The ‘New Normal’ Marks the Best Time to Implement Zero Trust Security

Who can be trusted in a global pandemic? The safe answer is no one.

A dramatic culture change has altered the way nearly everyone on the planet is working, as nations seek to institute social distancing policies and massive organizations look to implement remote-friendly environments. Government employees and contractors are now logging into systems and accessing sensitive data from personal devices. As such, a critical question has arisen: are all endpoints secure to mitigate these new access patterns?

Adversaries around the world are keenly aware of these challenges and are already acting to take advantage of the strain. Further, we have determined with high confidence that phishing campaigns will likely make use of lures aligned with health guidance, containment and infection-rate news.

Government agencies face a surge of threats perpetrated against an unplanned remote workforce. It’s a “new normal” that could last for months or even until 2021 and requires swift action. Previously, many in the public sector might have believed that the idea of implementing “zero trust authority” was simply a new buzz phrase to be implemented sometime in the future, but with a changing cyber landscape, implementation should be an immediate priority.

Since 2018, the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence have been working closely with the Federal Chief Information Officer Council and other federal agencies to address the need for Zero Trust Architectures. Events, such as the Zero Trust Architecture Technical Exchange Meeting, hosted by these organizations with the purpose of bringing together industry and government to discuss Zero Trust, are imperative to the acceptance and adoption of the model throughout the federal space.

Due in part to these events and actions taken by organizations such as NIST, an increasing number of government agencies have begun to adopt the Zero Trust security model in an effort to better protect their sensitive networks and move away from outdated processes. I expect — and hope — to see increased adoption in this critical time our government’s data are as vulnerable as ever.


Read more at: Fifth Domain