The notion of a traditional perimeter is no longer valid thanks to IT modernization efforts, adoption of cloud technologies and the proliferation of mobile devices.
The notion of a traditional perimeter is no longer valid thanks to IT modernization efforts, adoption of cloud technologies and the proliferation of mobile devices. In this post-perimeter era, CIOs and CISOs are most concerned with managing the cybersecurity and compliance risks, according to the 2020 NASCIO report. This is a valid concern because more applications and connected devices create a larger attack surface for cybercriminals. Stolen credentials due to phishing and malware-infected devices are two of the most common attack vectors with 81% of the data breaches leverage stolen or weak passwords and 70% of the breaches originate from endpoints.
Government bodies are also subject to various IT compliance requirements such as PCI-DSS, HIPAA and CJIS that safeguard personal information. Further, many states are passing their own GDPR-style laws such as California Consumer Privacy Act (CCPA) to hold the entity storing consumer data accountable for safeguarding it.
The traditional approach to IT security has failed to stop modern threats. And regulations are calling for stronger data security and access controls. So, what should governments do? A trust-based security model offers a fresh take on IT security and addresses the use cases of hybrid IT environments, proving zero-trust is more than just a buzzword.
Zero-trust is not one solution or a platform that one can simply buy and deploy. It is also not a rip-and-replace strategy where existing investments in security are sunk costs. It is a security framework that enables IT to gain visibility and control of their environment with trust-based policies before granting access to network, application or data.
The road to zero-trust security can start with your existing security solutions by aligning the policies to the principles of the framework. This helps IT understand the gaps that need to be filled by adding the required capabilities or solutions.
Governments with hybrid IT environments should consider building the following three key security capabilities to achieve zero-trust:
State and local governments are constantly pushed to do more with less. With the right solutions and policies, a zero-trust security model offers a better way for IT departments to manage security and compliance risks without breaking the bank.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.