Wholesale change is tough. It’s especially complex when change affects nearly every aspect of how you work, connect with colleagues and serve constituents — all while doing so securely.
That’s the promise and challenge of embracing zero trust. The reality of cyber espionage as Russia invades Ukraine coupled with the threat of ongoing attacks against critical national systems are proof that the stakes are much higher, said Tom Roeh, Director of Systems Engineering for Public Sector at ExtraHop.
So much of our world, our lives, is controlled by software. The delivery of practically all vital public services hinges on trustworthy software. That includes the electric grid, water systems, supply chains and modern warfare. “Those are life-and-death types of situations,” Roeh said.
ExtraHop’s contribution to the zero trust journey is centered on helping agencies gain comprehensive visibility into all the systems and assets that make up their zero trust architecture. Roeh has seen a growing demand for end-to-end IT oversight, especially over the past nine to 12 months.
Agencies are investing in capabilities to automate a lot of the data capture and analysis around what is happening on the network, which is a sweet spot for ExtraHop. They’re investing in efforts such as the government’s CDM program, which provides automated, risk-based cybersecurity of federal networks. The program is undergoing a revamp to align with zero-trust principles.
No one agency or vendor has all the zero-trust answers, though. Roeh offered thoughts around the networking and data visibility piece to help inform how agencies think about their security journey.
Make Planning and Preparation a Priority
“It’s natural, particularly for technical folks, architects, engineers, to want to go straight into building things,” Roeh said. But zero trust is a fundamental shift in how agencies design data centers and applications and how users access those resources.
“It’s important that we get it right given the stakes involved,” he said. “The planning and preparation phase is key.” A major component of that work is fully understanding the current state, which oftentimes gets ignored. Before embarking on any large IT security shift, agencies have to understand their environment, including:
- Who are our users?
- What applications do they use?
- What applications are not being used?
Make Visibility a Priority
“It all starts with visibility,” he said. “You can’t change or re-architect systems that you don’t fully understand.”
That’s true whether you’re in the planning, implementation or ongoing monitoring phase of zero trust. For agencies partnering with ExtraHop, they’ve benefited from the robust data capture and security operations monitoring called for in the president’s cybersecurity executive order.
“Overall, zero trust inherently reduces the blast radius of attacks that hit our public and private sectors,” Roeh said. “If one user compromises a particular application or system, they should not be able to access the broader aspects of the agency itself.”
This article is an excerpt from GovLoop’s guide “Why (Zero) Trust Matters at Work: And How to Foster It.”