The OMB’s new federal Zero Trust strategy (M-22-09: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles) hits on two core pillars that will help make Zero Trust a national cybersecurity reality, both of which were glaringly missing from last year’s initial EO: a firm deadline and a check stapled to the upper left hand corner.
As organizations across industries increasingly look to Zero Trust to bolster resilience, it’s essential to keep in mind that Zero Trust is not an overnight transformation – it’s a journey. Although the 2024 deadline may seem far away, with how much goes into building a resilient and cyber-conscious agency and supply chain, it’s imperative that organizations – particularly agencies in the public sector – get started on embracing key Zero Trust pillars (least privilege, visibility everywhere, segmentation, building an accurate and up to date asset inventory etc.) today.
There are incremental steps agencies can take to bolster their Zero Trust security posture right now (i.e., implementing multi-factor authentication, gaining visibility into your network communications, isolating large swaths of your environment from each other, etc.). As we develop and revise perfect plans, attackers will continue attacking our networks. While it’s important to work toward an exceptional Zero Trust strategy in the long run, it’s even more critical to make incremental progress today.