Why Government Agencies Should Adopt Zero Trust Security


Why Government Agencies Should Adopt Zero Trust Security
Zero Trust security is gaining traction with state and local government leaders, especially after President Biden’s May 2021 executive order to strengthen data protection in government agencies. So why should government IT officials embrace zero trust? We posed this question to Chris Hein, Customer Engineering Manager, Public Sector, Google Cloud.

How to define zero confidence? And what are its main components?
Zero trust is a concept that asks the question: How do attackers typically get into people’s systems? And once there, how do they damage it? Often times, an attacker enters an IT perimeter with a successful phishing attack. And, generally speaking, once they get through the castle walls, they have access to everything. Zero Trust says, “What if we assume the bad guy is already in the walls?” And then you start adding layers of security. Every step of the way, you perform a trust exercise to make sure that the person accessing a resource is who they say they are and that their device is not compromised.

Why is zero trust increasingly important to government agencies?
We have seen a huge increase in ransomware. Between 2019 and 2020, ransomware attacks increased 62% globally and 158% in North America, according to a 2021 report from cybersecurity firm SonicWall. It’s not only expensive, it can be dangerous. Some of these attacks brought agencies to their knees and disrupted essential voter services. Zero Trust gives you an easier way to deal with these threats. You don’t have to rearrange everything. You don’t have to start from scratch. You can make some common sense changes that can make you better protected and less vulnerable to the most common attacks.

What is one of the main hurdles government agencies face when implementing zero trust?
The budget will always be one. Often times, it’s hard to get leaders to understand why they should invest in something right now if everything is going well. But the cost of cyber insurance is skyrocketing. Cyber ​​insurance policies will become cheaper for organizations that implement the best security techniques and technologies. And organizations will pay more if they don’t.

The New York City Cyber ​​Command is moving towards zero trust. How do they illustrate the power of this approach?
They are the threat hunting arm of New York City. When they were created four years ago, they were looking for the best security methodology to implement. So they made sure that all of their tech components, as they built their tech stack, followed this assumption that an attacker was already inside the walls. At every step of the process and with every transaction, they didn’t assume that a user already in the system was trustworthy and entitled to be there. A practical impact of this is that when the pandemic struck and Cyber ​​Command had to send employees home, they did not instantiate VPNs or change the way they worked. The organization was ready because it was already operating in this zero trust environment.

How should government agencies embark on this path to zero trust?
People want to buy a Zero Trust widget. But zero trust is a methodology, not a tool. Start thinking about incremental improvements towards zero confidence. Managing change is important. You’re going to have to work with the staff and upgrade them. Make sure you explain to them why this is so important. Start to really take a look at your most sensitive systems and how you protect them. It is worth making changes today. Zero confidence is something you can take steps towards. And each step brings you to a more secure environment for employees and voters.

Comments are closed.