Building a zero-trust security architecture foundation that underlies better cybersecurity capabilities is at the top of the list for Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA).
“My role won’t be to develop those mission systems that are happening in the cybersecurity area, but I want to provide that strong foundation that people can build off of,” Costello said
at a June 9 event entitled The Foundation to Zero Trust: Enterprise Identity Management and hosted by Federal News Network.
Among other items the zero trust task list, the CIO talked about working on privileged access management.
“Privileged access management has been something that we continue to see as a problem,” Costello said.
“It’s about how are we monitoring our privileged users, how are we auditing privileged users, and that’s something that we’re attacking really hard here,” he said. “We also have a lot of people that need escalated privileges at times for a brief period, which also plays a role in our work.”
Another area of importance for Costello when talking about zero trust is micro segmentation. “Looking at micro segmentation, I need to understand what we’re trying to do. Do we need to go with a more complex approach, and who needs accesses to these micro segmentations,” he said.