Michael FriedrichJanuary 13, 2022
2022 Federal Predictions: Zero Trust Security
With January in full swing, federal CIOs, CISOs and government agencies are taking stock of their priorities and where they should focus their time and resources in the new year.
While we don’t have a crystal ball for 2022, we anticipate it bringing more of the same ... escalating cyberattacks, budget restrictions and continued cybersecurity challenges. As you’re planning, here is what we expect to see in the federal sector in 2022.
Zero Trust Goals
The White House Cybersecurity Executive Order, released in May 2021, was a great catalyst for agencies to accelerate their Zero Trust security planning goals because it required them to submit detailed plans over the course of several months. Early responses from government leaders responsible for implementing the guidance suggest it may take two to three years to fully implement Zero Trust security across agencies.
In the next year, look for the administration and authoritative sources such as the Office of Management and Budget (OMB), Department of Homeland Security (DHS), National Security Agency (NSA), National Institute of Standards and Technology (NIST), Department of Defense (DoD), etc., to issue further Zero Trust security guidance that is more prescriptive and accelerates timetables for execution.
Further, we expect the government to make a continued push to treat its security as code. During several recent talks with the DoD and civilian leaders, the concept of Continuous Integration/Continuous Delivery (CI/CD) and automation has been tied to Zero Trust. It’s highly likely we will see more departments and agencies follow this trend as Executive Order mandates on Zero Trust security and metrics reporting will force more and more integration to provide better metrics.
Measuring outcomes will take center stage as agency leaders look to justify the improvements in infrastructure and budget requests. Unfortunately, what’s still missing from the original guidance is a way to measure whether Zero Trust security implementation improves the government’s overall cybersecurity posture.
We will see early success from agencies that have a solid grasp of identity management, workload location and user base/devices. Without a solid foundation, applying Zero Trust principles to their goals will fail.
The agencies that demonstrate the most progress will be those who start with the desired outcome in mind. They’ll adopt the Zero Trust principles and incrementally adapt their existing architecture against the Zero Trust maturity models and use cases published by DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the DoD. Any wholesale attempts or major platform upgrades will meet unexpected challenges and delays.
In recent months, the agency that has taken the biggest leap forward is the DoD. It has defined accepted architectures and moved several Zero Trust security programs from pilot to production rollout, while continuing to define new use cases with each passing week.
Budget, people, time and bureaucracy will be the limiting factors in agencies’ ability to plan and execute a comprehensive Zero Trust security plan. Creativity will be the operative word associated with success. Those agency executives who are willing to be creative with their people, technology approaches and acquisition strategies will be the ones receiving awards next year.
Agencies that lack the ability to adjust tactics and report in real time will also struggle. These solutions must be integrated and dynamic ... not siloed. Unfunded mandates without defined measurable success will only further set the stage for failure. Agencies not only need Congress to pass the budget, they need real-time reporting guidelines that are defined and widely accepted.
In 2022, Zero Trust security will continue to be pervasive across multiple domains and disciplines. To accelerate progress, agencies must advance their knowledge of automation, scale, Kubernetes and everything as code. The old methods of siloed, manual solutions do not work. Those that can bring these principles into IT, IoT, every sensor grid imaginable, 5G networks, low Earth orbit [LEO] satellites, navigation systems and unmanned vehicles will drive a higher security level in the solutions.
For more on how our Appgate Federal Division assists agencies on their Zero Trust security journey, visit www.appgate.com/federal-division.
Blog: Federal cybersecurity: are we doing enough?
Blog: Implementing your Zero Trust security journey
Federal News Network Interview with Appgate Chief Product Officer, Jason Garbis