Using the Tools at Hand to Get to Zero Trust

Federal agencies have been ordered to move toward zero trust architectures with alacrity, through Executive Order 14028 on improving cybersecurity and the Office of Management and Budget’s two memoranda, M-22-09 on meeting zero trust cybersecurity principles, and M-21-31 on improving investigative and remediation capabilities following cyber breaches. The Department of Homeland Security observed in its Zero Trust Implementation Strategy that agencies “can expect audits and budgets to hinge on questions of whether and how [they’ve] implemented zero trust for years to come.” In the DHS strategy, leveraging current tools in a creative way can help meet zero trust implementation goals and fundamentally reduce risk. This requires understanding what tools are already available, their features and functionalities, how widely deployed they are, and how different tools can be integrated to achieve priorities such as adopting identity-driven access, incorporating the principle of least privilege, and reducing an agency’s threat surface.