The Department of Defense (DoD) is piloting data tagging initiatives to tackle ongoing challenges in achieving target goals within the data pillar of its zero trust security strategy, the Pentagon’s zero trust lead said today.
In 2022, then-DoD Chief Information Officer John Sherman initiated an ambitious plan to implement a zero trust architecture across the department by fiscal year (FY) 2027.
But according to Randy Resnick, director of DoD’s Zero Trust Portfolio Management Office, one of the department’s most pressing challenge in reaching the FY 2027 goal is understanding the data it possesses.
“Zero trust is a data access control problem strategy. And for the DoD, our big hurdle is data tagging and labeling,” Resnick said today during the Rubrik Public Sector Virtual Summit powered by MeriTalk.
“This is a huge undertaking that’s going on right now. We’re doing pilots on this effort to try to come up with a standard approach to data tags and labels within [DoD],” he added.
DoD has 18 pilots underway with about 20 vendors – big, medium and small companies – to integrate their solutions to help DoD components reach target or advanced zero trust goals.
Additionally, the importance of data tags and labels will become increasingly important in the coming years as DoD prepares for the integration of artificial intelligence tech, Resnick said.
“This is extremely important as we move into the next few years with AI. To make sense of both structured and unstructured data, having data tags and labels is essential. If we want to fully leverage AI, data tags and labels are crucial,” he said.
DoD is not the only organization struggling with data challenges in a pursuit to a zero trust architecture.
Don Yeske, director of the National Security Cyber Division at the Department of Homeland Security, added during the same panel discussion that the data pillar for many Federal agencies is particularly challenging because “we don’t really manage data separately from systems or networks.”
“We can think easily about devices. We can conceptualize those things. Someone is responsible for them. We can think easily about systems [because] there’s a person who’s the system owner, and they’re accountable for the system, and they have to go get an authorization to operate it and to connect it. But we don’t have the management processes in place across the government, or just generally, to think about data as its own separate asset,” Yeske said.
According to Yeske, the solution to the Federal government’s data challenge is acknowledgement of this problem.
“For most of us, we don’t really spend our days thinking about data separately from other things. That’s a problem,” Yeske said. “If we introduce the right processes in our organizations to begin to understand what our data is, who owns it, where it comes from, where it flows to, and where it goes on a normal basis, then we can start to use that understanding to recognize when bad things are happening in our environment.”
