How to maximize the impact of Zero Trust's next phase

Gary Barlet, Illumio's federal chief technology officer, outlines how Zero Trust will remain important as the threat landscape widens and adversaries continually evolve.

Government contractors and industry alike have been working with federal agencies to diligently reshape and harden agencies’ cybersecurity postures over the years. With evolving Zero Trust mandates and strategic guidance, such as the Federal Zero Trust Strategy and the Department of Defense Zero Trust Strategy, collaboration becomes even more critical.

As similar initiatives roll out, the importance and prioritization of Zero Trust across the federal government becomes even more apparent. Promisingly, as the threat landscape widens and adversaries abound, the GovCon community is helping agencies make progress on their Zero Trust commitments.

However, as 2024 deadlines to implement and adopt Zero Trust architectures quickly approach, limited resources continue to be an obstacle. Challenged to do more with less, industry partners can help agencies to leverage existing capabilities and maximize investments to continue to make strides towards fortified resilience.

The Complex Landscape of Competing Priorities

The current threat landscape can best be summed up as devastating and complex – due to its evolving nature, where cyber threats morph and arise at an unprecedented pace.

In fact, over 2,200 cyberattacks take place every day (around 1 every 39 seconds). Today’s threat landscape demands a strategy that is not only robust, but adaptable and ready to respond to new and emerging threats with precision.

This is where Zero Trust has become a de facto cybersecurity best practice. By encouraging federal agencies to proactively shore up critical defenses and account for inevitable breaches from the start, with Zero Trust, agencies of all shapes and sizes are better enabled to maintain operations and secure sensitive data even in the face of ongoing attacks.

But with the rise of today’s dynamic threats, the allocation of already limited resources makes for an even more precarious balancing act – where competing priorities and budget constraints make it more difficult for agencies to secure critical assets against a widening threat landscape.

An overarching challenge in strengthening federal security lies in balancing security goals with other priorities. Federal agencies, while striving to fortify their cybersecurity posture, must also contend with the reality of juggling other organizational needs (productivity, operational enhancements, staffing, other Congressional mandates, etc.).

But rather than sacrificing security entirely in the face of other pressing initiatives (which federal agencies simply can’t afford to do in 2024), industry partners should encourage agencies to focus on taking small but concrete steps towards resilience.

Small Steps Make Significant Progress

When it comes to reaching critical objectives and accelerating Zero Trust plans specifically in 2024, it’s important for agencies to consider where they can best maximize investments to get the most ROI out of limited cyber resources.

There will never be a “one-size-fits-all” solution for Zero Trust, and contractors working with agencies looking to make progress on their Zero Trust goals must tailor strategies and implementation plans to their unique stage of the cybersecurity journey.

But by examining their organizational objectives, identifying pain points, and prioritizing security around their most critical data sets, workloads, and operations first, contractors can ensure agencies will be better enabled to achieve quick but lasting wins on the road to Zero Trust.

The key lies in understanding that cybersecurity, and Zero Trust, is not a one-time initiative or technology but an ongoing process. Zero Trust strategies that prioritize continuous improvement with small but impactful projects recognize the dynamic nature of cyber threats and are better equipped to adapt to the evolving landscape.

For example, segmenting critical assets is a tactical move that is proven to result in immediate improvements in agencies’ overall security posture. In fact, segmentation is proven to reduce the blast radius of cyberattacks within an organization by 66 percent, saving organizations $3.8 million annually by limiting unplanned downtime.

This approach not only slows the lateral spread of cyber threats, which remain the biggest risk as agencies continue to move to cloud and hybrid environments at scale, but also lowers potential costs incurred by downtime and lost productivity.

Keep Moving Forward

Federal agencies face a critical challenge as the Zero Trust Strategy deadline approaches – fortifying cybersecurity with limited resources and ambitious goals in mind. Tailored solutions, embracing a risk-based approach, focusing on quick wins, and collaborating with industry partners are the keys to success amidst these challenges.

In this lens, prioritizing incremental progress and recognizing the continuous nature of cybersecurity is vital – and continuing to make progress on cyber resilience objectives, even once the Zero Trust Strategy deadline passes, will continue to be integral to securing agency operations and protecting our democracy.

Gary Barlet is the federal chief technology officer for Illumio.