Trends in Zero Trust cybersecurity
From Government Matters
Steven Hernandez, chief information security officer at the Department of Education and Darren Death, vice president of information security and CISO at ASRC Federal, detail their work researching the implementation of zero trust strategies in government, and measuring their impact.
Zero Trust cybersecurity strategies are quickly becoming a must for organizations looking to be as secure as possible. A new report from ACT-IAC goes into how government can utilize zero trust systems. Steven Hernandez, Chief Information Security Officer, Department of Education, says that the conversation around trust is changing.
“Zero trust is not a technology, it’s not a solution you go buy off a shelf. It’s really a lifestyle, in many ways for an agency. It is really a strategy in the agency,” Hernandez said. “We started looking at zero trust at the network perspective. And our network community of interest was absolutely foundational in helping us get our arms around that. But quickly we discovered to do this right, it has to be bigger, and we have to start talking about architecture.”
Darren Death, Vice President of Information Security and CISO, ASRC Federal, says that their work is seeing results.
“One of the things that was very happy for us was that we saw that the report was referenced in NIST’s work 800207. We can see that we got some usefulness out of that report. Really what that report was set up to do was be a 10,000 foot view of, ‘This is what the zero trust area looks like; what the space looks like,’” Death said. “We are in the process of planning through a phase two of that project, where we’ll dive deeper and actually work at what the industry looks like, what the vendors are looking like, how are they map against things…”