Sign up to save your podcasts
Or
Share Ep. 65 Basic Cyber Hygiene & Zero Trust Principles
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep. 65 Basic Cyber Hygiene & Zero Trust Principles
Federal mandates are strongly encouraging agencies to apply Zero Trust. You do not just put on a pair of shoes and run the Boston Marathon; in a similar vein, you do not flip a switch, and the next day your agency has applied Zero Trust Principles. You should understand how your system needs to be prepared, then design a plan that will make the transition timely and effective.
Today’s guests give guidelines on this “hygiene” and what transition concepts to keep in mind.
Alvin "Tony" Plater, U.S. Department of the Navy, suggested that just because you are compliant, does not mean that your system is acceptable. Of course, he recognizes the value of regulations, but he thinks a well-structured system should go beyond compliance. For example, he views the importance of data integrity as a key component of maintaining existing systems.
Zero Trust requires you to assign access to people based on many characteristics, one being their role. Nothing new here, Role Based Access Control has been around for decades, but its implementation has been cumbersome at best. Consider role-based controls that give ease of use for system administrators.
Another aspect of hygiene is to make sure your existing systems all have user-supported versions. Using an older system that is about to go out of service has been called a “secretive vulnerability.” Unfortunately, one unexpected consequence of this maintenance could be more vulnerabilities. The basic hygiene concept is you cannot go to Zero Trust without a clean start.
From an architectural standpoint, you should know all your endpoints as well as have an enterprise architecture that can lock a malicious actor’s exploits into a limited area, what some call a “limited blast radius.”
The U.S. Patent and Trademark Office (USPTO) was a pioneer in remote work, even before COVID. Leadership at the agency recognizes the fast change in technology, even in the past three years. For this reason, the USPTO is changing to a Secure Access Service Edge initiative that will increase the ability to dynamically filter endpoint activity.
Humans have a dominant role in this transition. Each of the participants agrees that getting the right people behind the tools is the fastest way to increase security through Zero Trust.
View all episodes
By FedInsider
5
55 ratings
Federal mandates are strongly encouraging agencies to apply Zero Trust. You do not just put on a pair of shoes and run the Boston Marathon; in a similar vein, you do not flip a switch, and the next day your agency has applied Zero Trust Principles. You should understand how your system needs to be prepared, then design a plan that will make the transition timely and effective.
Today’s guests give guidelines on this “hygiene” and what transition concepts to keep in mind.
Alvin "Tony" Plater, U.S. Department of the Navy, suggested that just because you are compliant, does not mean that your system is acceptable. Of course, he recognizes the value of regulations, but he thinks a well-structured system should go beyond compliance. For example, he views the importance of data integrity as a key component of maintaining existing systems.
Zero Trust requires you to assign access to people based on many characteristics, one being their role. Nothing new here, Role Based Access Control has been around for decades, but its implementation has been cumbersome at best. Consider role-based controls that give ease of use for system administrators.
Another aspect of hygiene is to make sure your existing systems all have user-supported versions. Using an older system that is about to go out of service has been called a “secretive vulnerability.” Unfortunately, one unexpected consequence of this maintenance could be more vulnerabilities. The basic hygiene concept is you cannot go to Zero Trust without a clean start.
From an architectural standpoint, you should know all your endpoints as well as have an enterprise architecture that can lock a malicious actor’s exploits into a limited area, what some call a “limited blast radius.”
The U.S. Patent and Trademark Office (USPTO) was a pioneer in remote work, even before COVID. Leadership at the agency recognizes the fast change in technology, even in the past three years. For this reason, the USPTO is changing to a Secure Access Service Edge initiative that will increase the ability to dynamically filter endpoint activity.
Humans have a dominant role in this transition. Each of the participants agrees that getting the right people behind the tools is the fastest way to increase security through Zero Trust.