Cybersecurity is tough for governments to solve as cybercriminals invent new ways to harm agencies daily. Think of ransomware, which blocks access to or threatens to leak the victim’s data unless a ransom is paid. In recent years, this malicious software has targeted major cities such as Baltimore — and more attacks are sure to come.
How can agencies become just as innovative about cyber defense as bad actors are about cyber offense? Zero trust security might be exactly the protection agencies need against attacks that are evolving in sophistication. Zero trust cybersecurity assumes that every system, user and entity is untrustworthy and does not warrant access to agencies’ valuables until proven otherwise.
According to James Yeager, Vice President of Public Sector and Healthcare at CrowdStrike, a leading provider in the cybersecurity space, zero trust security is about achieving outcomes rather than implementing projects or tools.
Here, Yeager walked agencies through the three components they need to achieve zero trust cybersecurity.
1. Enhance Visibility
Complete and total visibility into an agency’s resources are the most foundational part of any successful zero trust security strategy, Yeager said. Whether it is conventional endpoints such as data, laptops, servers or cloud workloads, agencies must continuously monitor their sensitive assets.
“An organization’s ability to get high-fidelity information about the technical footprint of their enterprise is key,” Yeager said.
2. Manage Identities and Access
Identity and access management (IAM) establishes a framework of policies and technologies for ensuring the right people have the correct access to the appropriate materials for their jobs. Yeager said IAM is the second part of the journey toward innovative zero trust cybersecurity.
“If you lack confidence in the story your tools are telling you about your enterprise, you’re going to be challenged with identity and access management,” he said.
Consider implementing multi-factor authentication, a security process that forces users to provide two or more pieces of information verifying their identity before they can gain access. By wielding tools such as multi-factor authentication, agencies can become more vigilant about their cybersecurity.
3. Put Policies in Place
Defining, implementing and enforcing policies for conditional access to treasured materials is the final stage of healthy zero trust cybersecurity, Yeager said.
Look at continuous monitoring, which can give agencies knowledge about every activity on their networks in real time. Using this information, cybersecurity teams can make better decisions about dealing with potential threats.
Cybersecurity platforms, such as CrowdStrike Falcon®, help with implementing the principles required for a successful zero trust architecture: continuous monitoring and visibility, IAM and strict policy governance. After that, agencies can customize the tools they need to fit their unique mission needs.
“There’s no singular way to achieve zero trust,” Yeager said. “But if our security programs are to be successful, we must innovate and start adopting the characteristics most commonly associated with the adversary — speed, agility and adaptability.”
This article is an excerpt from GovLoop’s recent guide, “Reinventing Government: 20 Innovations for 2020.” Download the full guide here.