When implementing a successful zero trust architecture, Federal CIOs and CIOs are encouraging agencies to look to modernization and consider zero trust as an “integration architecture”.
Steven Hernandez, CISO and director of information assurance services at the Department of Education, said the pursuit of modernization is one of the main reasons he thinks the Technology Modernization Fund (TMF) recently awarded its agency $ 20 million to create and implement a Zero Trust Architecture (ZTA).
“The ideas around modernization and transformation in this space, especially when it comes to cybersecurity, have never been more poignant to us than they are now,” Hernandez said at a chapter event. AFCEA Bethesda October 13. “I think this is one of the reasons our TMF proposal was brought forward and we talked about ZTA in modernizing, advancing and delivering better cybersecurity, better visibility of risks, throughout our department.
Gerald J. Caron, CIO and Assistant Inspector General of Information Technology at the Department of Health and Human Services, Office of Inspector General, agreed with Hernandez that zero trust architectures can modernize an agency, but has also reminded the public that zero trust requires a big integration effort.
If zero trust is not fully integrated with other aspects of an agency’s IT operations, Caron said agencies will be very limited in their zero trust efforts as well as their visibility of risk across the organization. agency.
“It’s an architecture, it’s an integration effort. It’s not going to buy the tool off the shelf, plug it in, I’m done, have a good day without confidence. It’s really an integration effort, ”said Caron. “The real thing that I think about without confidence and that I insist on all the time when talking about it is an effort of integration. “
Amber Simco, Assistant CISO at the National Institutes of Health (NIH) agreed with Caron that integration is key to reaping the benefits of zero trust.
“When we start talking about tools to deal with this, we can very easily fall into shiny object syndrome and get sidetracked by it all,” Simco said. “And we can also end up investing a lot of hope that once we have this tool, everything will be fine. And it’s really a false sense of comfort that some of these tools can give us. So it takes a lot of attention and time to make sure we get what we need. “
Although Caron and Simco emphasized that zero trust requires attention and integration, Hernandez reminded the audience that zero trust will make life a lot easier for the user once it is integrated.
“One of the coolest things about zero trust is that if we do it right the actual user will be less heavy, and that seems odd given some of the comments we’ve made about… wow, l user is going to be really busy re-authenticating himself. all the time ”, and the answer is no. No they are not. And part of the beauty is that it’s all automated.