Federal and industry cybersecurity experts said last week that transitioning to zero trust security architectures requires a “cultural shift” within organizations that are pursuing that goal.
During a July 30 panel discussion hosted by Federal News Network, experts said that transitioning to zero trust security requires numerous shifts in thinking on data and identity management, operational usability, data governance strategy, and data-centric security.
They emphasized that the move to zero trust security involves rethinking traditional approaches to security and collaborative approaches.
“Zero trust is absolutely a cultural shift, and that part of it is meaningful because irrespective of all the talent – technical and otherwise – that you have in your teams, it’s requiring folks to kind of think a little differently than what they’re used to,” said Greg Carl, principal technologist of Pure Storage. “This is hard, it’s complex, it’s comprehensive, and it’s a game changing architecture.”
Panelists said that the cultural shift requires collaborative approaches between agencies and industries in sharing expertise and strategies. Collaboration also is required with data governance strategies which can assist with identifying and managing identities, devices, and their interactions with protected data.
“Collaboration is key,” said Paul Kurtz, the chief cybersecurity officer and field chief technology officer at Splunk. “It’s important to understand, for agencies, to put data to work, understand where your data is, and bring it together so you can have maximum visibility.”
Other zero trust data governance strategies discussed include involving a wider range of expertise within an industry or agency.
“It’s going to take stakeholders, it’s going to take data owners, it’s going to take the [chief technology officer] CTO to kind of come together as stakeholders and establish that data governance strategy that can inform how you how you secure the data within the zero trust journey,” said La Monte Yarborough, the chief information security officer of the Department of Health and Human Services (DHHS).
Looking to the future of zero trust, panelists said that they are focusing on efficiency and simplicity through seamless integration of zero trust models, data sharing which can lead to better AI and data-driven systems, and battling data balkanization.