Federal Agencies Moving to Zero Trust Must Consider a Step-by-Step Approach

Current IT modernization initiatives are challenging federal agencies to implement significant changes to their infrastructure at a breakneck pace. As they look to keep pace with an increasingly sophisticated cyber threat environment and accommodate workflows shifting to the cloud, the federal government is looking to zero trust as a solution. Zero trust is a security model that maintains secure access to data and applications based on dynamic security policies reacting to access request specifics, as opposed to the network from where access originates.

Zero trust is not a new concept, the term was coined in 2010 by then-Forrester Research analyst John Kindervag2. It developed from an understanding that pervasive internet connectivity would ultimately result in the "de-perimeterization" of enterprise networks. Trust—and access to trusted computing resources—would no longer be defined by being connected to an IP network behind the corporate firewall.

A July 2019 report from the Defense Innovation Board (DIB)4 made the case for moving to zero trust in order to ensure the “effectiveness of security and data sharing” across U.S. Department of Defense (DoD) networks. President Biden’s Executive Order on Improving the Nation’s Cybersecurity in May of 2021 officially tasked the federal government with moving toward a zero trust architecture (ZTA).

DoD cybersecurity is at a critical juncture. Its networks are growing in size and complexity...This expansion is stretching existing cybersecurity apparatuses to their breaking point, as an ever-growing number of users and endpoints increases the attack surface areas of the network...Blind trust in users and devices inside the perimeter of the network is not sustainable.
"The Road to Zero Trust (Security)" by Kurt DelBene, Milo Medin, Richard Murray (July 2019)

These new realities are not unique to America’s warfighters. All public institutions—at federal, state, and local levels—face the challenge of balancing demands for increased access to improve user productivity with the mandate to safeguard data privacy and integrity.

In most federal agencies, terms like "agile" and "responsive" aren’t used very often. Like many large organizations, change happens incrementally over long stretches of time. NIST notes that agencies and organizations with significant existing network infrastructure often cannot simply replace network infrastructure wholesale, and moving to a hybrid architecture combining elements of ZTA with perimeter-based network security is a critical step in any zero trust journey5. So how can we expect federal agencies to stay up to speed with the constantly evolving digital landscape and keep secure?

The answer to enterprise demands for security, speed, and efficiency to address accelerating cloud and digital transformation initiatives.

For agencies that want to start the migration to zero-trust now, network security policy management from FireMon is an essential technology that connects the dots between today’s network-based security environments and a zero-trust future. With support for microsegmentation and advanced device discovery, only FireMon offers a real-time policy management platform that can support the complex needs of large organizations as they embark on their journey to a zero-trust architecture.

FireMon is the only real-time network security policy management (NSPM) solution that was built for today’s complex multi-vendor, hybrid enterprise environments. With support for the latest firewall and enforcement technologies spanning the data center to the cloud, only FireMon can deliver complete visibility and control across the entire IT landscape to automate policy changes, compliance, and minimize policy-related risk.

Zero trust is achievable in federal agencies, but to make it a reality you’ll need to keep three ideas in focus: situational awareness, policy management, as well as workflow and policy automation. Since creating the first-ever network security policy management solution, FireMon has delivered command and control over complex network security infrastructures for more than 1,700 customers located in nearly 70 countries around the world. FireMon continues to lead the way with solutions that extend policy management to the latest IT technologies including SASE, SDN, NFV, FWaaS, and SD-WAN.

The perimeter is now anywhere you make an access control decision. Continuous authentication, device assessments, user controls and application access are each good security methods on their own, but for optimal security — and to count as a true zero-trust model — they need to be used in coordination with one another. Zero trust is designed to let administrators gradually migrate from a perimeter-based framework, so federal agencies can create plans that align with their IT modernization initiatives and allow them to take action without requiring massive changes all at once. This means you can apply these principles today, now, and they can grow with your agency on your mobile and cloud journey; effectively providing a seamless security architecture for the future.

Learn how only FireMon can deliver complete visibility and control across the entire IT landscape to automate policy changes, compliance, and minimize policy-related risk. Download FireMon’s Zero Trust architecture datasheet.

References: