In This Article

"There has been a global change in tone because people have hit a breaking point when it comes to the cybersecurity problem," said Ron Bushar, Senior Vice President and Global Chief Technology Officer at Mandiant during a recent podcast discussion

Bushar adds "Cybersecurity is no longer a technical problem set, it's a significant risk and we have to look at it differently. Governments around the world now recognize it requires a coordinated approach and I'm excited to see the momentum behind it."

Coordination benefits everyone – agencies, private companies, and citizens. However, before implementing technologies and solutions, agency CIOs, CISOs and program managers should:

  1. Gain an understanding of Zero Trust Architecture (ZTA)
  2. Think about what is needed for your organization's sustainability
  3. Talk with private-sector solution providers with expertise in both ZTA and government IT infrastructure and challenges

There's no one-size-fits-all Zero Trust approach for government organizations, however the right public-private partnership will ensure your agency and its resources are capable of pivoting for the ever-evolving threat landscape.  

What is ZTA?

According to the National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST), a ZTA:

Treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized. In essence, a zero trust architecture allows a user full access but only to the bare minimum they need to perform their job. If a device is compromised, zero trust can ensure that the damage is contained.

There are multiple steps toward implementing a ZTA -- from the implementation of multi-factor authentication all the way to network micro-segmentation and automated threat detection. 

FireEye/Mandiant recognizes that government institutions are at different stages of maturity with Zero Trust. It could be that you've already made investments in cybersecurity that align with a ZTA. We can help validate those solutions to ensure they're meeting your goals, while also helping you establish a framework approach toward gaining ZTA maturity. 

Sustainable questions to ask 

Zero Trust is a journey; it will take time and effort to gain sustainability. To that end, here are some questions to consider:

  1. Pause and take stock. What security practices and solutions does your organization already have in place? There is no need to reinvent the wheel.
  2. Ask your teams: Can you leverage any cybersecurity solutions that you've already implemented to meet the EO requirements? If so, these investments will most likely also fit into your ZTA roadmap.
  3. Ask your teams: Among the private-sector vendors with whom your agency has relationships, do they have the knowledge and government expertise to help you on your ZTA journey? Many providers offer Zero Trust-related solutions; however, they may not be aware of unique compliance and security requirements for government agencies.

Consider partnerships

Zero Trust and nurturing a ZTA can seem overwhelming, especially if your organization is facing IT security skills shortages. Public-private partnerships can help address these issues and more. 

Organizations like FireEye/Mandiant and WWT can provide consulting and advice, as well as solution and technology implementation. We're at the forefront of the Zero Trust conversation, and we're ready to help your organization on the journey to better cybersecurity. 

Next step: Dig deeper into ZTA and all of its considerations by downloading our whitepaper "Zero Trust for Federal Government: A Guide to Achieving Improved Cybersecurity." 

For more information, stream the on-demand version of this Public Sector Tech Talk with Bob Costello, former Public Sector Civilian Strategic Advisor at WWT and Mandiant's Ron Bushar and Stacy O'Mara.


Public Sector Tech Talk E14: Impact of the Cybersecurity Executive Order STREAM NOW