Get your copy of Security Service Edge (SSE) for Dummies. Get the eBook

Blog Secure Access Service Edge Redefining Challenges for Zero Trust in the Federal Space
Jan 04 2022

Redefining Challenges for Zero Trust in the Federal Space

President Biden’s Executive Order 14028 to improve the nation’s cybersecurity and protect federal government networks, was released more than half a year ago. At the time, one of the most exciting aspects about it was the multiple uses of the term “zero trust,” as Netskope discussed in a blog at the time. However, it’s clear that federal agencies are still working out the specifics of how to actually approach implementing zero trust.

In a recent NextGov article, Mark Mitchell, Principal at PJ Cook LLC,  laid out some of the specific challenges to zero trust adoption and implementation that federal agencies should anticipate, all based on his personal experience and hard-earned lessons in the field. 

Some of the key challenges he lays out include the vulnerabilities that come from using legacy technology, the issues with tooling, and how quickly requirements can become irrelevant. So much of the technology the government has been relying on for years simply wasn’t built with a zero trust approach in mind, and that the shift to a robust mature zero trust architecture won’t just require a technological shift, but a shift in mindset as well. 

If government agencies are still thinking about their security as a “traditional perimeter” in a world that has transcended the perimeter, that means implementing a zero trust approach quickly is beyond unrealistic. Implementing a mature zero trust approach, especially for large government organizations is going to take time.

Putting the time into properly implementing a zero trust architecture also means being able to evaluate a given agency’s overall compliance with zero trust principles – and that requires being context-aware. As Mitchell points out, a zero trust solution needs to be both “cloud-smart” and “data-centric” to enable agencies with all of the necessary information to think quickly and make educated security decisions. In a similar vein, a recent white paper about zero trust and secure access service edge (SASE) points out that “context should be continuously evaluated” and “alterations to the context can result in an increase or decrease) in the level of trust,” ultimately altering the type of access to a given resource.

Regardless of how long it takes to implement, Mitchell is emphatic about one thing: Participation is not optional. The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) have already started to draft guidance documents to help move federal agencies toward zero trust. While there isn’t going to be a one-size-fits-all solution, movement in this direction shows that the federal government is on its way to a zero trust-enabled future.

If you’d like to read more from Mark Mitchell on his recommendations for this government zero trust adoption, you can read his article here. And if you’d like to learn more about how Netskope is driving cloud-smart and data-centric zero trust network access, please connect with me on LinkedIn to continue the conversation and check out the Blueprint for Zero Trust in a SASE Architecture white paper.

author image
About the author
Leading Netskope’s Public Sector Marketing Team, Colby Proffitt is a cybersecurity strategist with more than a decade of experience supporting various federal agencies including the Department of Defense (DoD), the United States Agency for International Development (USAID), the Department of State (DoS), and the United States Patent and Trademark Office (USPTO). Colby’s work as a strategist, researcher, and media maven has been featured in publications including Bloomberg, United States Cybersecurity Magazine, NextGov, FCW, Homeland Security Today, GCN, Federal News Radio, SIGNAL Magazine, and Federal Times, among others.
Leading Netskope’s Public Sector Marketing Team, Colby Proffitt is a cybersecurity strategist with more than a decade of experience supporting various federal agencies including the Department of Defense (DoD), the United States Agency for International Development (USAID), the Department of State (DoS), and the United States Patent and Trademark Office…