James Yeager, vice president of public sector and health care at CrowdStrike, said there are four misconceptions about zero trust that federal agencies need to address and one of them is the view that legacy security technologies can safeguard today’s critical systems and data.
“As data and users are spread everywhere, some of the legacy security solutions agencies have been relying on for decades or more will not be as effective going forward,” Yeager wrote in a commentary published Tuesday on Federal News Network.
He noted that agencies need a “major paradigm shift” in how they approach cybersecurity since they can no longer rely on perimeter-based defenses to ensure the security of networks and systems as they move to the cloud.
Yeager said agencies should dispel misconceptions that they can buy zero trust and that the security framework can be implemented without workforce training and assembled using a piecemeal approach.
To implement zero trust, he referred to a suggestion by Mark Gamis, head of federal civilian cyber business at Booz Allen Hamilton, that agencies should have a strategy in place and a sense of urgency and accountability.
Yeager also called on agencies to make zero trust a high-priority program.
“Agency leaders must realize this will be a multi-year endeavor, and as a result they must set milestones and hold people accountable. Plus, zero trust architecture, capabilities and principles must be tested within a test environment or lab before putting the concept into production,” he wrote.