Companies and governments have been harmed by delaying fundamental cybersecurity updates necessary to protect against increasingly sophisticated attacks.
The Executive Order
In response to the threat landscape, President Joe Biden has issued an executive directive on improving cybersecurity in the country, specifically Zero Trust security architecture.
The administration addressed the private sector in a White House memo following the order. It asked them to invest in cybersecurity and segment their networks. This is the first step towards Zero Trust security.
Biden’s order, and the memo that followed, highlight the importance of government agencies and businesses moving quickly to a Zero Trust architecture.
The Private Sector
What does this all mean for professionals in the private sector? Managers, business leaders, and department heads are all required to change the way they view security and support their employees.
Zero Trust is not just a new set or procedures. Zero Trust is a new way to protect your business.
A Zero Trust security framework is based on the concepts of “never believe, never verify” and “assume weakness.” Only trusted traffic, processes and users can be trusted with a Zero Trust framework. It recognizes that security threats can originate within an organization and does not leave anything to chance.
We will tell you the story of one man.
From 2015 to 2017, I was the third U.S. federal CIO. My first project was to lead the federal government’s response to the Office of Personnel Management hacking. This attack exposed the security clearance history of approximately 21.5 million government employees and exposed the weaknesses in existing cybersecurity models.
These breaches led to the CybersecurityNational Action Plan which sought to improve cybersecurity in federal agencies as well as within every American’s digital life.
As the CIO of Microsoft, Disney and other companies in cybersecurity, I witnessed that cyber threats were becoming more severe and widespread. I realized that perimeter-based security was going to continue failing and that the best long-term strategy was to implement a Zero Trust framework.
What’s stopping companies from implementing Zero Trust in their businesses?
The challenges range from the psychological to the material.
Many business leaders and team leaders worry about the danger of moving too quickly into unknown territory. Some might wonder, “How can I change to an entirely new framework without breaking anything?”
Another common problem is the belief that adopting a Zero Trust framework will overload teams and is too difficult. Another obstacle is a lack of skills, time and budget or managerial commitment.
It’s Worth Every Effort
Companies are coming to terms with the inevitable threat of revenue and reputations. They recognize that a Zero Trust security position is far more important than the implementation challenges.
Modernized Zero Trust technology, cloud-based
Today’s cloud-based Zero Trust technology simplifies the path to Zero Trust. It uses powerful automation and machine learning and integrates with existing security tools.
Biden’s executive orders put cybersecurity at the forefront of the public sector, and the White House encourages the private sector follow suit. Companies should consider the order as a guideline for industry-wide cybersecurity standards moving forward. These three steps will help organizations make Zero Trust implementation easier.
1. First, focus on education for the entire organization
An institution’s entire staff must be educated on Zero Trust implementation.
It is important to educate employees in order to change mindsets and gain buy-in. Everyone must also understand that Zero Trust is not just an IT department exercise. It requires participation from all levels of the organization in order to establish and maintain business processes that verify identities, protect devices, secure data, networks and infrastructures.
Leaders at both the top and management levels are key to education. The company leaders must set the stage for the implementation by setting a goal for every employee to understand the Zero Trust model, its importance, and how it can be used to secure the company and its assets.
Managers and department heads are able to help employees learn and communicate more effectively. Employees might be familiar with basic implementation features like single sign-on or multifactor authentication.
Employees must know that their jobs won’t be made impossible by the company’s improved cybersecurity workflows. Managers can explain to employees how Zero Trust architecture will impact their work, and then reiterate the benefits.
2. Create the Zero Trust muscle
Learning, practicing, refining and improving is the only way to do anything worth doing. Zero Trust implementation doesn’t happen overnight. It takes time. Zero Trust is a security framework that will be evolving at a steady pace. It is not a sprint.
Start with a small area and then learn how to manage it.
SaaS platforms are a great way to get started on the path towards Zero Trust. They also simplify the work with AI and machine-learning that can make policy recommendations for your company. They also allow you to simulate your decisions, which reduces uncertainty and helps you scale faster.
It’s important to establish compliance standards early in the process (e.g. HIPAA PCI, GDPR) to ensure that your security posture is built with these regulations in mind.
As Zero Trust grows, I have found that many businesses are able to quickly scale Zero Trust implementation, particularly with today’s cloud-delivered platforms.
We were the most targeted organization globally when I was at Microsoft. We got quite good at it thanks to our years of experience in defending against attacks. We knew that we were not completely invulnerable so we began to explore what we could do to increase the safety margin.
Although we cannot guarantee that you will master this, it is a very effective and long-term strategy.
3. Be able to overcome the internal silos within your organization
It is not uncommon for teams to be experts in one function but little knowledge of others such as the end-user device administration.
Great implementations can break down barriers and improve posture across domains during the Zero Trust journey.
Every Zero Trust implementation that I’ve witnessed has been a “ha” moment of discovery in the company’s environment. This includes undetected traffic from outside, outdated interfaces within the company, misrouted traffic, and internal interfaces they didn’t know were still operating.
Let’s face facts: Intruders aren’t subject to the same budget and governance constraints as regular institutions. They are always looking for ways to penetrate your perimeter. You can stop the threat from doing more damage by embracing Zero Trust implementation. This will allow you to recover faster.
Your organization can be resilient to cyber threats with a Zero Trust framework, even if attackers are not discovered. Accept that hackers will find a way in, and implement a Zero Trust framework that “assumes breach” to stop ransomware from spreading.
Join us on social networks!