In our interconnected and highly-globalized world, agencies must deploy emerging technology to improve service delivery and connect employees to data anywhere, anytime. But as trends like cloud, virtualization, telework and mobile continue to gain traction in government, cybersecurity cannot be an afterthought: it’s mission critical. And now, more than ever before, mitigating the impacts of a cyberattack is of the highest national importance.
Today, cyber hackers can be anyone from disgruntled employees, nations or terrorist organizations. Therefore, how we protect government networks requires a shift in mindset. The network security phrase “trust yet verify” is now an archaic way of addressing the challenges of network security.
No longer can agencies trust that they have an impenetrable boundary as their first line of defense to protect their data. Cyber professionals now realize that no information is safe. There is no longer an easily defined security perimeter. No person can be trusted. And, inevitably, an organization will be attacked.
That’s why now is the time for government to embrace a new approach to cybersecurity. This change in mindset is what Forrester Research describes as the “Zero Trust” model.
Throughout this research brief, GovLoop and VMware will illustrate the benefits of a Zero Trust approach to cybersecurity, and how it can help organizations remain safe and secure in the radically changing world of network security. Specifically, this report will:
- Examine findings from a recent GovLoop and VMware survey of 80 respondents, mainly state and local government employees
- Discuss micro-segmentation and how it relates to a Zero Trust approach.
- Highlight findings about Zero Trust from Forrester Research.
- Include comments explaining the Zero Trust model from two industry experts at VMware: Ahmed Ali, Networking and Security Account Manager; and Geoffrey Huang, Director of Product Marketing, Networking and Security.
With the Zero Trust model, state, local and federal agencies can protect all resources regardless of location; deploy a least privilege strategy with strict access control; and inspect all log traffic on a network. With this model, government, at all levels, can be confident that their networks are secure, and prepare to mitigate the impacts of an attack when one occurs.