2 minute read
The Zero Trust Security Capabilities Your Agency Needs
An interview with Cameron Chehreh, Chief Technology Officer and Vice President, Presales Engineering, Dell Technologies
As good as it sounds, zero trust security will be too big a lift if agencies rely on manual processes.
Advertisement
The federal government’s latest cybersecurity executive order (EO) pushes agencies to adopt this strategy, which requires them to apply security controls every time users or devices attempt to access resources, not just at network perimeters. But how can agencies from the top down wield zero trust security without being weighed down by manual workflows? One potential answer is by provisioning and managing IT infrastructure through software — an approach known as infrastructure as code (IaC).
“We firmly believe that infrastructure as code is the most powerful thing you can leverage to get a zero trust reality in today’s world,” said Cameron Chehreh, Chief Technology Officer and Vice President, Presales Engineering at Dell Technologies, a computer hardware and software provider.
Chehreh shared three zero trust security capabilities that IaC can unlock for agencies:
1. Analytical visibility
Analytics involves systematically studying data and statistics with computers. Without this, agencies may remain in the dark about their security. Subsequently, visualizing their security analytics can help agencies properly understand and address the risks facing their sensitive assets.
For example, analytics can help agencies see where cyberattacks are happening so their employees can monitor potential threats in those areas more closely.
“We can make better-informed decisions about how to protect our data and applications,” Chehreh said.
2. Automated security
Automation happens when machines perform simple, manual tasks with little to no human input. When security basics like patching software are automated, the result is budgetary and labor savings for agencies. Freed from such routines, public-sector employees can pursue more complicated — and fulfilling — tasks for their agencies. The outcome is a win for everyone involved.
“Automation is critical for staying ahead of the adversary,” Chehreh said.
3. Orchestration
Why is automation so powerful? Ultimately, the reason is orchestration. Orchestration automates computer system and software configuration, coordination and management, making it crucial for applying zero trust security principles quickly and easily.
Take least-privilege access, a zero-trust security tenet that states that people need only the bare minimum of assets to accomplish their jobs. Through orchestration, agencies can rapidly apply this strategy agencywide.
“Orchestration allows you to make these kinds of decisions so you can do the most with the finite resources you have,” Chehreh said.
Effortlessly applying traits such as analytical visibility, automation and orchestration to zero trust security may seem impossible, but IaC can make the intangible tangible. Using IaC platforms like the one Dell Technologies provides, agencies can accomplish all their zero trust security goals in one place.
“I can use a simple suite of tools for my entire zero trust security posture,” Chehreh said.
