Charged with keeping their organizations safe, security teams have historically put in place solutions that stop and prevent risky behaviors — not encourage collaboration.
This has long caused friction for accelerators of innovation, especially if data is core to their efforts. But Vice President of Customer Success Jason Greenwood and his colleagues at Code42 are reshaping that narrative — using cybersecurity.
“As we look at zero trust as a new paradigm of security, it’s an opportunity and not a deterrent,” said Greenwood. “A lot of people don’t want change, but it’s an opportunity to do things better.”
Cybersecurity firm Code42 brings that mindset to a variety of industries, including government. It’s focused on how data — one of five pillars of zero trust — can be highly secure while fostering a culture of collaboration.
So how is that reality taking shape in government, and what can agencies do to foster this type of culture?
1. Look Holistically
“The urgency around zero trust is driven by the increased variability of our current work environment,” Greenwood said. “Not only has our legacy approach to lock down systems and networks not worked well, but now you combine that with a hybrid-remote workforce, and the network perimeter is gone.”
The past two years have proven that employees can be productive outside the office and have also highlighted the need to understand what users are accessing in terms of data, systems and applications.
“Zero trust is really good at managing and assessing risk holistically across not only users and the devices, but also data access — and where or how data is put at risk in different situations by different people,” Greenwood said.
2. Prioritize the Data
The zero trust pillars are identity, device, network, application workload and data. Organizations tend to start with networks and identity management, putting less importance on data initially.
It’s true that you have to start somewhere and can’t tackle everything at once. But leading with data is vital because you have to understand what you’re protecting, Greenwood said. If you don’t start with data — who’s accessing it and how — then you’re shooting in the dark when it comes to how to protect it.
Zero trust at its best is invisible, meaning it doesn’t create barriers for work but rather enhances the user experience through intentional security practices.
3. Think Differently
Code42 advocates for organizations to take a different approach to data protection. They continue to challenge the notion that technology is inadequate if it doesn’t block data movement. Code42 believes that controls are necessary, but without context leads to further risk as users will always find ways around the barriers put in place if it means getting their job done effectively.
“That’s not our approach at all,” Greenwood said. “It’s critical to understand what, how, where and by whom data is moving and then assign a relative risk to it so we can take appropriate action.”
This article is an excerpt from the GovLoop guide “Why Zero Trust Matters at Work.”