The Zero Trust (ZT) architecture is a modern concept shaping cybersecurity in the public and private sectors. The growing use of SaaS applications, migration to cloud-based architecture, a rising number of remote employees, and bring-your-own-device (BYOD) have rendered perimeter-based security obsolete. The concept of a network perimeter where those outside of the enterprise's control are malicious and insiders are trustworthy — is no longer a viable approach to cybersecurity.

Zero Trust may seem like a daunting security architecture to implement. But Zero Trust is more a change of mindset towards cybersecurity than it is new tools and solutions. Zero Trust is a concept that can help you simplify and strengthen your defenses by adopting “never trust/always verify” principles. The truth is you probably already have many of the tools you need to get started. In addition to using existing security solutions, new tools and technologies can be added incrementally.

The COVID-19 pandemic has forced a rapid, widespread shift to remote work, necessitating a new approach to security. Many public sector agencies are responding by adopting a Zero Trust model.

What is Zero Trust? Why is it important? What’s required to implement it? Let’s explore.

What Is Zero Trust?

Original article published by Signal Magazine here.

Many federal government agencies are interested in improving their cybersecurity by moving to a zero trust architecture model. But such a move, while very beneficial to the organization, is a complex and involved process that requires some fundamental changes in how security and operations are approached, says Don Maclean, chief cybersecurity technologist for DLT Solutions.

The old saying goes, there are only two kinds of organizations: those that have been breached and those that will be soon. Clearly, the “moat-and-castle” approach to security has not worked. Simply being “inside” a network – behind a firewall, DMZ and other traditional defenses – does not confer trustworthiness, whether it’s a device, a user, network traffic, or an application.

DHS recently published version 3.0 of the Trusted Internet Connection (TIC) architecture. A response to changing IT conditions, Executive Orders, and OMB mandates, the new architecture seeks to support IT modernization through cloud adoption while keeping security as a top priority. The comprehensive set of documents includes an overview, a catalog of security capabilities, a reference architecture, guidance for pilot programs, advice for service providers, and a very helpful set of use cases relevant to agency needs.

Hot off the heels of last week’s Amazon Web Services re:Invent conference, we sat down with DLT’s Chief Technology Officer, David Blankenhorn, to discuss the current state of the Cloud and what drivers will fuel more innovation and adoption for the U.S. public sector in 2020.

There have been a few big agenda items for the cloud community to digest this year – what is the current state of U.S. public sector cloud adoption and usage?

“Trust but verify”:  a Russian proverb Ronald Reagan often used to characterize U.S.-Russia relations, especially regarding nuclear weapons. The Internet has made it clear that the “trust” part of the proverb may not work so well. Today, we may have to say “Never trust; only verify”.