Industry Perspective
3 First Steps Toward Adopting Zero Trust An interview with Michael Phetteplace, Director of Cybersecurity, Sterling
The Biden administration’s recent executive order
(EO) on cybersecurity has put zero trust security at the top of the agenda.
By directing federal agencies to develop plans for adopting zero trust security for network
architectures, the EO makes a strong case for why state and local agencies should follow suit.
“Zero trust security is about eliminating our bad habit of allowing implicit trust in our
systems,” said Michael Phetteplace, Director of
Cybersecurity at Sterling, an IT solutions provider. “In the past, everyone took for granted that
perimeters were secure and wouldn’t be breached. Now, everyone needs to understand that breaches
can improve IT systems’ overall security by dividing them into sections based on security needs. “Agencies need to take a fresh look at their
environments,” Phetteplace said. “Assets that don’t need to communicate with one another shouldn’t be granted the ability to do so.”
Network segmentation can also keep cybersecurity incidents from paralyzing agencies. Take data breaches. During security incidents, network
segmentation can keep cybercriminals from venturing deeper into agencies’ data.
3. Encrypt data Data encryption is the act of converting information
are inevitable and plan accordingly.”
into a format that, ideally, only authorized parties can
Phetteplace shared three important steps that can
information, such as Social Security numbers, about
help agencies start implementing the directive to adopt zero trust security:
1. Adopt multi-factor authentication Multifactor authentication (MFA) improves
the security of the user verification and login
process. The traditional username and password
combination is augmented with additional factors that are not as easily compromised, such as
hardware or software tokens, SMS passcodes
or fingerprints. Once verified, users can access resources like data or networks.
“Multifactor authentication has become a
fundamental security requirement,” Phetteplace
said. “It is the first line of defense against credential compromise.”
Using MFA, agencies can increase the likelihood
decipher. Government employees protect sensitive the public they serve so data encryption can help prevent painful cybersecurity incidents.
“If attackers get access to data, it is of little use
to them if it is properly encrypted,” Phetteplace
said. “Also, have we secured encryption keys and
mechanisms properly? We need to ensure we don’t
provide bad actors the capability to decrypt our data.” Companies like Sterling can give agencies the
building blocks they need to implement zero trust security agencywide – whether it is from users to networks to data centers or to the cloud. In
addition, Sterling provides solutions that automate
cybersecurity processes for agencies using artificial intelligence (AI) and machine learning, gathering and processing threat intelligence from multiple sources at machine speed.
that their users are who they say they are. After all,
Over time, the more that agencies embrace the EO’s
evidence factors.
focus on scoring mission wins.
it is harder for cybercriminals to obtain multiple
message, the more public-sector employees can
2. Segment networks Network segmentation is another cornerstone of zero trust security. Using network segmentation, agencies
Unpacking the President’s Cybersecurity Executive Order
11
