Our Favorite Zero Trust Stories from February 2024

As we roll into the new year, it’s clear that Zero Trust remains just as topical and timely as it did in 2023.  

Particularly for organizations in healthcare, education, and for federal agencies looking to make good on upcoming Zero Trust deadlines, actioning on Zero Trust plans will be mission critical for business continuity, compliance, and operational resilience in the year ahead – especially as ransomware attacks continue unabated.

For organizations looking to make progress on their Zero Trust initiatives, here are a few of the datapoints, Q&As, and stories that we found most insightful and inspiring this month.

Getting zero-trust initiatives off the ground (SC Magazine, Daniel Thomas)

Looking to get your Zero Trust initiatives or investments off the ground in 2024? SC Magazine reporter Daniel Thomas unpacks key findings from a new Zero Trust survey by CyberRisk Alliance.

Among other things, the report underscores what “Zero Trust front-runners" get right in adopting and embracing Zero Trust, and what others can learn to maximize their own Zero Trust ROI. A couple of the report’s key recommendations:  

• Start small to see real progress: “Zero-trust front runners start small to gauge reactions, measure performance, and collect feedback to inform more ambitious efforts down the line.”
• Keep end users in the loop: “Front-runners acknowledged that users are more amenable to zero-trust enforcement when they’re provided insight into why it’s the right step forward.”
• Get leadership on board for maximum business buy-in: “The cost of implementing zero trust is the cost of protecting the institution from data breaches, which can result in millions of dollars lost, damage to public reputation, and severing of relationships with customers and clients,” Thomas writes. “CISOs can shore up support from other leaders by illustrating why zero trust is much more economical and risk-conscious than alternative security approaches.”

Q&A: DOD’s Principal Deputy CIO Outlines Progress Toward Zero Trust (FedTech, Elizabeth Neus)

As U.S. federal agencies look to action on Zero Trust plans in 2024 – particularly for civilian agencies who are up against a September 2024 OMB compliance deadline – it's always helpful to hear how leaders are approaching Zero Trust and resilience strategies in real time.  

FedTech reporter Elizabeth Neus sat down with the Department of Defense (DOD)’s Principal Deputy CIO Leslie Beavers to unpack how the DOD’s thinking about its Zero Trust roadmap in the years ahead. The two discussed challenges along the way (including optimizing budgets and a mixed bag of modern and legacy technologies), and why “the journey starts with getting back to basics.”  

Though most imminently: “We’re focusing on the required compliance capability at its highest level — tag the people, tag the data and audit,” explained Beavers. “We’re well on our way. We’re not aiming to get rid of the perimeter defense. That, of course, is still part of a network. We want to increase our awareness of what’s happening on the network to improve our ability to secure the information within our networks.”

It’s a crucial callout and an important proof point for how tools like Zero Trust Segmentation can help public and private organizations spot and mitigate risk while enhancing existing perimeter defenses. To learn more about how firewalls and perimeter defenses are more effective with Illumio, check out this blog. And for more information on Illumio Government Cloud, visit our federal resource page.  

Las Vegas Gears Up for Super Bowl Cyber Challenge (Wall Street Journal, James Rundle)

Lastly, while this piece doesn't include Zero Trust by name, it’s a good representation of how proactivity, preparedness, and cross-team collaboration can help organizations better tackle (and stay ahead of) ransomware concerns.  

WSJ reporter James Rundle writes, “Securing any major sporting event can be a nightmare. Almost every aspect of a game day, including ticketing, on-site sales, operating scoreboards, interactive fan experiences and gaming involve some form of internet access, meaning it can all potentially be attacked.”

And the city of Las Vegas’ CISO Mike Sherwood notes that it takes months of preparation prior to ensure operational resilience come gameday.  

“It doesn’t just start with the day of the event. It’s months ahead prior, doing lots of different types of scenario testing, and training and role-playing exercises,” Sherwood says. “And it won’t end when the Super Bowl ends.”

As our world grows increasingly hyperconnected and we see new threats continually evolve and emerge, cross-team collaboration and buy-in to cybersecurity proactivity and models like Zero Trust will be even more essential. They’ll ensure that, from kickoff to the end of the fourth quarter, the focus is on the players and the game – and not the digital adversaries.  

That’s all for this month. We’ll be back with more Zero Trust stories soon!