Rethinking cybersecurity: What your zero trust strategy is missing

Cyber breaches have become increasingly — and uncomfortably — commonplace, including those impacting the federal government. With public safety and federal agencies at risk, President Biden took new steps to improve the nation’s cybersecurity and protect federal government networks on May 12 by signing a cybersecurity-focused executive order. This order is the first time a policy has addressed the need for a revamped cybersecurity process across federal agencies.

The executive order provides clear recommendations and timeframes for public and private organizations to implement key technology and process improvements. A critical element of these recommendations is the emphasis on zero trust. The executive order’s initial timeline required all federal agencies to have a plan to adopt a zero-trust framework within 90 days.

But what does a holistic zero trust strategy look like?

Why zero trust matters

As a work-from-anywhere approach becomes more prevalent, there are more opportunities than ever for cybercriminals to gain access to organizations through personal networks, making a comprehensive zero trust strategy fundamental. Federal agency security teams must constantly verify the risk level to ensure that users can be trusted. If the user’s risk level is not continually reverified, an attacker who was able to gain access can easily move around the agency’s networks laterally and likely undetected.

A comprehensive zero trust strategy must require a level of security that will address all potential access points, from the endpoint to the cloud. Many agencies think that MDM solutions are enough to ensure their endpoint security is covered, but these alone are not enough; zero trust must extend to mobile and beyond as well.

Building a complete zero trust architecture

For complete zero trust architecture, agencies need comprehensive solutions that can close frequently overlooked gaps in standard zero trust approaches. This starts with a secure access service edge (SASE) platform. Any security application can stand on top of a SASE platform to provide the complete zero trust architecture agencies need.

SASE is a category of cloud security that enforces security policies in a manner tailored to identity, contextualizes and continually monitors and assesses risk, and most importantly, extends protections to cloud-based apps. As a result, SASE secures access to an organization’s cloud network regardless of the location of the devices requesting access. SASE brings together crucial cloud-based security technologies, including cloud access security broker (CASB) and zero trust network access (ZTNA).

Within SASE, CASB performs the necessary function of critical monitoring of cloud-based apps, including apps communication, risks and anomalies like abnormal behavior or privilege changes. Changes in cloud environments often happen in real-time, so it’s essential that monitoring for abnormalities follow the same timeline.

Also under the SASE umbrella, ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet. These technologies form the baseline of a successful zero trust strategy. But what’s even more important is how they allow applications to layer on top.

Layering security applications on top of the platform means an agency’s zero trust strategy will extend comprehensively from endpoint to cloud. This includes solutions like antivirus and anti-malware (AVAM) that can discover viruses and malware as they’re being downloaded to a device. It also encompasses solutions like enterprise digital rights management (EDRM), data loss prevention (DLP) and many others that can be consistently added and applied across the network.

EDRM, for example, encrypts files to enforce access policies. When agencies can capture the sensitive data being transferred and set dynamic rules for user access based on contextual information such as the recipient’s identity, location and device posture, the SASE platform can ensure this includes all cloud apps.

The executive order is a reminder of the inherent need for the public and private sector to rethink cybersecurity. It’s time for agencies to understand and take actionable steps to implement zero trust to safeguard against modern cyber-attacks as well as comply with new regulations. This means thinking about security more broadly and holistically. To successfully deploy zero trust and secure mission-critical data, agencies need an integrated security platform that covers everything from the endpoint to the cloud.

Tony D’Angelo is vice president for public sector North America at Lookout.

Comments