Sponsored: The Real Deal on Zero Trust
There is a lot of information available about zero trust—at times inconsistent and unreliable. Talk to different vendors and you are likely to get different answers as to exactly what zero trust is and how to adopt it within your agency.
What you need to know is this:
- It is NOT a thing you can buy, set up and leave alone.
- Your implementation path will depend on your organization’s tools and infrastructure.
- You do NOT have to replace all your legacy systems to start protecting your data right now.
Zero trust IS an ecosystem. Its use is a continuous process and there are practical ways to approach it to meet your agency’s security goals. We created a playbook to help customers wrap their arms around the concept and provide a practical approach to implementing zero trust.
The Zero Trust Playbook for Federal Agencies
How do you extract the most value from your zero- trust approach while meeting all of your growing compliance requirements? Zscaler’s philosophy is that users should be connected directly to the applications and data they need through a cloud-native proxy—without having to connect to (and expose) a network. This direct connection is based on identity, policy and dynamic risk scoring. It is much safer and far simpler to administer in comparison to traditional network segmentation.
The National Institute of Standards and Technology (NIST) guidance provides the baseline for federal zero trust recommendations and the foundation for the Zscaler pillars:
- All data sources and computing services must be considered resources.
- All communication must be secured, regardless of network location.
- Access to individual enterprise resources is granted on a per-session basis.
- Access to resources is determined by dynamic policy—including the observable state of client identity, application and the requesting asset—and may include other behavioral attributes.
- The enterprise ensures that all owned and associated devices are in the most secure state possible, and monitors assets to ensure that they remain in the most secure state possible.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
Based on the NIST guidelines and others, we developed a set of pillars to use as a five-part playbook for making the decisions that will support your agency’s goals. Get the complete playbook and start improving your agency’s defense posture today.