Zero Trust Cyber Exchange: Zscaler
Make sure that everyone across teams is hearing that same information of what benefits zero trust brings to an agency.
Danny Connelly
CISO, Americas and public sector, Zscaler
What are the potential pitfalls as agencies tackle mandates to establish zero trust architectures? During the Zero Trust Exchange, Zscaler’s Danny Connelly offers...
Make sure that everyone across teams is hearing that same information of what benefits zero trust brings to an agency.
CISO, Americas and public sector, Zscaler
A well thought-out strategy is a critical first step to making zero trust a reality at any agency, considering the investments needed to get any organization moving in the right direction.
The ability to plan and implement a zero trust solution is a significant technical and financial undertaking for agencies, Danny Connelly, chief information security officer for Americas and public sector at Zscaler, said during Federal News Network’s Zero Trust Cyber Exchange.
Connelly should know. Before Zscaler, he was CISO for operations at the Centers of Disease Control and Prevention.
As part of planning, Connelly said agencies need to determine whether they have enough funding to purchase and maintain the necessary zero trust tools and resources.
“Modern cybersecurity solutions really require significant investment, in addition to what’s running currently or what agencies are supporting today,” he said.
Agencies must also ensure that in the transition to zero trust, they’re not inadvertently creating gaps in their security posture that create an opportunity for a major breach. “It’s not sustainable to implement the security solutions that we’ve all been using over the last 10 to 12 years,” Connelly said.
The shift to zero trust also requires agencies to stay on top of the culture change, and ensure that all organizations within the agency are making cybersecurity a top priority.
“Shifting to zero trust requires a new approach, a new mindset. And it’s not just one team’s responsibility anymore. The application team, the networking team, the security teams, they really all have to be in line and work together well to truly embrace the new environments that a zero-trust solution provides,” Connelly said.
Part of the culture challenge includes breaking down silos between different agency operations — for example, incident response teams sharing information with the applications teams.
“Have your incident response, your threat-hunting teams and your forensic teams share information on what they’re actually seeing on your network today. What threats are actually on your network?” Connelly said. “Because sometimes applications and network teams don’t get a security-focused project. But once you show them, ‘Hey, this actually happened,’ not ‘This might happen,’ it helps alleviate that roadblock.”
Agencies unsure of how to take their first steps implementing zero trust also have support from other elements of the federal government.
Connelly recommended that agencies just getting started with their zero trust strategies seek assistance from the Cybersecurity and Infrastructure Security Agency. “They are great and willing to help you not only interpret or get a direction with your zero trust strategy, but they’re there to help. That’s a significant benefit,” he said.
While addressing culture change must be a major part of a zero trust strategy, leveraging modern cybersecurity solutions also can help agencies achieve zero trust quickly, Connelly said.
He said Zscaler offers solutions that let organizations get to a zero trust–like state by connecting users to applications instead of the network.
While connecting users to their applications wherever they are, Zscaler can keep the application hidden from the internet to reduce attacks by malicious actors, Connelly said.
“I’ve experienced many failed attempts at securing cloud over the years, and we certainly make it easier by not having that cloud service provider front door open to attackers.”
To listen to and watch all the sessions from the 2022 Federal News Network Zero Trust Cyber Exchange, go to the event page.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Jory Heckman is a reporter at Federal News Network covering U.S. Postal Service, IRS, big data and technology issues.
Follow @jheckmanWFED
Chief Information Security Officer, Americas and Public Sector, Zscaler
Chief Information Security Officer, Americas and Public Sector, Zscaler
Danny has 20 years of cybersecurity experience split between offensive computing as an ethical hacker and defending some of our most important networks. As a highly regarded thought leader and trusted cybersecurity advisor, Danny has provided guidance and formulated strategies to combat emerging threats for various agencies across the federal government.
Prior to joining Zscaler, Danny was the Associate CISO, Operations Branch Chief for the Centers for Disease Control and Prevention (CDC). During his 11 year tenure at CDC, Danny was responsible for implementing operational capabilities to support incident response, forensics, cyber threat intel and insider threat functions. He has designed, implemented, and optimized enterprise cyber security capabilities to effectively detect, prevent and respond to emerging cybersecurity threats.