Why the New Executive Order will result in wider rollout of Zero Trust Adoption
The zero trust model exists because of the volume and diversity of cyberthreats on the global landscape. Zero trust is a set of coordinated system management practices plus design principles for modern IT systems.
The Biden administration’s executive order on Improving the Nation’s Cybersecurity names zero trust as an essential component in hardening federal agencies against internal and external threats to national security.
Here’s why this move should prove consequential in the wider rollout of zero trust infrastructure.
What Is Zero Trust, and Why Now?
Zero trust recognizes the threat of both internal and external actors when policing network boundaries and protecting IP. Its central goal is eliminating weak links in threat surfaces.
Zero trust involves continuous, real-time, multisource identity verification. True zero trust architecture provides access to critical software and hardware, but only the functions each individual requires to do their jobs. Assuming a data breach is inevitable ensures bad actors can do only limited damage should the worst-case scenario occur.
The Biden administration’s executive order, issued on May 12, 2021, gives federal agencies 60 days to implement zero-trust system management protocols.
How and Where Is Zero Trust Gaining Momentum?
This executive order is the shot in arm zero trust needed to gain a greater foothold. It uses clear language to make the case for more robust network security and lays out practical steps to take. Here’s why it’s important in the greater world of cybersecurity.
Laying Out the Steps
One of the most important ways this order has influence lies in its clear messaging about the steps organizations should take to adopt zero trust. The essential components of zero trust:
It instructs agencies to create a step-by-step migration plan and implementation schedule. The Biden administration sets a good example to follow by identifying the most important preliminary step in adopting technologies.
Naming Vulnerable Systems
The administration’s order is also explicit about the types of services and platforms most urgently in need of zero trust. It names software as a service (SaaS), platforms as a service (PaaS) and infrastructure as a service (IaaS) as especially ripe for exploitation and modernization.
Government agencies have spent the last few years adopting more digital systems. However, recent news shows how vulnerable shared platforms, software and smart infrastructure can be. Health care was the most targeted sector in 2020, with more than 12% of all breaches. Other essential infrastructure looks ready to take its turn in the global spotlight, given recent attacks on meatpacking plants and pipelines.
The Anthem hack in 2015 was a reminder that some efforts at prevention come too late. Modern living requires close collaboration between the public and private sectors. The administration’s order is a reminder that critical data is privileged information.
ALSO READ | Zero Trust will be the New Normal
Addressing a Lack of Standards
The technology landscape is fragmented. Approaches to zero trust are similarly disjointed, with no clear security standard for governmental or industrial interests.
The administration’s executive order recognizes this cybersecurity shortcoming. It says the zero trust implementation plan federal agencies come up with must “incorporate … the migration steps that the National Institute of Standards and Technology (NIST) within the Department of Commerce has outlined … describe any such steps that have already been completed … and include a schedule to implement them.”
SP 800-207 is the latest update to the NIST zero trust standards. It provides models for deployment that should help organizations recognize opportunities within their own systems where zero trust would provide greater peace of mind.
Protecting the Public
Cybercrime and data breaches can be abstract until you attach a dollar figure. Cybercriminals steal more than $1.5 trillion every year, and there were 642 health care company breaches in 2020.
Public health dominated headlines last year, but the other pandemic was data theft. 2020 saw a tenfold spike in the severity of data breaches compared to 2019. Public and private coordination at the digital level is inevitable and essential for modern governance and preparedness. The Biden administration hopes federal-level precedent-setting will trickle into other sectors and set a robust standard to judge security readiness.
This EO recognizes the sacred trust placed in government. The self-serving reasons for pursuing zero trust involve corporate profits, but consumer or voter confidence is self-serving, too.
Leading by Example and Executive Order
A likely additional benefit of Biden’s order on zero trust is a rise in cybersecurity degree and certification applicants. Every industry on earth requires specialists who know how to keep critical systems secure.
In the meantime, federal agencies have a ticking clock and organizations of other types have a model to follow. Zero trust is an important part of modern cybersecurity, and this executive order underscores its importance.
Zero Trust strategy isn’t accomplished by deploying a single tool or platform, rather, the approach usually involves technologies from all these categories – device security, network security, workload security, identify and access management, visibility tools, and orchestration platforms.
Microsoft solutions have been at the forefront of ensuring Zero Trust security and SECUDE, a trusted Microsoft partner, automatically labels and protects any data exported out of SAP and CAD/PLM using Microsoft information Protection(MIP).
This blog was written by an independent guest blogger.
About the Author: Devin Partida
Devin Partida is cybersecurity and technology writer, as well as the Editor-in-Chief of the tech blog ReHack.com.
Comments are closed.