Drew Schnabel, vice president of federal at Zscaler, wrote in an opinion piece published Tuesday on GCN that agencies within the Department of Defense looking to secure their distributed information technology environments and support telework arrangements should consider five attributes and one is having a zero attack surface.
Schnabel said creating a zero attack surface could help agencies protect sensitive data from ransomware and malware threats and VPN attacks.
“With strong identity and access management, zero trust facilitates a dark network or ‘inside-out’ connectivity. This means that applications are invisible to unauthorized users. Only authorized users are given access to authorized applications,” he wrote.
Schnabel said defense agencies should connect users to applications as they adopt the zero trust approach and come up with a multitenant cloud architecture, which he said “eliminates the need for security stacks, allowing users to share resources efficiently, while securely scaling to meet increasing demand.”
He also called on agencies to implement a cloud-based proxy architecture to screen all encrypted traffic for data exposure and other cyber threats and adopt an identity-based security perimeter through the secure-access service edge model.
“Rather than focusing security perimeters around applications, SASE flips the security model to secure the user and data. It allows agencies to move security functions to the location of the users and applications to the cloud,” Schnabel added.