In the age of remote working, coupled with a mobile-first approach to application development, an organization’s network perimeter consists of user end points. That makes securing end points an important part of the organization’s cybersecurity strategy.
Prompted by the recent White House executive order on cybersecurity, federal agencies are accelerating adoption of zero trust architectures, and they’re including end points in that effort.
In the age of remote working, coupled with a mobile-first approach to application development, an organization’s network perimeter consists of user end points. That makes securing end points an important part of the organization’s cybersecurity strategy.
Prompted by the recent White House executive order on cybersecurity, federal agencies are accelerating adoption of zero trust architectures, and they’re including end points in that effort.
In a webinar convened by Federal News Network and Tanium, Nick Ward, the chief information security officer (CISO) at the Justice Department, summed it up.
“The executive order for cybersecurity has really driven us towards zero trust framework,” Ward said. “We have certainly embraced that idea. It’s actually a very good framework for this hybrid type environment, because it helps us look at devices and device security, with without regard to how that network operates.”
In the new normal “we have to be ready for 100% telework at any time,” added Gerald Caron III, the chief information officer of the Office of Inspector General at the Health and Human Services Department. Caron said that the zero trust approach must operate so as not to degrade performance or the user experience. He said modernizing user-to-cloud connections away from virtual private networks will mitigate latencies caused by VPN traffic routed from the data center back out to the cloud – the so-called boomerang or hairpinning effect.
For the U.S. Patent and Trademark Office, that means use of the security access service edge model. “It does support zero trust network access for secure remote access by distributing secure configurations to all devices, whether mobile or other devices within our infrastructure,” said CISO Don Watson.
App vetting, on-device containers, encryption, geo-IP address resolution, and user anomaly detection are among the other techniques panelists said they are using for keeping end points secure.
Matthew Marsden, the vice president and technical account manager for federal at Tanium, said that given the variety of end points and local access networks, agencies need to establish a policy framework for managing endpoints individually.
“A person that’s working from a local coffee shop and connecting to [agency] services through a government issued and managed device is a very different risk decision than somebody connecting through their phone on their home network, or maybe their phone from a corporate WiFi,” Marsden said. He added, “There’s so many decisions that need to be made in real time in order to not hinder user performance or in order to maintain productivity for the workforce. So as we bring new and different devices online, being able to quickly assess those devices and push individual policies that are situational is going to be critical.”
Learning objectives:
Supporting the hybrid workforce
Best practices for endpoint security
Infrastructure and securing devices
Complimentary Registration
Please register using the form on this page or call (202) 895-5023.
This program is sponsored by
How to access the content: Please note, you may need to re-enter your registration information if you previously registered for this webinar and returned to page after clearing your cookies or using a private browser.
By providing your contact information to us, you agree: (i) to receive promotional and/or news alerts via email from Federal News Network and our third party partners, (ii) that we may share your information with our third party partners who provide products and services that may be of interest to you and (iii) that you are not located within the European Economic Area.
Panel of experts
Nick Ward
Chief Information Security Officer, Department of Justice
Gerald J. Caron III
Chief Information Officer and Assistant Inspector General for Information Technology, Office of the Inspector General, Department of Health and Human Services
Don Watson
Chief Information Security Officer, U.S. Patent and Trademark Office
Vijay D’Souza
Director, Information Technology and Cybersecurity, U.S. Government Accountability Office
Chief Information Security Officer, Department of Justice
Gerald J. Caron III
Chief Information Officer and Assistant Inspector General for Information Technology, Office of the Inspector General, Department of Health and Human Services
Mr. Caron is a member of the Senior Executive Service (SES) and is Chief Information Officer (CIO) / Assistant Inspector General of Information Technology (AIG/IT) for the Office of the Inspector General (OIG) at the Department of Health and Human Services (HHS) as of May 2021.
Previously he has served as the Director of Enterprise Network Management (ENM) within the Directorate of Operations in the Bureau of Information Resource Management (IRM) since June 2016.
Mr. Caron has over 24 years of information technology (IT) experience. He began his career in the US Army working in hands-on technical positions serving for 7 years as a Programmer and Administrator. Mr. Caron then spent 2 years as a contractor with the federal government, where he acquired more refined technical skills and a more detailed understanding of IT operations. He joined the federal government at the Department of State (DOS) in 2003 as a Systems Administrator. He has held multiple positions at the DOS, moving from managing small technical groups leading up to Director for ENM.
One of his most significant accomplishments was acting as the technical liaison during a major cyber security event at the Department. His leadership allowed the Department to resolve the incident as quickly and effectively as possible with minimal impact to the mission.
As the Director of ENM, Mr. Caron was personally responsible for the leadership of the largest office within the IRM bureau. This included managing the financial portfolio of over $200 million and prioritization of work across a wide range of disciplines. In this role he was responsible for the network and authentication infrastructure for the Department, led the re-engineering of the Department’s primary Identity and Access Management solution, formed teams to address key security efforts needed to mitigate future potential cybersecurity attacks through collaborative efforts, led the redesign of the Department’s Active Directory significantly improving security and responsible for the engineering and management of all the Department’s global network infrastructure and perimeter security infrastructure.
Mr. Caron is a co-chair on the CIO’s Innovation Counsel for Zero Trust as well as co-chair for ATARC.org Zero Trust Working Group. He previously chaired ATARC.org Trusted Internet Connection (TIC) 3.0 Working Group which resulted in 8 vendor proof of concepts being delivered to government participants.
Mr. Caron received his associate degree (Magna Cum Laude) in Computer Information Systems, Network Administration from the Northern Virginia Community College. At the Department of State, he also has received training in Executive Potential Program from the USDA Graduate School in 2009 and Advanced Leadership Skills in 2014. He received his certification in May 2020 as a Forrester Zero Trust - Strategist (ZTX-S) and received his Federal IT Security Manager Certification (FITSP-M) in 2017. Mr. Caron has received numerous individual awards for his exceptional service since 2004.
Don Watson
Chief Information Security Officer, U.S. Patent and Trademark Office
Vijay D’Souza
Director, Information Technology and Cybersecurity, U.S. Government Accountability Office
Vijay D'Souza is a Director in GAO’s Information Technology and Cybersecurity team. He oversees a diverse IT audit portfolio. Vijay leads multiple efforts to evaluate the performance of federal programs in the areas of cybersecurity and information technology. He leads the Center for Enhanced Cybersecurity, which provides technical support to GAO’s cybersecurity engagements. Previously Vijay led GAO’s efforts to enhance its data analytics capabilities. He has also led audits in areas such as improper payments and IT program management.
Vijay joined GAO in 2001. Vijay earned a master’s degree in business administration from the University of California-Berkeley and a bachelor of science degree in engineering from the University of Maryland, College Park.
Matthew Marsden, Vice President of Technical Account Management - Federal, is a career cyber professional with more than 24 years of experience working with the Federal government. He began his federal service in the United States Navy supporting submarine operations afloat and transitioned to Civil Service where he supported the DoD and Intelligence Community through various technical positions.
Tom Temin
Host, The Federal Drive, Federal News Network
Tom Temin has been the host of the Federal Drive since 2006 and has been reporting on technology markets for more than 30 years. Prior to joining Federal News Network, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.