During the pandemic, the security threats facing federal agencies have significantly expanded. While the number of agency endpoints grow and federal employees work remotely with limited VPNs and legacy equipment, hackers are not relenting.
To account for this new cloud-based paradigm where the network is no longer confined to the physical walls of a federal building, agencies must now pivot to a zero trust view of security from the data layer, says Yassir Abousselham, CISO of Splunk.
“We cannot and need not protect everything at the same level,” Abousselham said. “What is needed is an approach to maintain a level of assurance that is aligned with sensitivity of the data that we want to protect, whether access to those assets is obtained within or outside the network perimeter. This model can be fueled by zero trust, which essentially calls for moving away from a perimeter-based approach to security to focus on data and context as the basis to protect agency assets.”
To put it simply: Now that the workforce is no longer working within the confines of the agency perimeter, you can no longer assume the identity of or default to trusting any user or device, Abousselham goes on to say in a new FedScoop podcast underwritten by Splunk.
Data as the foundation
To be successful with a zero-trust security architecture, it’s key to have good management and access to all relevant data.
Abousselham says that because zero trust relies on context to make real-time decisions about access, “we need the ability to ingest data from any and all sources.”
“It is not enough to just get endpoint data or network data, we also need data from applications, workloads, threats, intelligence, et cetera,” he says. “From that perspective, data is really the foundation based on which automated decisions, including granting or denying access, will take place.”
The holistic flow of data will lead to a better view into the enterprise and drive better security and risk management decisions.
Automation, continuous validation
The premise of zero trust is to not implicitly trust anything, however familiar you might be with it. This means that even a device or user that is granted access must be re-validated over time.
“Once you establish trust, it does not mean it stays on forever,” Abousselham says.
“Trust and assurance levels change over time as you continuously monitor and understand the entity’s behavior.”
While the constant need for validation can appear to be a tiresome endeavor, automation continuous monitoring and anomaly detection capabilities can help lighten the load, particularly as IT security teams are short staffed. Built-in artificial intelligence or machine learning tools are a must for any modern, zero trust security architecture, Abousselham says.
“At its core, zero trust calls for automated access decisions. In a way, the automation that takes place should follow the same logic as a skilled analyst,” he says in the podcast. “To determine the risk of any given transaction, for example, zero trust can prevent non-compliant devices from accessing the network, which is the same decision that an analyst would make when they’re alerted of a similar event.”
Remote work is here to stay, and if federal IT officials want to keep their systems secure, zero trust is a must, Abousselham says. “Zero trust is core to security for the future of work.”
Listen to the podcast for the full conversation on data as the foundation of enabling zero trust. You can hear more coverage of “IT Security in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by FedScoop and underwritten by Splunk.
Yassir Abousselham has held various security leadership roles at Okta, SoFi, Google and EY, prior to working at Splunk. Additionally, he acts as advisor for cybersecurity startups and holds two U.S. patents in trusted network communication.