2 minute read
Securing Your Agency’s Future With Zero Trust Security
An interview with David Pipes, Senior Solutions Architect, Affigent
The recent cybersecurity executive order (EO) has a clear message – zero trust security is coming soon. Starting with federal agencies, the public sector is now racing toward this new security strategy.
Advertisement
But implementing zero trust security can be long, difficult and costly without forethought. How can agencies avoid getting bogged down by their zero trust security journeys?
The answer is carefully considering how automation, effort, investments and processes fit zero trust security. Without this roadmap, agencies may struggle to adopt zero trust security efficiently and affordably.
“The idea of going all out for a full solution is one only extremely knowledgeable and well-funded organizations can consider today,” said David Pipes, Senior Solutions Architect at Affigent, an IT solutions provider.
Pipes detailed three steps agencies must take before zero trust security becomes second nature:
1. Learn the basics
Before agencies can embrace zero trust security, their employees must grasp how it works. After all, much of the zero-trust mindset marks a radical departure from traditional security.
For instance, traditional security had perimeters around agencies’ IT networks to keep threats out. In contrast, zero trust security assumes cybersecurity breaches are inevitable because threats can emerge either inside or outside such perimeters. To prevent as many incidents as possible, zero trust security continuously monitors data, networks and systems in real time for threats.
“My advice at this point is to let your staff learn about zero trust and perhaps try some small implementations,” Pipes said.
2. Leverage productization
Productization is the process of developing or changing workflows, ideas, skills and services so they can be marketed and sold to buyers. In terms of zero trust security, productization can help agencies leverage products and services for their unique concerns, rather than creating their own solutions and workflows from scratch. Take an agency that handles classified data. By obtaining zero trust security products for this information, it can save energy, time and budget dollars its workers might have spent addressing the same need.
“Primarily, it helps by reducing the cost and complexity of implementation,” Pipes said of productization.
3. Avoid vendor lock-in
Vendor lock-in happens when switching solution providers for capabilities like zero trust becomes so cost-prohibitive agencies cannot do so easily. Pipes recommended that agencies avoid this pitfall by exercising caution until zero trust security tools are standardized.
“Don’t get swept up by early adopter product hype,” Pipes said. “Custom implementations are expensive and hobbled by the lack of standards.”
Affigent can assist agencies with adopting zero trust security by offering the tools that make the most sense for their workforces. These tools automate parts of zero trust security, like continuous monitoring, so they happen with little to no human input. Ultimately, this helps agencies reap the best returns from zero trust security based on their specific efforts, investments and processes.