What to Know About the Pentagon’s New Push for Zero Trust

The Department of Defense is taking cybersecurity to the next level. And we are helping organizations of all kinds do the same. explain.

But first, let’s review this Zero Trust business.

What is Zero Trust?

Zero Trust is the most important cybersecurity mindset of our generation. But “Zero Trust” is a bit of a misnomer in itself.

It’s not about whether a person or device is trusted. It means no longer using trust or distrust as a test of access. Perimeter security in the past assumed that anyone behind the firewall was an authorized user with an authorized device. A zero trust model does not grant privileges to users inside the firewall, but applications, API data, servers, etc. unless they can authenticate themselves with the device every time they connect via dynamic policies that use multi-faceted contexts. does not allow each user access to the by default. data.

Zero Trust requires a strong identity and access management system that minimizes effort and inconvenience on your part. Networks should be micro-segmented into smaller zones to contain malicious actors compromising the network. And finally, implementing Zero Trust is a journey, not a destination, requiring real-time monitoring and threat detection (preferably AI-based) to identify and respond to potential security threats. This may include using security analysis tools, machine learning algorithms and other technologies to identify and respond to potential threats in real time.

Many people contextualize Zero Trust as a business enterprise architecture. But the Pentagon’s plans are very interesting.

Department of Defense Guidelines and Recommendations

The U.S. Department of Defense (DoD) recently rolled out a Zero Trust Strategy and Roadmap that guides future cybersecurity investments by the U.S. military and partners over the next five years. Simply put, this initiative calls for full adoption of Zero Trust for perimeter security.

The DoD’s new cybersecurity concept specifies 45 functions. Twenty of them are related to the Continuous Diagnosis and Mitigation (CDM) program run by the Cybersecurity and Infrastructure Security Agency (CISA), which consists of seven pillars. The pillars are users, devices, networks and environments, applications and workloads, data, visibility and analytics, automation and orchestration.

The roadmap does not specify any products, solutions or vendors. The selection of that part is left to the agency or military service. Details of the interagency coordination required for the world’s largest unified military organization are yet to be determined.

Only certain agencies are required to maintain what the Pentagon calls an “advanced” level of cybersecurity. Agencies such as intelligence agencies and special weapons systems.

Importantly, the Department of Defense accompanied the strategy with an implementation roadmap designed to provide clear, concrete steps.

The Department of Defense is also working on a zero trust roadmap for both “commercial cloud” and “private cloud” that will enable faster implementation of zero trust.

The Department of Defense will likely test a new security approach with a major U.S. cloud provider.

The four pillars of Zero Trust adoption

The Department of Defense has identified four strategic goals for achieving the Zero Trust timeline.

1. Cultural adaptation

The Department of Defense intends to make Zero Trust training and education mandatory for literally every employee. It focuses not only on knowledge, but also on architecture and method support.

2. CYBER SECURITY SOFTWARE, HARDWARE, SYSTEMS AND SERVICES

The purpose of this part is to implement Zero Trust practices and infrastructure across all systems, old and new. Departments of Defense should begin deploying Zero Trust systems by the end of 2023.

3. Technology acceleration

This strategic goal is simple. It’s about never falling behind again. The intention is to stay ahead of industry advancements, or at least keep up with them.

4. Activate

Complementing its goals of staying ahead of trends in training, infrastructure, and security technology, the Pentagon also intends to align on policies, processes, and funding. Departments must submit their Zero Trust Execution Plans by late 2023.

How DoD’s Use of Zero Trust Protects Critical Resources

In some ways, the Pentagon is like any other company. Employees work together for common purposes, such as communication, moving documents, deploying software, and provisioning hardware. But in other areas, especially the cybersecurity requirements behind weapons, things are quite different from those of the private sector. Weapon systems cannot and must not be compromised.

Private companies manufacture all these high-tech weapon systems. As such, the highest level of security must be deployed at manufacturing, supply chain, transport, deployment and ongoing levels.

This level of security is only possible with complete comprehensiveness. Consider the example of physical infrastructure that must be maintained, protected, and moved by people working and traveling in the field, rather than by white-collar office workers. These people are just those who need training in Zero Trust his security, along with infrastructure, procedures, policies, and everything else. Everyone involved with critical physical infrastructure must maintain security knowledge.

Another key element of the DoD’s plan is the envisioned radically modernized cloud environment that the US Army has already implemented. Its military has already migrated over 100 key applications to the cloud, leveraging Zero Trust security principles.

The Department of Defense Zero Trust Strategy, Roadmap, and Plans are arguably invaluable beyond just providing implementation guidelines and examples. But it also drives expertise and new markets for developing next-generation tools to implement Zero Trust.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *