Industry Perspective
How to Create a Zero Trust Security Culture
An interview with Justin Robinson, Chief Technology Officer of Cyber and Analytics, ThunderCat Technology Government cybersecurity is like dieting. Publicsector employees know that protecting their
agency’s data and other assets is healthy but
making strong cyber hygiene stick agencywide is easier said than done.
After all, many agencies could improve how their
teams collaborate on cybersecurity. More importantly, these agencies could phase out perimeter-based
security. Too often, threats have emerged from both
inside and outside agencies’ perimeters, proving that this is not the optimal approach.
Enter zero trust security. Unlike perimeter-based security, zero trust automatically assumes that
every entity on agencies’ networks is untrustworthy. By continuously monitoring risks in this way,
2. Start small Robinson also cautioned agencies against
immediately implementing zero trust security
agencywide. Instead, he urges them to apply zero
trust principles to narrow parts of their operations. “Don’t roll out new applications or services and give
them authority to operate without first running them through a zero-trust exercise,” Robinson said.
For instance, least-privilege access is the idea
that employees should receive only the minimum amount of access to the resources their roles
require. To try zero trust security, an agency could
practice least-privilege access with one application rather than the entire organization.
agencies can cultivate a thriving security culture.
3. Boost teamwork
“Zero trust is not a tool or product,” said Justin
For too long, many network and security teams
and Analytics at ThunderCat Technology, an IT
security. To succeed, zero trust security needs to
Robinson, Chief Technology Officer (CTO) at Cyber solutions provider. “It is something that has to be inherent in day-to-day IT operations.”
have worked alone while defending their agencies’ upend this model.
“Zero trust security requires a culture within the
Robinson listed three steps agencies can take to make
organization where the collaboration is open,”
zero trust security habitual within their workforces:
Robinson said.
1. Take stock of current security tools
Beyond people and processes, zero trust security
Different agencies have different needs and
different security stacks. Security stacks contain
all the tools in an agency’s security inventory, so
accurately understanding these toolsets is crucial for zero trust security.
“Every organization has gaps based on their maturity level,” Robinson said of security stack assessments.
Once an agency understands its stacks, employees can add features like continuous monitoring that
anchor zero trust security. Continuous monitoring constantly evaluates agencies’ resources for potential security risks in real time.
additionally demands that agencies change their technology. Fortunately, IT solutions like those
ThunderCat Technology provides can give agencies
capabilities like real-time situational awareness that altering their workforces and workflows cannot. With guidance from ThunderCat Technology, agencies can create zero trust security architectures that
optimize the capabilities they have while plugging their gaps.
“It’s not about starting with your entire environment, every application you’re running, the network and
workloads,” Robinson said. “You can start to move
towards zero trust instead of boiling the entire ocean.”
Unpacking the President’s Cybersecurity Executive Order
19
