Zero Trust – Long Time in Coming for Government IT Security
by: The Knowledge GroupAugust 13, 2020
The modern federal government has never been known for rapid adaption to circumstances since World War II and the Korean. After the 1960s, the bureaucracy that became our modern national regulation slogged and slowed down to the faceless entities most of us are familiar with today. However, COVID-19 and the need for social distancing in the workplace caused a dramatic, force reassessment in what was possible for government work. And the same event is bringing to light faster than previously possible the consideration of zero trust security policies for government technology as well.
Zero trust is what it sounds like, there is no trust whatsoever in any user account or tech asset simply based on its location. Just because the computer is in the executive director’s office means nothing. It gets the same screening as any other computer in the network. From a common-sense perspective, this approach makes a lot of sense. However, from a practical level in the past, it has meant blocking lots of internal traffic or slowing it down to an inconvenient level, so many networks had not implemented zero trust in the past. Then, the pandemic arrives with more remote connections than anyone ever predicted.
Zero trust was already starting to be applied in more sensitive areas as NIST standards were being applied in military, law enforcement, and emergency response agencies. But there was still a long haul needed to see the same policy applied in the rest of the government. The big challenge is the categorization of data, which essentially means prioritizing what should be protected and how much. However, once completed, the levels of zero trust can be applied pretty quickly. What continues to bog this process down is that every government office thinks its mission is critical and important. And that becomes unworkable for an IT administrator.
However, if the pandemic is going to continue for another year, the federal government will have no choice but to apply fully NIST protection levels, including Zero Trust. And that game changer will happen due to a virus, of all things, instead of public policy engineering. Sometimes, it takes nature to give a swift kick in the pants.