Why the DOD’s zero-trust strategy looks beyond technical needs

Defense Department officials recently released a public version of their zero-trust strategy and roadmap to hold DOD organizations accountable to meet the deadline for achieving a zero-trust architecture.

In an exclusive interview, Cisco’s Andy Stewart joins FedScoop to talk about how an effective zero-trust strategy should go beyond technical capabilities and also include organizational culture, building efficiencies across security and IT operations teams and how both processes and capabilities interact with each other.

“[The strategy] really addresses the fact that zero trust is much more holistically defined—from principles, to strategy, to capabilities, to technologies and features—and the people in the process matter just as much as the technologies,” explains Stewart, national security and government senior strategist for cybersecurity at Cisco.

“I always refer back to NIST 800-207 that says the first thing you really need to do before you start on a zero-trust journey is make sure you’ve done all those things in terms of understanding what are the critical missions and processes, defining the risk around those, and so that you develop a good policy for all of those different parts of the organization that contribute to the mission,” Stewart explains.

Stewart suggests that leaders can track two measures of success for their zero-trust implementation. The first is “better security and continuity emissions,” and the second will be a better return on investment in terms of efficiency.

You can hear the latest news and trends facing government leaders on such topics as technology, management and workforce on FedScoop and on The Daily Scoop Podcast channels on Apple Podcasts, Google Podcasts, Soundcloud, Spotify and Stitcher.

This podcast was produced by Scoop News Group for The Daily Scoop Podcast and underwritten by Cisco.