Zero Trust architecture and government

Jonathan Wright at GCX explores what the US government’s mandate on Zero Trust means for global cyber-security 

 

In May 2021, President Biden released an Executive Order on improving the US nation’s cyber-security to help identify and respond to persistent and increasingly sophisticated cyber-threats. The order mandates Zero Trust architecture within the US government and uses the $70 billion IT purchasing power of the government to impel the market to build security into all software from the ground up.

 

The impending September 2024 deadline signals a shift in cyber-security practices that transcends US borders. The mandate’s reach extends far beyond domestic policy, reshaping the security landscape for global organisations with links to the US. It heralds a change in how the entire supply chain approaches security when engaging with federal agencies, ushering in a new wave of digital vigilance and resilience.

 

Due to the increase in malicious cyber-attacks, the mandate also highlights that organisations must consider new security elements including end-point protection, inline-network protection, cloud-based application protection, user and device protection and identity, as well as visibility.

 

Implementing tangible operations is proving to be a significant challenge, however, here are some ways organisations can transform their cyber-security practices.

 

Enhancing transatlantic cooperation  

Zero Trust flips the script on network security. It assumes no implicit trust is granted either inside or outside the network and verifies every access request, allowing for more granular controls. This provides a clear policy set across an entire network, from users, their devices through to applications, enabling consistent security checks and ultimately, better defence against cyber-attacks.

 

For UK businesses, especially those with US partners, the mandate is pushing them to comply with stricter transatlantic data security standards. In today’s interconnected world, frequent data exchange is crucial for businesses. However, without robust protection, data breaches can be devastating, leading to financial losses, reputational damage and regulatory fines for all involved. By adopting Zero Trust, UK companies can collaborate, access US markets and safeguard data across their entire digital supply chain.

Assessing global preparedness

However, not only those businesses in the UK with US ties will be affected by this mandate – it truly requires a global security framework. Business operations that extend across several countries and continents come with unique challenges from data residency requirements to communication barriers and different compliance standards.

 

Interconnected infrastructure creates a shared vulnerability that no single nation can address alone. This demands international collaboration and requires a concerted effort from private sectors, governments and local cyber-security experts. By standardising global security practices and developing joint responses, it’s possible to create a more robust defence against evolving cyber-threats. 

 

MSPs role in Zero Trust

Managed Service Providers (MSPs) are well-positioned to guide organisations in upholding the requirements of the Zero Trust mandate. Their expertise can help navigate and solve problems, fortify cyber-defences and uphold compliance with the mandate’s requirements. MSPs can guide businesses through Zero Trust implementation, from strategy to management, offering expertise and resources often beyond their reach. Ultimately, this frees up internal IT teams to focus on core strengths while building robust cyber-security strategies. 

 

With the September 2024 Zero Trust deadline approaching, organisations face a juncture in their cyber-security journey. Rather than viewing it as a regulatory burden, forward-thinking enterprises are recognising the long-term benefits and seizing the mandate as a catalyst for security transformation.

 

By implementing Zero Trust architecture, organisations achieve a dual advantage: streamlining IT processes while bolstering defences against ever-evolving cyber-threats. By embracing Zero Trust principles now, global businesses can future-proof their networks, creating a resilient foundation that can adapt to the complex digital landscape.

 

---

 

Jonathan Wright is Head of Products and Operations at GCX

 

Main image courtesy of iStockPhoto.com and Canan turan