HHS IT leader says agency still working to implement zero trust for all applications
The Department of Health and Human Services is still figuring out how to implement zero-trust security across its divisions’ many applications, according to the executive director for app and platform solutions.
Speaking at FedTalks presented by FedScoop on Wednesday, George Chambers said the department continues to work on making information on who’s accessing its network, using what equipment, from what location actionable across apps to enable continuous monitoring.
HHS spent the last 15 to 20 years building walls between its various infrastructures it must now dissolve, all while responding to a global pandemic. The department requires zero-trust technologies from multiple vendors to meet its needs.
“I don’t believe that any agency, especially as federated as we are at HHS, is going to create a scenario where we go, ‘Here is your standard, we’re going to choose this and everyone is going to apply,’” Chambers said.
Instead leadership must provide some standards for managing multiple technologies departmentwide. Requiring a single standard for, say, identity management would be “naive,” Chambers said.
Different missions require different platforms, so HHS is investing in low-code and no-code solutions. But that creates other complications Chambers is trying to address by simultaneously buying application programming interface and access management tools, as well as standing up multiple cloud environments.
“All of those things allow us to get the flexibility to hit the endgame but still allow vendors and everybody to operate in that ecosystem,” Chambers said. “And it’s challenging as heck.”