Putting Trust in Zero Trust

Although the concept of a Zero Trust Architecture is over ten years old, President Biden’s recent Executive Order on cybersecurity has catapulted Zero Trust into the minds of Federal Government security professionals.  Executive Order 14028 outlines a multitude of steps each agency is required to take along with a timeline to meet those requirements; making matters even more challenging is that Agencies are now faced with developing architectures that modernize their legacy environment while also being forced to address a new paradigm – securing the new hybrid Government workforce.

Although the network security perimeter within Government organizations had begun to erode as cloud applications became more pervasive, it dissolved overnight in March of 2020, as the COVID-19 pandemic resulted in personnel having to work remotely – most have still not returned to their office.  As federal organizations look to modernize their environment to address this new paradigm, they are investigating architectures that leverage cloud-based security services.  Gartner refers to this as Secure Access Service Edge (SASE), often built on zero-trust principles to ensure secure connectivity for both in-office and remote employees. A SASE cloud service provides direct, secure access to needed applications, allows for consistent policy enforcement with simplified management, enables agencies to adopt a zero-trust security posture, and affords users with a transparent experience regardless of location. While implementing a SASE architecture will provide agencies with significant benefits, flexibility in deployment models is critical for longer-term success, as many organizations will likely migrate their architecture over a multi-year period. According to Gartner, “To protect anywhere, anytime access to digital capabilities, security must become software-defined and cloud-delivered, forcing changes in security architecture and vendor selection. SASE is a pragmatic and compelling model that can be partially or fully implemented today.”

As Agencies begin or continue their Zero Trust journey, it’s imperative that they have:

  • An overall strategy & resource plan
  • An understanding of what capabilities are available today
  • Expertise to fill skill gaps
  • Funding to execute on the strategy

One place to gather some of this insight is at ATARC, a non-profit organization bringing industry and government together to help solve important technology challenges. The ATARC Zero Trust Lab showcases technical architectures enabling Zero Trust and brings together both government and industry to collaborate on critical use-cases as defined by CISA. Utilizing this evaluation environment, ATARC has created a unique space for Federal agencies to better assess the capabilities of vendors across the Zero Trust continuum. Over the past few months, “a call to action was put in place for the private and public sectors to come together since the release of the executive order as well as, the informal cybersecurity headlines in the news. This working group stepped up and gained momentum that will be a component in raising the floor of our nation’s cybersecurity,” stated Trafenia Salzman, Security Architect at U.S. Small Business Administration and Government Vice Chair of the ATARC Zero Trust Working Group.  iboss is proud to be an industry vice-chair for this working group.

As the network perimeter erodes and the legacy security boundary changes, iboss will enable Agencies to address the Zero-Trust requirements in Executive Order 14028 and adopt a model where no user, network or service is trusted, and all access is continuously verified. Each of the SASE microservices (Private Access, FWaaS, CASB, SWG, RWP, RBI, etc.) are native to the unified iboss platform and managed by a global policy engine, minimizing the ongoing operations and management required to operate the service, allowing zero-trust controls to be applied consistently across the environment for both present and future use-cases.  Working with ATARC, we’re looking forward to sharing how iboss can help Agencies as they modernize their network architecture to meet the needs of the new Government workforce.

In August 2021, iboss achieved a Federal Risk and Authorization Management Program (FedRAMP) “In Process” authorization, a precursor to becoming fully FedRAMP authorized. This designation underscores iboss’ commitment to serving federal agencies and helping them ensure secure access to all applications from any device regardless of location.

Learn more about how iboss works with Government Agencies.


Blog post authored by Craig Mueller, VP of Federal at iboss.