Duration: 1 hour
Cost: 
No Fee

Technological devices are proliferating as citizens and the government embrace new products to make their lives and work easier. With the expansion of the internet of things, more and more devices are pairing to networks and providing never-before-seen data.

While the advances are helping government and companies work more efficiently, the explosion of devices can be hard to wrangle and create potential security risks.

“Asset management seems on the surface like a real simple thing,” said Tom Kennedy, vice president of Axonius Federal Systems during the strategy session IT Asset Management in the Era of Zero Trust, sponsored by Axonius. “But what we found is that the IT landscape has grown in complexity, so much over the over the last dozen years or so, that most of those tools now give you fragmented, incomplete views of the enterprise.”

Kennedy said the change in the IT landscape can be equated to a slow boil. The IT world went from a fairly homogenous environment to one that added mobile devices, cloud and software-as-a-service applications.

“It really has gone from a very simple to a very complex and diverse environment pretty rapidly in the last dozen or so years,” he said. “The good news is all your asset management is out there, right? It’s, just in silos and spread out and not coordinated.”

One area that the Defense Department and private industry are particularly concerned about with those silos it the emergence of gray IT and rogue devices.

Gray areas that are not properly watched over by enterprise systems and rogue devices are ones that are not recognized by systems, but show up on networks.

“If you think about most endpoint detection tools, they’re all agent based,” Kennedy said. “Those tools can tell you where your agent is installed, they can tell you all the devices that your agent is installed. But what about the devices that the agent is not installed on? Most government agencies have network access control systems, so they can tell you precisely all the devices that are on the network. But what about an unauthorized device that’s not on their network? If you think about the emergence of working from home and telework this has been exacerbated tremendously.”

Kennedy said these threats increase the need for a zero trust architecture within agencies. Zero trust architectures only allow needed permissions for devices, keeping most of them away from administrative access.

“People are government agencies are searching for ways to meet the Biden Administration’s requirement for zero trust,” Kennedy said. “There’s no one set way that you have to do zero trust. It’s just a methodology that you’re trying to try to build into your organizational policies. If you don’t have 100% confidence that you know exactly where all your devices are across your enterprise, then it’s kind of hard to get going with zero trust. Many of our clients are at the very early stages of zero trust. They’re looking at cyber asset management as a foundational step to get a firm grasp on our state data and the device records out there. Then we can launch into identity management and other factors within zero trust.”

Kennedy said it’s important for organizations to get a grasp on their master device records first and then move to building out their architecture.

Learning objectives:

  • Thunderdome overview
  • SOAR overview
  • The evolution of the IT landscape
  • Zero trust
  • Industry analysis

Complimentary registration
Please register using the form on this page or call (202) 895-5023.

Speakers

Steve Wallace

Chief Technology Officer, Defense Information Systems Agency

Tom Kennedy

Vice President, Axonius Federal Systems

Scott Maucione

Defense Reporter, Federal News Network

Sponsors

By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.