Federal Modernization Here We Come! Agencies Prep for Zero Trust, Telework Guidance
NIST has released the final version of SP-800-207, Zero Trust Architecture.
Even with nearly everyone working from home, government guidance and policy folks have been hard at work to modernize our ability to deliver a holistic, risk-based security framework.
I’ve written a lot about how zero trust is the inevitable security framework for agencies looking to modernize their infrastructure. As a matter of fact, way back in 2018 I put these thoughts down just as some of these groups were starting on their zero-trust “journey of discovery.” It seems like so long ago, and many things have changed in the meantime. We’ve all been hunkered down and dealing with an extreme telework situation, which has slowed things down a bit, but has also put in stark relief just why we need to take this journey. We need to provide for security flexibility whatever may come.
Alongside the zero-trust journey, CISA has released some of the final pieces of their Trusted Internet Connection (TIC) 3.0 guidance. This guidance brings us into the 21st century with regard to how we architect and secure our access to cloud services and works with the zero-trust guidance to help agencies focus on what matters, protecting data and a user’s access to it.
These things didn’t happen in a vacuum. This is a concerted effort towards alignment of important core tenants of security that every agency should be paying attention to while also figuring out the roadmap for their own zero-trust journey.
Those of us who have been working with the ACT-IAC Zero Trust working group over the past two years have been thinking about what zero trust means to agencies and now, in phase two, we’ve been thinking about what that journey may look like for agencies.
Now, keep in mind, as John Kindervag, who is credited with coining the term “zero trust,” has always said, a zero-trust journey is a “bespoke” journey. That means every organization’s journey will be a little different, and this is so true. But it’s also worth pointing out that every organization is starting with basically the same raw materials.
It’s just like playing guitar. Every guitar player is using the same instrument – the same frets, the same strings, access to the same amplification. Very few folks build their own gear from scratch. The difference is how you play and how you practice. The more you practice and plan the better you are. Your “solo” might not be the same as other agencies’ “solos,” but they can both be good if you focus, and practice the basics.
At Duo, we’re good at the basics. The basic security components that make up a strong, fundamental, capability that agencies can deliver to help them on their Zero Trust journey, AND, just as important, allow agencies to deliver a security capability that users will love.
Try Duo For Free
With our free 30-day trial you can see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.