Dependable and sophisticated security controls have always been a top priority for federal agencies. The federal government bears a huge responsibility in safeguarding the vast amount of information and data they control from today’s innovative cybercriminals. When faced with challenges like the modern cloud-based IT climate, a new telework normal and recent high-visibility supply chain cyberbreaches, federal agencies have their work cut out for them to keep that information safe and secure. For these agencies, adopting a zero-trust security model can help them stay two steps ahead of foreign and domestic threats.

How zero trust takes federal cybersecurity to the next level

As agencies complete their cloud migration mandates while continuing to operate in a predominantly telework environment, the traditional network perimeters are becoming more and more obsolete.

Historically, network security was based on intercepting threats from outside the network with a strong firewall perimeter, essentially stopping data thieves at the front door. However, using the firewall as the primary security tool gives virtually free reign to anyone inside the network. Instead of thinking of the perimeter as a singular type of access control around the “edge” of the network, federal agencies should think of the perimeter as any place where they make an access control decision.

Every network, connection and access point should be considered untrustworthy until properly verified. This means workstations, servers, users and devices accessing your critical assets need to be part of your zero-trust implementation. This extends beyond compute devices to include building control systems, card readers, printers, phones, and all the devices associated with the Internet of Things that are becoming more and more ubiquitous.

Utilizing micro-segmentation, the zero-trust model assumes that no person or thing can be trusted on the outside or inside of the network. There is still a traditional perimeter environment, but the interior also becomes gated, with access to files and applications authenticated at every step. Permission to clear the perimeter is achieved with multifactor authentication to validate the individual’s identity. Once inside the network, access is restricted based on the person’s role, allowing for consistent policy-based controls across all layers of the infrastructure.

These layers of security create an impenetrable security posture that stops threats at all potential points both inside and outside the network. The perimeter now includes each and every point on the network, allowing for an infinite defense system to combat an infinite attack surface.

What exactly is micro-segmentation, and how does it help you achieve zero trust?

Micro-segmentation essentially means putting security controls at every part of the network. This enables federal agencies to assume a more proactive security stance and limit the vulnerabilities associated with traditional, perimeter-focused security controls. This granular-level access point protection makes it so that if a hacker does penetrate the exterior of a network, it is harder for them to move around laterally within the network and extend the depth of an individual breach.

By inserting identity-based controls every step of the way, federal agencies can take a closer look at three important questions to make sure their microsegmented enforcements line up with those policies:

  • Who is on their network?
  • What are their roles?
  • What can they access?

Unlike network segmentation, which uses hardware to segment the north-south traffic of a physical network, micro-segmentation is software-based and segments east-west traffic of a virtual network. With the traditional perimeter dissolving, micro-segmentation helps you create boundaries within this traffic to enable better security controls.

By providing greater control over lateral communication—the traffic that occurs between servers and bypasses perimeter-focused security tools—micro-segmentation allows IT teams to set custom security settings with policies. And because micro-segmentation software is not chained to hardware, both deployment and movement of devices and workloads are simplified. Policies can move with an application if the network is reconfigured, even if it moves across domains.

Raise your security game today with a trusted federal security partner

As a leading technology solutions provider helping federal agencies modernize their IT for the past 25 years, Sirius Federal has tremendous experience implementing Cisco’s security suite of tools designed specifically for public sector entities. Whether you are just thinking about increasing your security posture or are ready to fully implement zero trust across your network, our dedicated team of security engineers can help.

About the Author: Eric Stuhl
Eric Stuhl is the Director of Security and Enterprise for Sirius Federal

Related Blog Posts

See All Blogs

How Zero-Trust Authentication Impacts Your Agency’s Modernization Plans

There was a time when all it took to keep your agency protected against data breaches and cybersecurity threats was a robust perimeter that stood between everything in your enterprise and everything outside. Threats had to break through security controls…

Network Security in a Remote World

Five Tips to Help Federal Technology Teams Keep Their Networks Secure with a Remote Workforce With the Office of Management and Budget’s (OMB) mandate for federal agencies to implement policies and procedures to slow the spread of the COVID-19 virus,…

Protecting Federal Agencies from Phishing and Ransomware Attacks

As we spend an increasingly large percentage of our time online, we’ve become aware of the malicious tactics used to trick us into downloading malware or betraying our credentials. However, when we’re not paying attention, serious trouble can take us…

Using the CDM Program to Keep Up with Compliance in the Digital Age

As the Homeland Security Department’s Continuous Diagnostics and Mitigation program enters its seventh year, its positive impact on federal agencies' cybersecurity is clear. Since implementation, Homeland Security has been able to field and navigate over 35,000 security incidents, and fiscal…

4 Security Lessons Federal IT Pros Can Teach the Private Sector

Whether in the private or federal space, there's one thing all IT security teams must deal with: making the most of limited resources to protect sensitive information. And while budgets are slow to increase, threats develop fast. Anyone with an…

NextGov: Security Doesn’t Have to Be a Sticking Point in Cloud Migration

Despite the innovations and efficiencies that come with cloud migration, only about 20 percent of federal agencies have migrated their applications and data to the cloud. Why such a low adoption rate? One reason is the challenge of securing data.…

Fifth Domain: How Agencies Can Protect Legacy IT As They Modernize

Cybersecurity threats grow more sophisticated every year. And while the federal government has pushed forward with efforts to modernize IT, some legacy systems pose unique challenges. Often, these systems remain static even as the landscape around them continues to change.…

What You Need to Know about Data Privacy

Data privacy is the crossroads of confidentiality and integrity. When data is shared, either voluntarily or involuntarily, there’s an expectation that the collected information will be kept confidential. In general, data privacy is really about identity—social security numbers, credit card…

Cyberattacks and the DHS Directive – It’s Time for your Agency to Improve Your Authentication Protocols

By now CIOs across the federal government have seen Emergency Directive 19-1 issued by the Department of Homeland Security, which was issued in response to cyberattacks on DNS infrastructure for several executive branch agency domains. In these attacks, outsiders compromised…

NextGov: The Boldest Predictions for Federal Technology in 2019

Everyone is talking about artificial intelligence right now—it’s the buzz of the industry. But not many people fully understand what AI and machine learning can do. Jason Parry, our VP of Client Solutions, shares his prediction on the impact artificial…

Covering Your Blind Spots

Visibility and security are paramount to a network because you can’t have one without the other. As technology develops, and our reliance on internet connectivity grows, new road blocks appear that make visibility harder to achieve. How can CSOs adapt…

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Sirius Federal's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

NextGov: How to Integrate TIC Security with the Federal Cloud-First Mandate

When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

Best Practices for Thwarting Insider Threats

Testing the excerpt override field.

Dark Reading: 3 Tips to Keep Cybersecurity Front & Center

In today’s environment, a focus on cybersecurity isn’t a luxury. It’s a necessity, and making sure that focus is achieved starts with the company’s culture. For IT departments — especially in large organizations — daily operations are complex, multifaceted, and…

IoT & The Intelligent Edge: Defending Outside The Firewall

The Internet of Things, though still evolving, has pushed its way into the workplace. The result? CSOs are working overtime to keep up. What’s the protocol for these connected devices, and how do they fit into the existing security infrastructure?…

GCN: The Hidden Challenges of Federal IT Modernization

In the next three years, an estimated $3 billion worth of federal IT equipment will reach end-of-life status, according to former U.S. Federal CIO Tony Scott. It’s an intimidating number, and one that indicates just how far-reaching the need is…