The Biden administration became a stronger advocate for our nation’s cybersecurity in a May Executive Order (EO) that aims to increase resilience and reduce risk for government agencies. These plans are vital to the welfare of our government. While ambitious, the Executive Order lays out short timelines for significant technology undertakings – such as developing a plan to implement a Zero Trust Architecture in a mere sixty days.
A Zero Trust Architecture eliminates excessive trust across networks, devices, users and workloads, and prevents automatic access for any source. This organizational design principle requires consistent real-time authorization and shrinks the attack surface for adversaries seeking access across the network.
It’s important to note that Zero Trust is a philosophy, strategy, and architecture. There is no one technology that agencies can implement to “achieve” Zero Trust. Agencies need to work together and take a comprehensive approach to this architecture to ensure it is impactful.
While the Biden Administration’s EO focuses on crucial security modernization and the important role of a Zero Trust Architecture, agencies need an operational roadmap to build and implement the architecture into existing federal systems.
A good place to start your agency’s Zero Trust strategy is by identifying your most important assets. Then, start with a pilot project with the appropriate Zero Trust technologies around a few of these critical applications and later, a more widespread expansion to your scope.
Since many high value assets live in the data center or cloud, Zero Trust Segmentation (also known as micro-segmentation) will be a foundational piece to agencies’ Zero Trust architectures. Zero Trust Segmentation specifically supports a number of key requirements in the EO, including:
1. “The Federal Government must improve its efforts to identify, deter, protect against, detect and respond to these actions and actors.”
The Federal government currently has no visibility of applications and workloads, making this point difficult to accomplish. The first step is for agencies to identify high-value assets and critical infrastructure, and then map how these workloads and applications connect. Illumio Core’s Illumination is a real-time application dependency map that visualizes communications between workloads and applications and delivers insights on connectivity within data centers and cloud environments. This visibility paves the way for a tested Zero Trust Segmentation policy to deter attackers and prevent attacks from spreading across the network.
2. “The Federal Government must carefully examine what occurred during any major cyber incident and apply lessons learned.”
Every breach is an opportunity to learn. If anyone in the federal government needed proof that a network perimeter defense alone is insufficient, the SolarWinds attack is the loud and clear wake-up call. The SolarWinds breach revealed the necessity of limiting the workload-to-workload communications through granular segmentation. Once an attacker is inside a network, there must be controls to prevent lateral movement. Zero Trust Segmentation’s allowlist model restricts connections to only legitimate traffic, a must-have to avoid becoming the next headline-breaking incident.
3. Modernizing federal government cybersecurity “… by increasing the federal government’s visibility into threats… (and) cybersecurity data to drive analytics for identifying and managing cybersecurity risks.”
We know agencies need visibility before enforcing their Zero Trust security plans. Right now, Security Information and Event Management (SIEM) vendors only get network security information. Illumio works with SIEM vendors, like Splunk and IBM QRadar, to provide a much more complete cyber dashboard, including application security information. It is essential to have both network and application visibility to minimize threat surfaces and prevent the spread of attacks once inside the network.
4. “Develop a plan to implement Zero Trust Architecture, which shall incorporate, as appropriate, the migration steps that NIST outlined in standards and guidance, describe any such steps that have already been completed, identify activities that will have the most immediate security impact, and include a schedule to implement them.”
NIST 800-207's guidance for a Zero Trust Architecture highlights micro-segmentation in section 3.1.2 as one of three approaches to a Zero Trust strategy. Illumio can help agencies enforce Zero Trust Segmentation quickly to prevent threats inside the network from reaching critical assets. This approach brings agencies the most immediate security impact.
Implementing a Zero Trust Architecture is a vital strategy in ensuring agencies can reduce risk, lower cost, and save time to meet their missions. Zero Trust Segmentation is an important piece of any Zero Trust plan – it makes agencies more resilient and secure.
The Biden administration has laid out the blueprint with their most recent EO, but now it’s up to agencies to build a stable foundation of cybersecurity.
For more information: