Let’s Talk About IT Ep. 17 — A guide to Zero Trust, featuring CISA’s Sean Connelly
Zero trust has taken the federal government by storm.
As more and more agencies move to the cloud — and especially as they sustain mass telework during the COVID-19 pandemic and beyond — the perimeters of their networks are becoming obsolete. Unable to place confidence in a traditional firewall in this new environment, agencies have no choice but to give “zero trust” to users and devices on their network, requiring them to validate and identify themselves anytime they move across the IT architecture.
In essence, this is the idea behind zero-trust security.
Sean Connelly, program manager for Trusted Internet Connection and a senior cybersecurity architect for the Cybersecurity and Infrastructure Security Agency, is one of the most knowledgeable federal officials on the concept of zero trust and its applications across government. In a new episode of Let’s Talk About IT, Connelly distills what it means for a federal agency to enact zero trust and what that journey looks like.
“Zero-trust architecture is an end-to-end approach to enterprise security in which trust is never implicitly granted and must be continually evaluated,” he said during his interview. “When I say end-to-end, I mean in both the literal sense in terms of the client-side of the session — the application or an endpoint — to the server-side of the session, typically whether that’s in the cloud or a data center. But I also mean end-to-end in a more abstract, theoretical way — that complete architecture, infrastructure, and most importantly the mentality that can securely protect data.”
Listen to the rest of the podcast to hear about efforts across government to move closer to a zero trust model. Also, Duo Security‘s Bryan Rosensteel joins the podcast to discuss the federal government’s exigence in moving to zero trust from the outside looking in.
If you want to hear more from the top leaders in the federal IT community, subscribe to Let’s Talk About IT on iTunes, Spotify, Google Play, Sticher and SoundCloud. And if you like what you hear, please let us know in the comments on those platforms.
This episode was sponsored by Duo Security. Visit Duo’s public sector page for more on its offerings.
This podcast is part of a FedScoop special report on Zero Trust. Read the rest of the report.