Roadmap to Zero Trust

Written by Danny Toler and Sara Mosley 

Acuity applauds the administration and all who worked so hard to draft and issue the President’s recent Executive Order on cybersecurity. This Executive Order and the work it triggers will help protect our nation against those wishing to do harm through cyber-attacks.

The call for departments’ and agencies’ plan to implement a Zero Trust architecture is particularly worth highlighting. Agencies are doing their best to protect legacy infrastructures against an ever-evolving set of cyber threats. Like Sisyphus rolling his rock up the hill, this is a never-ending and increasingly futile task. Our adversaries have proven they know how to exploit this approach. Zero Trust represents a major shift. The focus is no longer securing the infrastructure but the things that really matter: data and operations. It doesn’t operate under the assumption, “If you’re on the network, you are trusted.” This shift will not be easy. To tackle the Zero Trust way of thinking, Organizations have to re-think how they deliver IT services and understand their data and business processes. There is no single product ‘magically’ capable of getting an agency to Zero Trust. Zero Trust is better described as a framework and architecture than a “single” technology. Even as agencies begin their transition, they will be straddled with maintaining their legacy cyber protections. This transition demands thoughtful planning and careful execution.

While this sounds like a daunting task, it’s important to note the significant advantage of realizing a Zero Trust Architecture. In addition to significant security benefits as the focus shifts to most sensitive, critical data; agencies can provide flexibility/agility to the mission as the solutions/services are not tied to a “one-size fits all” approach to IT service delivery. By adjusting the security capabilities based on the sensitivity of the data, organizations can focus security resources where it will provide the most impact while allowing for users working with less sensitive data to have less “hoops” to jump through.

Acuity has a unique staff and set of capabilities ready to help the government with meeting the immediate requirement of the Executive Order, a plan, and partnering with agencies on their longer Zero Trust path. We understand the importance and complexities of this undertaking. We have helped the government define Zero Trust core principles and how to put them into practice. We understand how to develop a phased path, with impactful early wins, based on the business and mission needs of an agency. This is done as part of a strategic approach to achieving an overall Zero Trust architecture. We’re ready to help with the next steps to protecting agencies’ data and operations.