Industry professionals weighed in this week with their views on how the Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance also works to help enable adoption of zero trust security concepts.
Panelists from Cisco Systems, Netskope, and Duo Security talked about government policy and zero trust at MeriTalk’s TIC Talks virtual event on Oct. 15.
Discussing the trust zone concept in TIC 3.0 guidance, Doug Cowan, Cybersecurity Federal Leader at Cisco Systems, commented, “When you look at a trust zone, it becomes a question of not only, what’s the right level of security, but what’s the right level of performance that I need to be able to deliver as an agency.”
Lamont Orange, Netskope CISO, said that zero trust is fundamental to implementing security, and that the only way to getting to full zero trust is to deploy it in the cloud. “I think the only way for us to get there is deploying this in the cloud, and it’s more of the iterative approach,” Orange said.
“Understanding data, understanding who needs access to what, is still some of those same concepts that we had to deal with,” he said. “We’ve just added a little additional complexity about moving it to the cloud, but for the scale, and for the opportunity to do the best security— with the innovative solutions— you have to go to the cloud.”
Later during the Oct. 15 event, Public Sector Cybersecurity Architect at Duo Security Bryan Rosensteel offered a little advice for agencies on the zero trust journey.
“You always start by following the data and that may sound simple, but that in many ways is the most challenging aspect for an agency or anyone in particular—it even extends out into the commercial world,” Rosensteel offered. “Identifying your data, identifying the sensitivity of that data, and then identifying where that data resides can be a real challenge, and then from that you build out your security model.”