Sign up to save your podcasts
Or
Share Ep. 79 Lessons Learned on the Zero Trust Journey
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep. 79 Lessons Learned on the Zero Trust Journey
When one reads the current literature on federal systems and zero-trust architecture, one gets overwhelmed by diagrams, charts, and prescriptive messages.
Lots of “should” and not many “we did.”
Well, this podcast will fill in the gaps. This is a discussion between a subject matter expert from Palo Alto Networks and a federal zero-trust practitioner. They dissect the best approaches to Zero Trust and give practical guidelines for migrating to a zero-trust architecture for a federal environment.
The discussion starts with how to select priorities. Everyone knows that Zero Trust is not a minor change that is merely adopted overnight. If zero trust is a journey, where does one start, and what priorities should be set?
Drew Epperson Palo Alto Networks provides the most practical advice on this concern. He suggests that you should identify the public attack surface and gain an understanding of where your valuable assets are located. The fantastic point he makes is that if you have a zero-trust system that does not allow the protection of assets dynamically, then you should start from scratch.
Beau Houser, US Census Bureau, makes a valid point when he suggests that a move “left” in the software development process will make Zero Trust much easier to deploy. In the parlance of software developers, a security move “left” means, on a timeline for a project, security considerations are given during the actual process of putting together the code.
One risk that is pointed out is that a systems administrator may be relieved that the code is being developed with security considerations, some may say “baked in.” The concern is that that person may get lulled into not worrying about continuous monitoring of the code. There very well could be a zero-day attack built into the code that will only be released later.
The interview concludes on a positive note. Beau House relates how his agency is having remarkable success in training technical staff. The dual benefit is it aids in staff retention and makes the transition to zero trust much smoother.
View all episodes
By FedInsider
5
55 ratings
When one reads the current literature on federal systems and zero-trust architecture, one gets overwhelmed by diagrams, charts, and prescriptive messages.
Lots of “should” and not many “we did.”
Well, this podcast will fill in the gaps. This is a discussion between a subject matter expert from Palo Alto Networks and a federal zero-trust practitioner. They dissect the best approaches to Zero Trust and give practical guidelines for migrating to a zero-trust architecture for a federal environment.
The discussion starts with how to select priorities. Everyone knows that Zero Trust is not a minor change that is merely adopted overnight. If zero trust is a journey, where does one start, and what priorities should be set?
Drew Epperson Palo Alto Networks provides the most practical advice on this concern. He suggests that you should identify the public attack surface and gain an understanding of where your valuable assets are located. The fantastic point he makes is that if you have a zero-trust system that does not allow the protection of assets dynamically, then you should start from scratch.
Beau Houser, US Census Bureau, makes a valid point when he suggests that a move “left” in the software development process will make Zero Trust much easier to deploy. In the parlance of software developers, a security move “left” means, on a timeline for a project, security considerations are given during the actual process of putting together the code.
One risk that is pointed out is that a systems administrator may be relieved that the code is being developed with security considerations, some may say “baked in.” The concern is that that person may get lulled into not worrying about continuous monitoring of the code. There very well could be a zero-day attack built into the code that will only be released later.
The interview concludes on a positive note. Beau House relates how his agency is having remarkable success in training technical staff. The dual benefit is it aids in staff retention and makes the transition to zero trust much smoother.