Victoria Redmond
Executive Order 14028 mandates agencies implement zero trust (ZT) architectures for all cyber networks. Zero trust relies on a full understanding of the cyber attack surface in order to move the boundary closer to the user and secure each component. Afterall, you can’t secure what you don’t know you have.
Many agencies are still struggling to answer simple questions:
What devices have access to our environments?
Is the core software up to date?
Are unapproved applications in use? What is their network access?
Is the device managed by an endpoint protection solution?
These questions need definitive answers and organizations need defined processes in order to build the foundation for a zero trust architecture. Manual mapping and monitoring of the cyber-attack surface leaves organizations scrambling to keep up, their people mired in manual deduplication and correlation.