Cloud services are helping to pave the way for a zero trust security environment at the Defense Intelligence Agency (DIA), the organization’s deputy CIO said on July 22.
“Make no assumptions,” said Doug Cossa, deputy CIO at DIA. “We have to validate every user that is on the network.”
“The cloud services that we’ve leveraged have really helped us in that area,” said Cossa, speaking at an online event July 22 hosted by Defense One.
One of the keys for zero trust is “understanding access control and how we are going to manage those identities in the cloud environment,” said Renata Spinks, Cyber Technology Officer in the United States Marine Corps Cyberspace Command, at a May event.
For the DIA, zero trust is put in service for the organization’s mission of analysis. “Analysis and collection is the heart of what we do,” Cossa said. “Analysis really is what we provide the policymakers.”
And while technology can provide more security mechanisms, it can also hinder an organization if issues are not adequately thought through. “We have to obviously eliminate bias,” Cossa said. “Part of the issues with automation is that it can automate the status-quo.”