info_outline
Ep. 121 The Human Side of Zero Trust
10/04/2023
Ep. 121 The Human Side of Zero Trust
In 2021, the federal government provided initiatives for a move to zero trust; after two years it is time to look at the progress agencies have made. Today’s discussion includes federal experts who have made remarkable progress in the implementation of Zero Trust. The group also includes an experienced subject matter expert from a large commercial organization, IBM. The conclusion from the short discussion is the value of taking into consideration many of the human aspects of implementing zero trust. This human aspect can be divided into three areas: strategy, design, and leveraging guidance from the federal government. Strategic concerns begin with understanding the nature of a zero-trust implementation. As Wayne Rogers points out, one can’t throw a switch and have zero trust just emerge from those bits and bytes. He suggests a test pilot program, getting feedback, and then continuing until it is complete. When it comes to multiple cloud vendors, Wayne brings brilliant insight. He looks back at traditional federal tech implementations, he observes that they were using a variety of vendors. His suggestion is to apply the same strategy to cloud based zero trust. Using multiple clouds yields benefits like resiliency and reducing cyber-attack vulnerability. If one vendor gets attacked, your secondary provider will be available. As far as reducing risk goes, he details an approach where you distribute the technology for Zero Trust among several Cloud Service Providers. For example, one can place SASE on one, ICAM on another, and storage on a third. Although it can be complicated, he shows that it can increase speed drastically. IBM’s Akiba Saeedi recommends that a federal manager should look at a transition to zero trust by focusing on use cases. Take one implementation and examine it regarding disruption, privacy, and remote work. She has seen success when working with several vendors on specific use cases. All guests agreed a great place for guidance on a zero-trust transition is NIST’s Center of Excellence on Zero Trust called the National Cybersecurity Center of Excellence, or NCCOE project.
/episode/index/show/fedinsider/id/28220831