Industry Perspective
The Zero Trust Security Capabilities Your Agency Needs An interview with Cameron Chehreh, Chief Technology Officer and Vice President, Presales Engineering, Dell Technologies
As good as it sounds, zero trust security will be too big a lift if agencies rely on manual processes.
The federal government’s latest cybersecurity
executive order (EO) pushes agencies to adopt this strategy, which requires them to apply security
controls every time users or devices attempt to
access resources, not just at network perimeters. But how can agencies from the top down wield
zero trust security without being weighed down by manual workflows?
One potential answer is by provisioning and
managing IT infrastructure through software — an approach known as infrastructure as code (IaC). “We firmly believe that infrastructure as code is
the most powerful thing you can leverage to get a zero trust reality in today’s world,” said Cameron Chehreh, Chief Technology Officer and Vice
President, Presales Engineering at Dell Technologies, a computer hardware and software provider.
Chehreh shared three zero trust security capabilities that IaC can unlock for agencies:
1. Analytical visibility
2. Automated security Automation happens when machines perform
simple, manual tasks with little to no human input. When security basics like patching software are
automated, the result is budgetary and labor savings for agencies. Freed from such routines, public-sector employees can pursue more complicated — and
fulfilling — tasks for their agencies. The outcome is a win for everyone involved.
“Automation is critical for staying ahead of the adversary,” Chehreh said.
3. Orchestration Why is automation so powerful? Ultimately, the
reason is orchestration. Orchestration automates computer system and software configuration,
coordination and management, making it crucial for applying zero trust security principles quickly and easily.
Take least-privilege access, a zero-trust security tenet that states that people need only the bare
minimum of assets to accomplish their jobs. Through orchestration, agencies can rapidly apply this
Analytics involves systematically studying data and
statistics with computers. Without this, agencies may
remain in the dark about their security. Subsequently, visualizing their security analytics can help agencies properly understand and address the risks facing their sensitive assets.
For example, analytics can help agencies see where
cyberattacks are happening so their employees can
monitor potential threats in those areas more closely. “We can make better-informed decisions about how to protect our data and applications,” Chehreh said.
strategy agencywide.
“Orchestration allows you to make these kinds of decisions so you can do the most with the finite resources you have,” Chehreh said.
Effortlessly applying traits such as analytical visibility, automation and orchestration to zero trust security may seem impossible, but IaC can make the
intangible tangible. Using IaC platforms like the one
Dell Technologies provides, agencies can accomplish all their zero trust security goals in one place.
“I can use a simple suite of tools for my entire zero trust security posture,” Chehreh said.
Unpacking the President’s Cybersecurity Executive Order
7
