Bidens Administration Mandates Zero Trust Architecture Adoption By Federal Agencies
On the 12th of May, President Biden passed executive order No. 14028 as part of his plan to strengthen the security of networks operating within the United States. The order comes at the heels of several cyber-attacks targeting major American companies.
The order, titled “Improving the Nation’s Security,” delineates the new standards that federal agencies and the commercial products they use are required to meet. The executive order has two main areas of focus: bolstering cybersecurity standards across the federal government and calling for the creation of new, stricter cybersecurity requirements for commercial software products utilized by federal government agencies. These new guidelines require federal agencies to essentially adopt the “Zero Trust” model.
The Contents of the Order
The order stipulates that the Federal Government must increase efforts to identify and prevent threats and threat actors. It continues by stating that incremental improvements are no longer enough, significant investments must be made, and bold actions are taken to accelerate the development of infrastructure and data flow security. The goal of the order is to modernize the defenses used to protect from cyberattacks.
The order specifically requires to adopt Zero Trust Architecture as well as Multi-Factor Authentication (“MFA”). Part of the initiative being taken to meet this goal includes setting “minimum standards” in place for tests used to ensure government agencies’ software security. These agencies would need to begin implementing “Zero Trust” architecture and secure cloud services.
What Is Zero Trust?
The Zero Trust model is based on the acknowledgment that threats may come from within the network boundary as well as from external sources. Additionally, the model assumes that experiencing a security breach is either inevitable or has already occurred.
This approach removes trust in any part of the cyber-infrastructure, including services and nodes, and therefore requires continuous verification or authorization of data flows and operations. The model also applies the principle of “least privilege” access, whereby a user is only given the minimum level of access credentials that is necessary for the user to perform his or her job duties.
What Does the Order Mean for Businesses?
While the order mainly affects federal agencies, the new laws extend to the commercial software vendors who service these agencies. Their contracts may be stringently examined following the order, with particular emphasis placed on scrutinizing their responsibilities to prevent and react to security threats or incidents.
The new order requires these vendors to meet certain updated security standards and implement specific protocols in the event of a potential or actual incident. These protocols include standardized procedures on how to notify and cooperate with the federal government to manage and neutralize the threat.
In addition to regulating the response procedures for when a threat is detected, the new security guidelines include requirements for improving the general security of the government’s commercial supply chain. The regulations place a specific focus on granular security, including encryption use, testing, and when automation may be employed to preserve the source code.
Vendors will have to agree to comply with the new requirements, and federal agencies must remove any products which fail to meet the standards described in the new regulations from their supply schedules and contracts. Removal could harm a vendor’s reputation and ability to market their product in the general marketplace. Many companies may be wary of using software that isn’t secure enough to meet federal regulations. This means that companies will be eager to scrutinize the regulations and do their best to comply with them.
A Simple Solution – ZoneZero by Safe-T
For many of these companies, adopting a Zero Trust model means doing a complete overhaul of their current security infrastructure. Luckily, a more straightforward solution exists, allowing companies to implement a Zero Trust Network Access (ZTNA) solution that can be implemented together with their existing security infrastructure, including VPNs.
ZoneZero Perimeter Access Orchestration is a platform that enables ZTNA on your existing VPN infrastructure through application-layer policy monitoring and enforcement. Multi-Factor Authentication (“MFA”) and continuous identity verification integration on any application or service allows for continuous authentication, meeting the highest standards for cybersecurity.
ZoneZero is designed to cover all access scenarios, ensuring the highest level of security on all fronts:
- ZoneZero VPN brings ZTNA to any VPN with application-layer policy monitoring and enforcing, without forcing you to change your VPN or user experience.
- ZoneZero SDP provides secure and transparent remote access for any user to any internal application, service, and data
- ZoneZero MFA integrates Multi-Factor Authentication and identity awareness into all access scenarios
- ZoneZero SDA allows you to logically segment your network with Safe-T’s patented Reverse- Access technology
ZoneZero’s solution effectively ensures the security of both internal and external access and can be implemented into any system quickly and seamlessly. It is the only ZTNA solution designed to address all user and access scenarios without compromising the user experience. ZoneZero removes the need to redesign the network and access flow and allows organizations to support all access scenarios for any type of user, application, device, and location.