Data as an Asset in the Age of Zero Trust

Data as an Asset in the Age of Zero Trust

The federal government’s bid to make Zero Trust the de facto standard for protecting public-sector IT assets is gaining momentum. It’s a complex undertaking with major implications for data assets. Against that backdrop, a panel of government cybersecurity leaders gathered recently to discuss “Data as an Asset in the Age of Zero Trust.”

The event, part of AFCEA Bethesda’s webinar series, explored the alignment of Zero Trust principles and federal agencies’ data initiatives, including support of AI research and development, as well as the government’s response to COVID-19. Joining the conversation were:

• Rob Brown, Chief Technology Officer (CTO) of the United States Citizenship and Immigration Services (USCIS)
• Carole House, Director for Cybersecurity and Secure Digital Innovation of the White House National Security Council (NSC)
• Kshemendra Paul, Chief Development Officer (CDO) of the Department of Veterans AffairsThe discussion was moderated by Kim Sawyer, Chief Operating Officer (COO) of Argonne National Labs, who started the conversation by asking panelists to share top-level thoughts about the challenge of implementing Zero Trust. Brown expounded on the importance of understanding how technology and tools can fill some of the resource gaps agencies may have. The biggest hurdle to clear when implementing a Zero Trust approach is simply getting started and building a strong foundation on which to advance.

House talked about executive orders issued by the White House that have energized Zero Trust initiatives, including the importance of encrypting data. Information on Zero Trust architectures should be shared throughout an agency, she said. Paul highlighted the need to ensure that metadata is well-defined and managed, including across legacy systems. The CDO emphasized the importance of collaboration within an organization to further the goals of Zero Trust.

Moving the conversation to the Biden Administration’s mandate that federal agencies adopt Zero Trust cybersecurity, Sawyer asked about speakers’ plans for meeting what some observers might say is an unfunded mandate. House commended the administration for its strong support of agencies pursuing Zero Trust. She encouraged her colleagues across government to seek out and leverage all available resources. The burden of implementation should not fall solely on those public-sector organizations that deal with data, she said.

The rollout of Zero Trust should be informed by basic realities, including the unlimited demand for technology and universal agreement on the importance of Zero Trust architecture, Paul said. He urged listeners to take an iterative approach to implementation and to be students of Zero Trust, an approach that continues to evolve.

Indeed, there is no single tool that will grant Zero Trust status, Brown said, but there is room for flexibility — and the need for a common lexicon. In addition to the technology, successfully making the shift from perimeter security to Zero Trust will require educating staff about data in a Zero Trust architecture. Getting there will require a team effort, he said.

The panel concluded by discussing the roles of artificial intelligence (AI) and machine learning (ML) in a Zero Trust world. Despite all the buzz about AI and ML, Paul noted that they are but tools in a much larger toolkit. And as with any tool, they are only as effective as the person or organization using them. Brown observed that automation will play a major role in the shift towards Zero Trust architecture, and using AI and ML is a great way to get there.

Join AFCEA Bethesda on June 9, 8:00 a.m. to 9:30 a.m. for the final webinar of the program year: “Data Management Defined: Everything Your Agency Needs to Know but Were Afraid to Ask.” Government decision makers will discuss data management, including the best practices, policies, and solutions that are helping agencies optimize data as a strategic asset.