Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Date: On Demand
Duration: 1 hour
Cost: No Fee
Two things have become abundantly clear over the few years. The first is zero trust is more than a buzzword as more and more public and private sector organizations move toward this mindset. Second, identity and access management is not only back in vogue, but it’s a key foundational piece to moving toward the end goal of a zero trust environment.
Agencies have been trying to...
Date: On Demand
Duration: 1 hour
Cost: No Fee
Two things have become abundantly clear over the few years. The first is zero trust is more than a buzzword as more and more public and private sector organizations move toward this mindset. Second, identity and access management is not only back in vogue, but it’s a key foundational piece to moving toward the end goal of a zero trust environment.
Agencies have been trying to tighten up identity and access management (IDAM) for the better part of 15 years. Departments made significant progress after the breach suffered by the Office of Personnel Management in 2015. But it wasn’t until the pandemic did the value and need for more advanced IDAM capabilities become more obvious.
It’s clear that agencies need to rethink their approach to identity and access management as part of their IT modernization strategy. The role-based, least privileged and just-in-time access is the future for many organizations as applications and workloads move to the cloud and work in more of a DevSecOps ecosystem.
Their goal will be to bring all of new and existing technologies together to ensure the citizen or employees’ experience is secure and effortless.
James Saunders, the senior advisor for cybersecurity at the Office of Personnel Management, said the move to zero trust actually begins with their move to the cloud.
“We’re now heavily leveraging the cloud, with the Cybersecurity and Infrastructure Security Agency’s draft zero trust maturity model and OMB’s draft memo. We are using that to actually draft our zero trust strategy and what we’re doing for each of the pillars identified in the maturity model: data, identity, device, network and application,” Saunders said during the panel discussion What role does identity play in zero trust? “We have a set of projects that help us move toward that optimum maturity model set forth by CISA. For example with data, one of the things that it call us for is to have a data inventory and a data classification scheme. So we are partnering with our privacy team and our chief data officer team to figure out what solution, what processes and what people we will need to bring in to really help us accelerate and address that particular one pillar. Those same conversations are happening across all the zero trust pillars through our zero trust governance team.”
The OPM mission owners also are part of the zero trust governance teams to represent their needs and requirements as they modernize.
Dorothy Aronson, the chief information officer at the National Science Foundation, said at her agency, zero trust underpins a host of other efforts around improve customer experience, modernizing the infrastructure and converging disparate and older systems.
“We don’t talk necessarily about zero trust, but we’ll talk about something that might impact them, for example, two-factor authentication is going to be required from here on. Our customers aren’t interested in necessarily whether there’s an OMB mandate to do that or not, they just want to do their work. We have been integrating the zero trust approach as we modernize everything else, it’s all one single integrated approach,” she said. “With zero trust, what we’re doing is really liberating. It’s the opposite of zero trust in my mind, which means there is no longer a central data center, there is no longer a single wall protecting everything. It’s rather you tell us who you are, and we give you what you need. So you can move outside of this small town, you can be wherever you want to be, as long as we know for sure who you are, that’s where this identity piece is absolutely critical.”
Kelvin Brewer, the senior manager for public sector presales at ForgeRock, said OPM, NSF and so many public sector agencies are considering they can change their foundational framework to truly create a security perimeter.
“What we’re all trying to do with zero trust is we’re trying to standardize how we address the trust but verify model, and bring in some of the newer technologies and around identity, which is really now the new security perimeter,” he said. “It’s not a tall wall. It’s a pretty short wall, and it’s about the individual per person. But it’s still that identity is the new security perimeter. That’s where a lot of the groups that we’re working with are looking first at how do we truly create a security perimeter out of our identities. That’s the steps that seem to be the first effort in accomplishing zero trust out of all the pillars.”
Brewer said while each organization is taking a different approach to implement zero trust concepts, there are some similarities like simplifying their architectures and creating a seamless integration among applications.
Tim Li, the cyber strategy leader for the government and public services practice at Deloitte, said agencies need to understand their zero trust uses cases as they create their roadmaps.
“Identity continues to stress new use cases. The pandemic drove digital transformation efforts and new citizen services. I look at citizens and the interaction of citizens with government and how that has changed operating ecosystems, I think that is something to think about as some of the news cases across the board,” Li said. “Some of these things didn’t exist in terms of interactions that we had before. Some of the ecosystems that we have today as well didn’t exist before, as I think about extended supply chains and some of the third party relationships all have evolved, which has necessitated us to rethink some of what these use cases might look like.”
Learning objectives:
This program is sponsored by
Complimentary Registration
Please register using the form on this page or call (202) 895-5023.
By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.
Chief Information Officer, National Science Foundation
Senior Advisor, Cybersecurity, Office of Personnel Management
Cyber Strategy Leader, Government and Public Services Practice, Deloitte
Senior Manager, Public Sector Presales, ForgeRock
Chief Information Officer, National Science Foundation
Ms. Aronson serves as the Chief Information Officer and Chief Data Officer for the National Science Foundation. As an innovative and gifted creative thinker, strategist, and artist, Ms. Aronson is highly skilled at linking mission and strategy to IT and Data tools, which enables the Foundation to manage the full lifecycle of proposals and awards. She acts as the executive thought leader defining NSF's data strategy and roadmap. Ms. Aronson also serves as NSF's Senior Agency Official for Privacy, the senior executive with agency-wide responsibility and accountability for the Foundation's privacy program. Ms. Aronson has a strong interest in innovating for the workforce of the future through technology and serves as a Chair of the CIO Council's Workforce Committee. Ms. Aronson is currently focused on improving data literacy throughout the government and serves as the Federal Sponsor for the Federal-wide data science and analytics training pilot.
Ms. Aronson was recognized as one of FedScoop’s Best Bosses in Federal IT in 2019 and 2020, Top Women in Technology for 2018, and, was recognized in 2013 as one of the FCW Fed 100 for her mastery of innovation and for her ability to effectively engage her staff around a common vision for cutting-edge IT in support of NSF-funded cutting-edge research. Prior to her time at NSF, Ms. Aronson served as the Director for the Office of Management Operations for the Defense Advanced Research Project Agency. She holds a Business degree from Duke University and is committed to lifelong learning.
Senior Advisor, Cybersecurity, Office of Personnel Management
Serves OPM as OCIO Senior Advisor for Cybersecurity with a specific focus on Cloud Security and Zero Trust Adoption. Prior to joining OPM, James served as CISO and Information Security Director for the Small Business Administration (SBA). James participates in inter-agency and public-private partnerships to help advance the government’s cybersecurity resiliency and capabilities.
Cyber Strategy Leader, Government and Public Services Practice, Deloitte
Tim, a principal at Deloitte & Touche LLP, is the Government & Public Services industry Strategic Growth Offering leader for Cyber. In this role, he is leading growth initiatives for the firm’s Cyber solutions and capabilities for Federal Government, State and Local Government, and Higher Education clients.
Tim has more than 20 years of experience in cyber across both the public and private sector, helping to drive the strategy, implementation and operation of comprehensive cyber and risk management programs. He specializes in collaborating with clients to help them solve their most complex enterprise-wide or mission-specific cyber challenges. His key focus areas include cyber strategy, data protection, cloud security, digital identity, cyber operations, and regulatory compliance.
Senior Manager, Public Sector Presales, ForgeRock
Kelvin Brewer is a senior-level information security leader with over fifteen years of experience managing the complete software development life cycle. He is a recognized subject matter expert in Identity, Access, and Privilege Management. As a veteran sales engineer he focuses on business-oriented solution selling and translating business needs into technical use cases. Kelvin leads a team of Public Sector Sales Engineers and works directly with customers at both federal and state levels to deliver demos, briefings, workshops and software proof of concepts for the ForgeRock Identity Platform.