Cybersecurity
, ,

Best Practices in Zero-Trust Architecture

Agencies need to tackle cybersecurity in a holistic way, relying on zero-trust strategies that shift from complex and inefficient approaches to more streamlined, process-oriented systems.

Let’s explore a few ways that you can make that shift with these zero-trust best practices from Richard Breakiron, Senior Director of Strategic Initiatives for the Americas Public Sector at Commvault:

Leverage the Value of an Initial Assessment
As agencies modernize for cyber resilience, it makes sense to start by taking an initial
inventory, because you can’t fix what you can’t see. Without understanding the root
causes, “you end up treating the symptoms without fixing the underlying problem,”
Breakiron said.

That assessment will help identify weak points and rank their urgency, while also
surfacing areas of inefficiency.


Connect People, Processes and Technology
“A leader of DoD’s cyber warriors said recently, ‘I start every day with people shooting at
me, trying to kill me,’” Breakiron said. Cyber is a pitched battle, and victory (in the form
of resilience) demands alignment across people, process and technology.

“In your e-assessment, you might find a major problem is with people: Maybe they use
the word ‘password’ as a password and recognize that process and/or technology can
fix that,” he said. “It’s all interconnected.”


Take a Risk-Based Approach to Resilience
Granting access to systems always entails a certain degree of risk. “Resilience is not about risk elimination, it’s about risk management,” Breakiron said.

“Resilience is a sliding scale based on what you are trying to protect. It’s never a one-size-fits-all,” he said. “That initial assessment should include a risk evaluation.”


Ensure Zero Trust Doesn’t Impede the User Experience
Resilience will falter if you embrace solutions that are too burdensome for the end user.

“If you make entry into the system too hard, you’re going to motivate people to find a
back door: You’re going to motivate bad behavior,” Breakiron said. “The user interface
has got to be the simplest, most intuitive part.”

When you introduce ZTA, “you have got to get people involved. Sit down with a testing
group of people and say ‘Do you want to remember a really difficult password, or
would you rather have the hard token and an eight-digit number?’ A platform will have
multiple ways to manage this,” he said.

Discover how your agency can better align its people, processes and technology for effective and efficient security with this new report, Achieving Efficiency, Resilience Through Zero-Trust Architecture.

Leave a Comment

Leave a comment

Leave a Reply