The Duo Blog
Where the Federal government goes, other parts of the private sector follow. So it was good to see that in response to last May’s Executive Order 14028, the Office of Management and Budget (OMB) released a memo last Wednesday outlining a new strategy for moving the federal government toward a zero trust cybersecurity posture.
(Check out Lindsey O’Donnell-Welch’s coverage of the news in Decipher.)
What’s the Vision?
The vision being set forth by OMB is ambitious — but vital. Imagine a shift away from logging into a “network” to having security seamlessly built into the network, and multi-factor authentication and authorization continuously performed at the application level on the fly — without users typing passwords.
This will require a shift away from “perimeter-based networks” with validation done at the point of entry and exit towards intelligent, intuitive networks that are capable of assessing and addressing threats in real time.
What’s in the Strategy?
The memo requires agencies to adopt security strategies for five asset classes, including:
- Employees — governed by a single enterprise identity, and use phishing resistant multi-factor authentication solutions
- Devices — agencies maintain a complete inventory of devices, which are tracked and monitored, including use of endpoint detection and response devices
- Networks — encrypt all DNS, HTTP and email traffic, and provide isolation for federal assets. This includes the use of cloud based infrastructure
- Applications — tested internally and externally
- Data — categorized and tagged using cloud security services and enterprise logging capabilities
What’s Notable in the Memo?
The strategy places significant emphasis on what Duo Security, now part of Cisco Secure, calls “[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: