For employees, one silver lining of COVID-19 is agencies are expected to be more open to telework after the pandemic. For agencies, however, this means defending a wider attack surface, with applications, data and devices reaching far beyond the network perimeter.
That’s where zero trust security comes in. Zero trust requires agencies to authenticate, authorize and continuously monitor everything accessing their resources. Whether it is devices, users or other entities, zero trust covers everything outside — and inside — agencies’ network perimeters.
To learn how agencies can weave zero trust cybersecurity into their daily operations, GovLoop spoke with Brandon Shopp, Vice President of Products at SolarWinds, a zero-trust security software provider.
Shopp revealed three tips for making zero trust cybersecurity a given in agencies’ routines.
1. Change Mindsets
Face it — agencies have long assumed their perimeters would keep external cyberthreats away from their resources. Many of these agencies have also historically assumed that everything inside their perimeters is friendly. According to Shopp, the zero-trust mentality begins with discarding both ideas about cybersecurity.
“Zero trust cybersecurity is a more cautious approach,” he said. “It is the inverse of the way things have been done in the past.”
Consider changing roles within agencies; firings, hirings and promotions can leave people with permission to access key resources they should no longer have. With zero trust, agencies constantly revisit their employees’ access rights to keep their resources safe and sound.
2. Revisit Endpoint Security
Overall, zero trust is about increasing cybersecurity analysis and visibility agencywide. To achieve this state, agencies must evaluate their attack surfaces and endpoints before updating their cybersecurity strategies accordingly.
Shopp said the increase in remote work nationwide made this notion especially relevant. With scores of remote workers using different devices and networks to complete their work, zero trust security can monitor and maintain all this traffic.
“The perimeter of the network has changed,” Shopp said. “There are a lot more entry points and risk points in your environment.”
3. Give IT a Hand
Many agencies struggle to compete with the private sector for talent; this includes cybersecurity personnel who prefer to work with the latest programs and technologies. According to Shopp, automating zero trust security can relieve some of the pressure agencies’ workforces are facing.
Automation involves machines performing manual tasks with little to no supervision from humans, and it can be a gamechanger for agencies.
Automation can assist agency personnel with configuring networks, patching software vulnerabilities and authorizing users for access to IT assets. Gradually, the result is a world where cybersecurity staff can do more with less people.
“IT staff are not growing — if anything, they’re shrinking,” Shopp said. “Our platform will plug certain holes you may have.”
This article is an excerpt from GovLoop’s recent guide, “Reinventing Government: 20 Innovations for 2020.” Download the full guide here.