Zero Trust Can’t Stop at the Federal Level

The federal government must step in to help local and state governments implement zero trust.

Between the vulnerabilities caused by remote work during the pandemic and cyberattacks being more frequent than ever, an aggressive and innovative approach to addressing the cyber crisis is needed now. The White House’s recent requirement for federal agencies to achieve a zero-trust architecture is a great first step, but zero trust can’t stop there.

The zero-trust requirement, part of President Joe Biden’s cyber plan, is directed at federal agencies. It can be easy, therefore, for local and state leaders to dismiss it as irrelevant. That couldn’t be further from the truth. Government leaders at all levels must implement their own form of zero trust to better protect us all.

At the same time, there are critical steps the White House needs to take before zero trust has any hope of moving beyond the federal level on a larger scale.

1. Define Zero Trust and Why It Matters
It needs to be made clear to local and state officials what zero trust is and why they should care. This is especially true for those not in an information technology role. Zero trust isn’t a program to install, but rather an approach where no user, device, or application operating in or out of a security perimeter is trusted. It requires verifying everything attempting to establish access and minimizing access to what is needed through a combination of technology and policies. For example, zero trust would treat access requests from devices on known and unknown networks the same, subjecting both to the same security requirements. This is in contrast to a traditional security approach, where a firewall establishes a perimeter but gives broad access to everything inside it. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *