The Commerce Department’s International Trade Administration (ITA) component is well on its way to implementing the second phase of the agency’s migration to zero trust security architectures, ITA’s top technology official said.
Gerald Caron, chief information officer at ITA, discussed some of the agency’s progress on the first phase of its zero trust security work, and what’s involved with moving to the second phase, during ATARC’S Federal Zero Trust Summit 2024 hosted By ATARC on March. 13.
“Phase two is what we’re in right now,” he said. “And that’s where we said, ‘okay, this is great,’ but the reality is I have all these pillars, and I have to integrate [them] with my existing investments [and] I need new solutions to fill the gaps in order to do zero trust.”
“So that’s what we did with phase two, which is to show us an integrated solution,” Caron said.
As part of the second phase of the zero trust work, Caron talked about several successful demonstrations of key use cases in a live laboratory environment.
“We’ve had about six demonstrations,” he explained. “We give every team three hours each. They can use that three hours however they want, but they have to show us … the use cases actively in a real live working lab. We pre-screen them before they’re allowed to go forward and do the demonstration to make sure that they understand the requirements in the use cases.”
Some of ITA’s lessons learned that can be implemented across other Federal agencies include examining the different pillars of zero trust implementation equally rather than focusing on a single pillar more than others.
“There’s no one correct way to do this,” Caron said. “But the ultimate result is make sure you understand the principles of zero trust at the end of the day … a lot of people overlook some of the other pillars, [but] all the pillars have to work equally, they’re all equally important,” he said.
Caron also teased ITA’s path to pursuing the third phase of the zero trust implementation effort, which will include creating a series of tracks with different technology being utilized.
“We are going to have a phase three,” the CIO said. “Phase three is going to be where we’re going to break it back down … We’re doing the big integrated labs now and working through those use cases, but we’re going to break it down to a few what we’re calling tracks,” said Caron.
“We’re going to have a multi-cloud track and an AI machine learning track,” he said. “So we’re going to take those tracks, build the use cases around them, and eventually demonstrate them as well.”