Following mandates, Federal law enforcement agencies have begun taking steps to adopt a zero trust architecture. However, according to some IT officials from these agencies, challenges continue to arise as they continue to implement their zero trust architecture model.
William Kirkendale, the chief information officer in IT for the Office of the Director at the Court Services and Offender Supervision Agency for the District of Columbia, explained that implementing a zero trust architecture is overwhelming especially when faced with an agency culture hesitant to change.
“The guidance is there for zero trust, there are pillars that hold up the strategy, but it remains a bit overwhelming. Especially when looking for resources that will help us change the ways that we access our networks securely,” Kirkendale said during his keynote address at a virtual event hosted by ATARC on April 5.
Ensuring that an agency has the appropriate resources in line is crucial to successfully implementing a zero trust architecture, he added. However, ensure it does require buy-in from the workforce at large, not just the IT team.
“Zero trust is a team sport and we are bound to get apprehensive individuals on the team. But open communication that explains the benefits to every individual is essential to overcoming that apprehension,” Kirkendale said.
Rob Thorne, the chief information security officer for the United States Immigration and Customs Enforcement, echoed Kirkendale’s comments adding that effective user experience is critical to improving agency operations and when implementing zero trust architecture agencies need to remember this.
“I think the challenge for us is how do we get that same user experience going forward for these individuals without letting security get in the way. I think zero trust is going to enable that, but I think we’ve got to be wary of that,” Thorne said.
In addition, Thorne also emphasized that Federal agencies do not all hold the same mission business processes and therefore a zero trust implementation strategy depends on an agency environment.
Additionally, Vincent Sritapan, chief for the Quality Services Management Office at the Cybersecurity and Infrastructure Security Agency, emphasized mobiles offer a great opportunity for Federal agencies to begin implementing zero trust models.
“Mobile is a great opportunity for beginning a zero trust implementation because the steps you need to take are very clear cut and dry sort of deployment,” Sritapan said. Mobile devices, he added, represent a different attack vector and due to their already identity-based networks bring agencies closer to a zero trust architecture.
However, Sritapan also emphasizes that “while there are technological devices that could help agencies reach a zero trust architecture, not all will. Zero trust is a journey, and a process, and agencies need to remember that.”