Follow Fedinsider on LinkedIn

Napoleon Hill once said that a goal is a dream with a deadline. In this week’s episode of Feds At The Edge, we’ve gathered leading experts who share how their organizations are turning the once-upon-a-dream idea of zero trust architecture into an accomplished goal by the end of 2024.

Leaders from DHS, CISA, USPS, SailPoint, BeyondTrust and Ping Identity explore ideals behind Identity Credentials and Access Management (ICAM).

Avoiding the trap of “shiny new things”

Moving beyond meeting bare minimum compliance requirements to check a box

The benefits of implementing ICAM as part of application development

We’ll also delve into dark waters with what they identify as toxic combinations your team should avoid.

Tune in on your favorite podcasting platform now.

Follow Fedinsider on LinkedIn

In the technology world, the term “segmentation” applied to network topology. Networks, after all, have been segmented since the days when subnets were devised in the early 80’s.

Today, however, we also must consider the value of applying this strategy to applications as well.

In this week’s episode of Feds At the Edge, we’ll dive into why we need both approaches to have a secure Federal System. We’ll also explore the changing landscape as the days of having servers just down the hall has given way to public & private clouds, and multiple datacenters.

When it comes to network visibility, especially when dealing with applications, how are agencies keeping track of those long-forgotten servers no longer in service but still open to significant vulnerability?

We’ve gathered top thought leaders who share how they are securing the playing field both inside and out with zero trust and micro-segmentation strategies that work for today’s complex environments.

Tune in on your favorite Podcasting Platforms.

Follow Fedinsider on LinkedIn

Everyone who has driven through Missouri knows that they state motto is “Show Me.” In this week’s episode, we’ll explore the hype around artificial intelligence and with everything we’ve heard, it’s time to show us.

We’ve gathered a fantastic panel of State, local and industry leaders who will share with us how artificial intelligence is being used to reduce costs & improve services at the local level, across the nation.

• Train users now to use AI tools to their benefit, and not to fear progress.
• Using AI to detect anomalies in medical testing.
• Deploying chatbots to non-emergency services to help citizens with tasks such as getting their license.
• Deploying answers to typically asked questions faster.
• 24/7 use, no longer confined to the progress made between 9:00 and 5:00.
• Predicting major events on a flood plain and more.
• And most importantly, how to accomplish all this securely, and ethically.

Tune in on your favorite podcasting platform now.

Follow Fedinsider on LinkedIn

In this week’s episode we are exploring the remarkable progress both the private and public sector has made in their move to Zero Trust and the value of the human aspect when it comes to strategy, design and leveraging guidance from the federal government.

Wayne Rodgers, Zero Trust Lead from the Department of Education reminds listeners one can’t throw a switch and have zero trust just emerge from the bits and bytes. He highlights how test programs can and should be part of the journey and why your agency should consider multiple cloud vendors.

We will also delve into reducing risk with an approach using SASE and ICAM in the distribution of technology for Zero Trust among cloud service providers.

Joining Wayne is Akiba Saeedi, VP of Security Federal for IBM and Benjamin Koshy, CISO for Indian Health Service, who share the benefit of utilizing use cases to build your zero trust architecture, and a great place to look for starting point guidance as you launch the next phase of your cybersecurity journey.

Tune in now on your favorite podcasting platform.

Follow Fedinsider on LinkedIn

Most people today equivalate the sum of Artificial Intelligence to one thing; ChatGPT. In this week’s episode of Feds At the Edge, we’ll bust the myth by sharing how Federal leaders are making data-driven decisions leveraging advancements in technology with a wide range of AI.

We dive into the five concepts you may never have thought of but should be top of mind:

Clean Data. What happens when second or thirdhand data leaves you with a challenging clean up?

Privacy and Security. Is your agency keeping up with compliance?

AI Use Agency Wide. How do you tackle an enterprise-wide endeavor?

Analytics. From big data to deriving lessons from data sets- where should the focus be?

Language. What is being lost in translation?

Vijay Sharma, CTO from the Department of Education reminds us that Artificial Intelligence is like having the best bike in town and not knowing how to ride it.

Are you ready? Tune in on your favorite Podcasting platform now!

One of the challenges of raising a child is teaching them how to share; one of the challenges of federal information technology professionals is teaching them to share.

Today we take a look at organizations that encounter cyber threats and their efforts at sharing threat information.

Sharing cyber threat information isn’t a recent idea -- Executive Orders have encouraged sharing for years.

February 13, 2015, talks about the goal of creating robust information sharing related to cybersecurity risks and incidents.

May 12, 2021 “Removing barriers to threat sharing” that encourages the sharing of information across federal agencies.

In the commercial world, people are afraid to share cyber threat information because it may make them look weak to customers. If they share that data with competition, then their commercial opponents may have a leg up on them.

The federal world is just resistant but for different reasons.  If a vulnerability is announced, there is a threat that federal systems that aren’t patched will be vulnerable to attack.

This is the challenge addressed in today’s interview with federal CISOs and a commercial expert. 

Jonathan Feibus from the NRC looks at budget -- smaller agencies may not be able to afford to get commercial data on threats.

Companies like Mitre make available public Common Vulnerabilities and Exposure (CVE) lists for free. The most recent list includes 210,558 vulnerabilities.

It is indeed possible for a commercial company to have systems where vulnerabilities can be identified and remediated before they makes the CVE list. 

Executing the mission, abstracting complexity, driving for speed

The Biden administration didn’t just release Executive Order 14-058 to make federal websites look good, the practical aspect of user experience is making sure citizens can access information in a speedy, and safe manner. 

Conrad Bovell from HHS makes a strong statement when he states the reason for cybersecurity is to secure the mission of the agency.  For his agency, it is quite a large mission.

During the interview, he casually mentions that HHS has a #1.68 trillion annual budget. 

The obvious method is to lock everything down, however, the functioning of the agency means that he and his team must assess risk to when funding research.  The challenge is to get both: good experience and speed.

The HHS complex in suburban Maryland is quite extensive and complex, but nothing compared to the geographically remote and secure networks the military must operate in.  Randy Young gives the perspective of a trusted partner who assists in making the network easy to use and secure.  He maintains the way to support the warfighter drives better technology outcomes on the user’s terms, not the terms of whatever new technology is available. 

Putting yourself in the end user’s boots can make security experts understand how to manage risk and deliver the speed needed all the way to the feds at the edge.

Twitter:  @FedInsider

LinkedIn:    https://www.linkedin.com/company/fedinsider/

Facebook:   https://www.facebook.com/FedInsiderNews

Compliance, maturity levels, edge computing

Some people think the television phrase, “Set it and forget it” applies to Zero Trust. Today’s discussion throws that notion out the window.

The interview takes a deep dive into how an agency can move to a Zero Trust Architecture.  Three experts discuss compliance, maturity levels, and the role of edge computing. The conclusion is obvious: Zero Trust is a serious, constantly evolving methodology and federal leaders must take advantage of every resource possible to gain a thorough understanding of the process.

Jennifer Franks from the GAO points out that Zero Trust is not a new concept and the federal government has all kinds of reference materials to support leaders. She lists information from DISA, NIST, the DoD as well as the OMB. She reminds listeners that there is a maturity model associated with Zero Trust change --  and leaders must be aware of revisions to these documents.  Jennifer reminds the audience of the recent upgrade to the DISA model that adds more maturity levels.

Guidance is nice, but where to start? During the interview, Wayne Rogers talks about looking at your respective agency’s situation and doing a gap analysis. Once that is complete, then one can set priorities.  For example, when he used this process, his agency identified a weakness in their VPN system.  He prototyped a transition to Secure Access Service Edge and then deployed it across the agency.

Probably the best quote from this interview was provided by Akamai’s Tony Lauro. He said, “Security has to work despite users.”  He is referring to the base concept behind Zero Trust – an automated system that can identify threats and provision resources with appropriate access levels that can have nothing to do with end users acting themselves. 

Ron Popeil’s catchphrase may work on television, but not in today’s federal government. 

Twitter:  @FedInsider

LinkedIn:    https://www.linkedin.com/company/fedinsider/

Facebook:   https://www.facebook.com/FedInsiderNews

Technology maturing, constant attacks, automated responses

For the last ten years, everybody in federal software has been discussing the maturity model. We all know that a system must start, be managed, and be optimized.  Unfortunately, only recently have advances in hardware and software allowed this process to take place. 

Today, we listen to a conversation between a federal technology expert and a commercial subject matter expert with a focus on cybersecurity in a post-pandemic era.  Covid kickstarted the ability for federal leaders to be able to be transparent and to collaborate securely.  Perhaps this is a story about the technology maturing to give the ability to have an observability in a system with high compliance.

For example, Brian Dennis, Principal Technologist Public Sector, Akamai points out that micro-segmentation has always been known to prevent malicious actors from moving into the network.  For years, this process has been clunky and woefully inadequate.  Brian suggests that modern systems can make micro segmentation, and its impact on zero trust, easy and flexible.

Today’s federal agencies are under constant attack and must be adaptable enough to accomplish configuration and change management. Automation may hold the method to accomplish this complicated goal. 

Many agencies have billions of actions a day and no human can keep up with responding to attacks.  Today, systems are available where threats can be responded to in a rapid, automated, manner.  

Network visibility, remote access, leveraging artificial intelligence.  

Predictions are almost impossible in the rapidly changing world of military communications.  Despite that, our tech leaders will offer ideas on visibility, a uniform defense network, and eliminating lateral movement in these networks. If you look at the past twenty years, an argument can be made that the DoD has responded quickly to attacks; however, the solution really hasn’t had resilience or redundancy in mind. 

Today’s interview gives three ways the DoD is accomplishing the task of remediating some of these issues.  The experts discuss software defined networks, network visibility, and applying artificial intelligence to these concerns.

Bill Urig observes that we have reached the human limit to understanding a complex network. One can’t apply any sophisticated preventative measures, like software defined networks, unless they have a deep and through knowledge of the network.

To this end, he has used tools from Red River and Akamai that can provide exact information to system administrators to identify the digital terrain. That information will tell systems analysts the difference between a failed server or nefarious activity.

During the interview, Col. Joseph Pishock addressed the issue of the future of Identity Credentialing, and Access Management. From his point of view, ICAM has always been a siloed approach. They may be able to take advantage of specific tools, but Secure Access Service Edge is best deployed when using a consolidated platform.  

All are optimistic that the general trend of understanding the network can give a better response to an attack.