While every agency thinks it’ll never happen to them, hacks and other cybersecurity compromises are happening seemingly every day nationwide. Every agency is vulnerable as it only takes one correct move by a hacker or one click by an employee to compromise an entire system.
Whether a foreign government or an individual trying to make a quick buck wants your data, it’s at risk. Today’s modern hybrid IT environment killed the notion of a secure perimeter safeguarding government networks. Cybersecurity is slow to adapt to new technology and statically built around the entire network, instead of around individual users. The surface area vulnerable to attacks is only increasing. Risk is existential.
“All of the sudden you end up with multiple pieces of technology and massive policies trying to solve [the security] problem,” Michael Friedrich, Cyxtera Vice President, said at GovLoop’s virtual summit, The Intersection of Technology and Management, on Wednesday. “IT changed, but our security didn’t.”
Government, it seems, is doomed to succumb to cyberattacks.
But it looks like there’s a better way, according to experts at the security infrastructure company, Cyxtera.
Friedrich and Cyxtera President Gregory Touhill spoke during a session titled “How Secure Is Your Agency? – Exploring Zero Trust” to explain how zero trust can help government overcome these pervasive threats. Their session explored zero trust as an approach to overcoming outdated cybersecurity systems and protecting sensitive data from advanced threats.
Touhill, former United States Chief Information Security Officer, shared that zero trust is not just about technology.
“It’s a strategy on how to better protect your information,” he said. “Zero trust is all about people, process and technology.”
By maintaining strict access controls and default distrust for users, the zero trust approach mitigates threats. Traditionally, zero trust techniques will include stringent identity verification for each individual, even if they’re already within the network’s perimeter.
This strategy addresses most of the common cybersecurity concerns organizations face today by simplifying their defenses, reducing the vulnerable landscape, securing each user access point and neutralizing adversarial tactics so that they are no longer valid.
Touhill explained zero trust as a single approach that scales to fit any location that the team is working in. Every cloud and device on the network are covered by this strategy to simplify cybersecurity so that even the most overworked IT workforce can defeat threats.
By creating a single-sign-on point with multi-factor authentication enabled, Friedrich said, each employee only has access to the information they’re supposed to see without having to navigate complex security measures. Zero trust strategies like single-sign-on help eliminate back door access that hackers often use to attack.
If these points about zero trust aren’t convincing, consider what happened to the Office of Personnel Management (OPM) in 2015. Hackers accessed a third-party contractor’s security network that led them to OPM’s database. Millions of personal records were compromised. According to Touhill, this could have been prevented if they had implemented a zero trust strategy to squash the back door access.
Cybersecurity is a constant battle. IT professionals have to get it right every time or else risk facing detrimental consequences from hackers. Human error and outdated technology make maintaining a secure network increasingly difficult, but new methods such as zero trust can be implemented with ease to help your team defend against attacks.
If you want to attend sessions like this one at future virtual summits, pre-register today!
Great recap Katie! I really enjoyed this session and learning more about zero trust solutions.