In a recent interview for Government Matters, IWP Cyber Intelligence Initiative (Ci2) instructor Darren Death discussed the concept of “Zero Trust” cybersecurity. Steven Hernandez, chief information security officer at the Department of Education, was also a part of the discussion.
Zero Trust is a holistic strategy whereby an organization develops protocols to protect its data without automatically trusting any part of the data flow process. The Pentagon and other government agencies are currently exploring how to implement Zero Trust strategies.
Mr. Death reviewed the differences between Zero Trust and other types of security. He noted that other types of security, like perimeter security, may assume that internal networks are secure. Zero Trust focuses on data and the organization and does not involve assumptions that any part of the process is safe.
If implemented properly, Mr. Death noted, organizations will have a better understanding of who is accessing their data and who should have access to the data. Ultimately, Zero Trust strategies allow organizations to protect their data batter.
Mr. Death and Mr. Hernandez both contributed to a report on Zero Trust for ACT-IAC, which they discussed during the interview. Mr. Death noted that the report gave a 10,000-foot view of the Zero Trust space and that they plan to do a follow-up report that dives deeper on this topic.
At IWP, Mr. Death teaches a seminar on Cyber Critical Infrastructure, which will next be offered on March 19, 2020.
Additional Resources from Darren Death on Zero Trust:
The Foundations Of Implementing A Zero Trust Architecture
Forbes – 05-13-2018
ZERO TRUST CYBERSECURITY CURRENT TRENDS – Industry Chair
ACT-IAC ZERO TRUST CYBERSECURITY PROJECT 04-18-2019
ZERO TRUST: THE MOAT IS DRAINED
ACT-IAC ELC 2019 – 10-22-2019
Trends in Zero Trust cybersecurity
Government Matters TV – 11-26-2019
ASRC Federal’s Darren Death on Zero Trust Strategy