Bidens Administration Mandates Zero Trust Architecture Adoption By Federal Agencies
On the 12th of May, President Biden passed executive order No. 14028 as part of his plan to strengthen the security of networks operating within the United States. The order comes at the heels of several cyber-attacks targeting major American companies.
The order, titled “Improving the Nation’s Security,” delineates the new standards that federal agencies and the commercial products they use are required to meet. The executive order has two main areas of focus: bolstering cybersecurity standards across the federal government and calling for the creation of new, stricter cybersecurity requirements for commercial software products utilized by federal government agencies. These new guidelines require federal agencies to essentially adopt the “Zero Trust” model.
The Contents of the Order
The order stipulates that the Federal Government must increase efforts to identify and prevent threats and threat actors. It continues by stating that incremental improvements are no longer enough, significant investments must be made, and bold actions are taken to accelerate the development of infrastructure and data flow security. The goal of the order is to modernize the defenses used to protect from cyberattacks.
The order specifically requires to adopt Zero Trust Architecture as well as Multi-Factor Authentication (“MFA”). Part of the initiative being taken to meet this goal includes setting “minimum standards” in place for tests used to ensure government agencies’ software security. These agencies would need to begin implementing “Zero Trust” architecture and secure cloud services.
What Is Zero Trust?
The Zero Trust model is based on the acknowledgment that threats may come from within the network boundary as well as from external sources. Additionally, the model assumes that experiencing a security breach is either inevitable or has already occurred.
This approach removes trust in any part of the cyber-infrastructure, including services and nodes, and therefore requires continuous verification or authorization of data flows and operations. The model also applies the principle of “least privilege” access, whereby a user is only given the minimum level of access credentials that is necessary for the user to perform his or her job duties.
What Does the Order Mean for Businesses?
While the order mainly affects federal agencies, the new laws extend to the commercial software vendors who service these agencies. Their contracts may be stringently examined following the order, with particular emphasis placed on scrutinizing their responsibilities to prevent and react to security threats or incidents.
The new order requires these vendors to meet certain updated security standards and implement specific protocols in the event of a potential or actual incident. These protocols include standardized procedures on how to notify and cooperate with the federal government to manage and neutralize the threat.
In addition to regulating the response procedures for when a threat is detected, the new security guidelines include requirements for improving the general security of the government’s commercial supply chain. The regulations place a specific focus on granular security, including encryption use, testing, and when automation may be employed to preserve the source code.
Vendors will have to agree to comply with the new requirements, and federal agencies must remove any products which fail to meet the standards described in the new regulations from their supply schedules and contracts. Removal could harm a vendor’s reputation and ability to market their product in the general marketplace. Many companies may be wary of using software that isn’t secure enough to meet federal regulations. This means that companies will be eager to scrutinize the regulations and do their best to comply with them.
A Simple Solution – ZoneZero by Safe-T
For many of these companies, adopting a Zero Trust model means doing a complete overhaul of their current security infrastructure. Luckily, a more straightforward solution exists, allowing companies to implement a Zero Trust Network Access (ZTNA) solution that can be implemented together with their existing security infrastructure, including VPNs.
ZoneZero Perimeter Access Orchestration is a platform that enables ZTNA on your existing VPN infrastructure through application-layer policy monitoring and enforcement. Multi-Factor Authentication (“MFA”) and continuous identity verification integration on any application or service allows for continuous authentication, meeting the highest standards for cybersecurity.
ZoneZero is designed to cover all access scenarios, ensuring the highest level of security on all fronts:
- ZoneZero VPN brings ZTNA to any VPN with application-layer policy monitoring and enforcing, without forcing you to change your VPN or user experience.
- ZoneZero SDP provides secure and transparent remote access for any user to any internal application, service, and data
- ZoneZero MFA integrates Multi-Factor Authentication and identity awareness into all access scenarios
- ZoneZero SDA allows you to logically segment your network with Safe-T’s patented Reverse- Access technology
ZoneZero’s solution effectively ensures the security of both internal and external access and can be implemented into any system quickly and seamlessly. It is the only ZTNA solution designed to address all user and access scenarios without compromising the user experience. ZoneZero removes the need to redesign the network and access flow and allows organizations to support all access scenarios for any type of user, application, device, and location.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.
Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.
With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.
About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com
About the judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.
About Cyber Defense Magazine
With over 5 million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about CDM at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.