The Federal government is making a big push toward zero trust security architectures, but with an abundance of guidance on what makes a zero trust architecture successful, the looming question for many Federal agencies is ‘where do we start?’ Randy Resnick, senior advisor for the Zero Trust Portfolio Management Office at the Department of Defense (DoD), believes the first step is planning.
“Sometimes many feel that in government, decision-making is a coin toss,” Resnick said during a May 4 FCW event, while cautioning that a “cybersecurity decision should never be a coin toss.”
“For a successful zero trust deployment, planning is essential,” he emphasized.
For the DoD’s planning effort, Resnick explained that his office has utilized the plethora of cyber and zero trust guidance released to formulate a roadmap that stipulates steps the enterprise must take for a successful zero trust deployment.
The DoD Zero Trust Roadmap consists of seven interconnected pillars – users, devices, applications and workloads, data, network and environment, automation and orchestration, visibility and analytics. These pillars are upheld throughout the entire department, assisting with the “categorization of capabilities and technologies that can perform zero trust functions in an environment,” Resnick said.
The pillars also include what Resnick described as zero trust enablers which ensure a successful and synchronized deployment of a zero trust architecture. These enablers include department-wide zero trust awareness and culture shift, zero trust policy framework, and training.
Additionally, Resnick explained that another part of the DoD’s zero trust planning journey has been open communication and synchronized actions through the enterprise.
“A zero trust journey requires synchronization, integration, and agreement. Particularly at the DoD, we have found that complete collaboration between all sectors is part of that planning effort and will ensure a successful zero trust deployment,” he said.