describes as four "wildly important goals." Four major initiatives (tech transformation, broadband access, digital government services, and enhanced employee engagement) are intended to deliver more and better digital services that improve residents’ lives and increase...