To combat the growing number of targeted cyberattacks on government agencies, Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity requires federal agencies and their suppliers “to modernize [their] approach to cybersecurity.”
EO 14028 and the recently released strategy memo emphasize the immediate need to shift to more secure cloud services and implement Zero Trust Architecture to safeguard agency and citizen data.
With a 2024 deadline set for federal agencies to meet the Zero Trust security goals, state & local agencies should plan to implement similar cybersecurity standards to interface with federal networks.
What is Zero Trust?
Zero Trust simply means that “any identity (individual, service, or managed third party) won’t have access to resources until they verify themselves.” In this model, no user, device, or application is trusted by default. This applies to identities both inside and outside the organization’s network.
Continuous authentication and validation are required to access a network or asset. Access to resources, like files and programs, should also be limited based on user profiles to add an extra layer of protection.
CISA’s maturity model focuses on actions agencies should take to improve security across five pillars: Identity, Devices, Networks, Applications and Workloads, and Data. Read more CISA’s recommendations here.
Advantages of Zero Trust Security
Zero-Trust significantly reduces the likelihood of a security breach, which can be costly for government agencies that hold sensitive citizen data. (In 2020, the average cost for a data breach in the public sector was $1.6 million.)
And while the name may sound limiting, the Zero Trust model has actually improved productivity and overall employee experience for agencies who have implemented it. The approach helps to shift the burden of security away from users. Features like single-sign-on, password-less authentication, and always-on VPN simplify access for users while maintaining security.
Cloud can ease the transition for Public Safety
Modern cloud platforms like 365™ CAD & RMS are purpose-built with zero-trust architecture for security and ease-of-use.
To maintain a strong security posture, agencies should be wary of legacy software that has been retrofitted for the cloud and doesn’t truly comply with zero trust principles.
When addressing outdated systems, agencies should look for applications that allow administrators to:
- Easily manage user accounts and permissions through Active Directory integration
- Enable security features like Single-Sign-On, Multi-factor Authentication and password-less authentication
- Monitor for abnormal behavior
- Limit access based on real-time analytics
Looking to improve data security for your agency? Contact us to see how the 365™ Platform can help.