President’s Biden executive order (EO) on improving the nation’s cybersecurity gave Federal agencies 90 days to develop a Zero Trust strategy among a slew of other deadlines. But according to an official from the Small Businesses Administration (SBA), communication remains a significant challenge in meeting this deadline.
Trafenia Salzman, the security architect for SBA, said that clear communication throughout the entire agency is necessary to meet the zero trust directives laid out in the cyber EO. But “getting everyone to understand zero trust and getting everyone on the same page regarding strategy has been difficult,” she said at ATARC’s Zero Trust Summit on November 17.
“We don’t want to deploy any zero trust architecture without a clear consensus on how this will look like and operate. Once we get everyone on the same page, we can look at our current capabilities and tools and build a framework around zero trust,” Salzman said.
To overcome this communication challenge, SBA officials have utilized various resources from other Federal agencies, including the National Institute of Standards and Technology guidance on a zero trust architecture (SP 800-207).
“We have seen just how crucial a zero trust architecture is. But it is not going to work if all employees are not on the same page on what that means for access and operations within any agency, not just at SBA,” Salzman said.
Salzman added that agencies also need to focus on what would work for them because each agency has its unique purpose. SBA is also currently speaking with multiple vendors, searching for what software will best help the agency implement a zero trust architecture.