Zero Trust data protection is gaining momentum in federal organizations — across civilian agencies and the intelligence community. The latest National Security Memorandum builds on the foundation of last year’s Cybersecurity Executive Order, and further affirms that Zero Trust security is essential for federal organizations to adopt moving forward. Specifically, from Virtru’s perspective, the National Security memo is beneficial for several reasons:
The memo also highlights the urgency of Zero Trust, with Zero Trust plans due 60 days from the memo’s release, and 180 days to implement.
The concept of a mature Zero Trust implementation, that this memo and the previous EO highlighted, has been evolving for years, starting with John Kindervag, who coined the term and concept of Zero Trust back in 2010.
Kindervag predicted that data-centric security would eclipse perimeter-focused network security, and that, with the increase in user endpoints and networks, the perimeter would become increasingly amorphous and difficult to define. Kindervag’s prediction has proven to be true: The perimeter is evaporating, and it’s no longer enough to protect the castle walls. We have to protect the most important assets within those walls to ensure they remain safe at all times: We have to protect the data.
Network-focused security attempts to solve the wrong problem: It’s not the network you really need to protect, it’s the data that resides within that network. And that data needs to be shared with the right people in order to be effective.
National Security Systems (NSS) store some of the most sensitive data in government, and appropriate protection of that data should be front and center:
Adopt a federated identity by establishing a public key infrastructure (PKI) that federates across environments, leveraging open standards like Security Assertion Markup Language (SAML) for credentialing and OpenID Connect (OIDC) for authentication that verifies the identity of a user.
“Need to know” can vary based on the projects and assignments that individuals are tasked with. Ensure federated entitlement (again with open standards like SAML and OIDC), so that the right people are assigned the right privileges to access the right data at the right time.
The open, ODNI-standard Trusted Data Format (TDF) adds a layer of encryption to sensitive data, with access controls that are highly configurable and that grant the original data owner with persistent control. TDF allows “need to know” tags and controls to be applied directly to the data, and access to the data can be enforced through encryption wherever the data travels. Should access needs change, or should a file be shared with the wrong individual, access can be immediately revoked, even after the data has been shared. With TDF, the data itself remains safeguarded, regardless of where it’s located or where it moves. It is self-protecting, even if it encounters an environment that has been compromised.
TDF leverages modern cryptography to allow data source provenance, authenticity, and integrity.
When you take a data-centric approach to Zero Trust security, the benefits cascade across your organization:
In short, data can be shared with the people who need it, without friction, with persistent control, and with full confidence in its security. When we do this well, we create much higher-fidelity communication across government, private-sector partners, and coalition partners we trust on a human-to-human basis but don’t necessarily have the infrastructure to share with. Our community can connect in a more meaningful and secure way than ever before.
If your organization is unsure of where to start, the good news is that this is not uncharted territory: Virtru has partnered with numerous federal agencies to implement data-centric, best-in-breed Zero Trust architectures that accelerate data sharing and efficiency — particularly for agencies working with coalition partners. The common thread across our federal partnerships is to accelerate the secure sharing of data so that the right people have access to the right information, at the right time. To start the conversation, reach out to our federal team.