2 minute read

How to Create a Zero Trust Security Culture

Next Article
Conclusion

Conclusion

Industry Perspective How to Create a Zero Trust Security Culture

An interview with Justin Robinson, Chief Technology Officer of Cyber and Analytics, ThunderCat Technology

Advertisement

Government cybersecurity is like dieting. Publicsector employees know that protecting their agency’s data and other assets is healthy but making strong cyber hygiene stick agencywide is easier said than done.

After all, many agencies could improve how their teams collaborate on cybersecurity. More importantly, these agencies could phase out perimeter-based security. Too often, threats have emerged from both inside and outside agencies’ perimeters, proving that this is not the optimal approach.

Enter zero trust security. Unlike perimeter-based security, zero trust automatically assumes that every entity on agencies’ networks is untrustworthy. By continuously monitoring risks in this way, agencies can cultivate a thriving security culture.

“Zero trust is not a tool or product,” said Justin Robinson, Chief Technology Officer (CTO) at Cyber and Analytics at ThunderCat Technology, an IT solutions provider. “It is something that has to be inherent in day-to-day IT operations.”

Robinson listed three steps agencies can take to make zero trust security habitual within their workforces:

1. Take stock of current security tools

Different agencies have different needs and different security stacks. Security stacks contain all the tools in an agency’s security inventory, so accurately understanding these toolsets is crucial for zero trust security.

“Every organization has gaps based on their maturity level,” Robinson said of security stack assessments.

Once an agency understands its stacks, employees can add features like continuous monitoring that anchor zero trust security. Continuous monitoring constantly evaluates agencies’ resources for potential security risks in real time.

2. Start small

Robinson also cautioned agencies against immediately implementing zero trust security agencywide. Instead, he urges them to apply zero trust principles to narrow parts of their operations.

“Don’t roll out new applications or services and give them authority to operate without first running them through a zero-trust exercise,” Robinson said.

For instance, least-privilege access is the idea that employees should receive only the minimum amount of access to the resources their roles require. To try zero trust security, an agency could practice least-privilege access with one application rather than the entire organization.

3. Boost teamwork

For too long, many network and security teams have worked alone while defending their agencies’ security. To succeed, zero trust security needs to upend this model.

“Zero trust security requires a culture within the organization where the collaboration is open,” Robinson said.

Beyond people and processes, zero trust security additionally demands that agencies change their technology. Fortunately, IT solutions like those ThunderCat Technology provides can give agencies capabilities like real-time situational awareness that altering their workforces and workflows cannot. With guidance from ThunderCat Technology, agencies can create zero trust security architectures that optimize the capabilities they have while plugging their gaps.

“It’s not about starting with your entire environment, every application you’re running, the network and workloads,” Robinson said. “You can start to move towards zero trust instead of boiling the entire ocean.”

This article is from: