Industry Perspective
Securing Your Agency’s Future With Zero Trust Security An interview with David Pipes, Senior Solutions Architect, Affigent
The recent cybersecurity executive order (EO) has a clear message – zero trust security is coming soon. Starting with federal agencies, the public sector is now racing toward this new security strategy.
But implementing zero trust security can be long, difficult and costly without forethought. How can
agencies avoid getting bogged down by their zero trust security journeys?
2. Leverage productization Productization is the process of developing or
changing workflows, ideas, skills and services so
they can be marketed and sold to buyers. In terms of zero trust security, productization can help
agencies leverage products and services for their unique concerns, rather than creating their own solutions and workflows from scratch.
The answer is carefully considering how
automation, effort, investments and processes fit
zero trust security. Without this roadmap, agencies
may struggle to adopt zero trust security efficiently and affordably.
Take an agency that handles classified data.
By obtaining zero trust security products for this
information, it can save energy, time and budget
dollars its workers might have spent addressing the same need.
“The idea of going all out for a full solution is one only extremely knowledgeable and well-funded organizations can consider today,” said David
Pipes, Senior Solutions Architect at Affigent, an IT solutions provider.
Pipes detailed three steps agencies must take
before zero trust security becomes second nature:
1. Learn the basics
“Primarily, it helps by reducing the cost and complexity of implementation,” Pipes said of productization.
3. Avoid vendor lock-in Vendor lock-in happens when switching solution providers for capabilities like zero trust becomes
so cost-prohibitive agencies cannot do so easily. Pipes recommended that agencies avoid this
pitfall by exercising caution until zero trust security
Before agencies can embrace zero trust security,
their employees must grasp how it works. After all, much of the zero-trust mindset marks a radical departure from traditional security.
For instance, traditional security had perimeters
around agencies’ IT networks to keep threats out. In contrast, zero trust security assumes cybersecurity breaches are inevitable because threats can
emerge either inside or outside such perimeters. To prevent as many incidents as possible, zero trust
security continuously monitors data, networks and systems in real time for threats.
tools are standardized.
“Don’t get swept up by early adopter product hype,”
Pipes said. “Custom implementations are expensive and hobbled by the lack of standards.”
Affigent can assist agencies with adopting zero trust security by offering the tools that make
the most sense for their workforces. These tools
automate parts of zero trust security, like continuous monitoring, so they happen with little to no human input. Ultimately, this helps agencies reap the best returns from zero trust security based on their specific efforts, investments and processes.
“My advice at this point is to let your staff learn about zero trust and perhaps try some small implementations,” Pipes said.
Unpacking the President’s Cybersecurity Executive Order
45
