Felipe Fernandez
Felipe Fernandez

What to Expect: Zero Trust Security for Federal Agencies

Nearly eighteen months after President Biden issued his sweeping Executive Order on Improving the Nation’s Cybersecurity (cyber EO), federal agencies adopting zero trust architectures (ZTA) still face significant challenges. Agencies are not a monolith, they are individual organizations that need to comply with the cyber EO while addressing their unique security risks and communicating with one another. Based on its mission, every agency starts at a different place and may stop at a different point along its journey to a fully mature, real-time zero trust model.

ZTA is a cybersecurity approach rooted in the idea that users and devices need to be constantly verified when accessing networks or IT systems. Agencies must build holistic zero trust architectures that respond to threats and risks across people, processes, and technologies. Simultaneously, they need to contend with their operational realities, including fixed budgets and limited availability of skilled staff.

As agencies mature in their implementation, they need tightly integrated solutions that enable them to address security concerns across the various zero trust pillars.

Moving Beyond the Jargon: Next Steps for Zero Trust and Compliance

To implement zero trust and comply with the cyber EO, agencies need to understand how a vendor’s capabilities support a zero trust strategy. This means moving beyond the marketing buzzwords and terminology so that they can take the appropriate next steps.

Creating an Identity and Access Strategy

A robust identity strategy or architecture should be the starting point for implementation. Consider it a fundamental pillar of zero trust.

From a processes and technology standpoint, agencies need to establish and enforce robust controls that include:

  • Limiting user access to resources as precisely as possible
  • Setting role-based access controls
  • Incorporating attribute-based access controls
  • Using multi-factor authentication (MFA)

Converging Networking and Security

Most agencies have hybrid environments that incorporate on-premises and cloud-native resources. To implement ZTA, agencies need ubiquitous solutions that can combine security and networking without reducing workforce productivity.

Zero Trust Network Access (ZTNA) solutions build security directly into their networking capabilities. While ZTA ensures that all users and devices appropriately authenticate to the networks, ZTNA applies these controls at the application level. By placing applications behind a proxy point, ZTNA creates a secure, encrypted tunnel for connectivity without compromising network performance.

Addressing the People Side

At the people level, agencies must educate their workforce of public servants about zero trust. Sometimes, agency workforce members feel that “zero trust” comes with an Orwellian overtone. Many were hired into positions of trust, especially those with security clearances, leading them to consciously or unconsciously push back against these access controls.

Explaining zero trust in language that workforce members understand enables an agency to establish a culture of security. People know that they must have bags screened in the lobby or use badges for the elevator, and zero trust is the digital equivalent.

Further, an integrated ZTA strategy addresses skills gaps. Solutions enable staff by augmenting their current capabilities. For example, an integrated Internet of Things (IoT) endpoint and device protection solution enables visibility into, control over, and advanced protection of networks while reducing manual processes that overwhelm IT teams.

Taking it a Step Further: The Future of Zero Trust Security for Federal Agencies

Tightly integrated solutions that work together cohesively enable Federal agencies to implement holistic ZTA strategies.

Find Partners with Experience

Federal systems and networks face unique threats. With a sophisticated threat landscape, expanding attack surface, increased regulatory oversight, and growing cybersecurity skills gap, agencies need partners who understand specific areas that impact them, such as:

  • Attacks from nation-state actors
  • Protecting mission and agency data
  • Ensuring security in a work from home environment
  • Maintaining and upskilling a cybersecurity skilled labor force
  • Secure cloud migration
  • Supply chain security

Secure Access Service Edge (SASE)

To converge security and networking as part of a zero trust strategy, Federal agencies can leverage SASE solutions that integrate cloud-delivered SD-WAN connectivity with security service edge (SSE).

They should adopt solutions that incorporate these key capabilities:

  • Secure web gateway (SWG)
  • Universal zero trust network access (ZTNA)
  • Next-generation dual mode cloud access security broker (CASB)
  • Firewall-as-a-Service (FWaaS)

Segment Networks

Federal agencies house data across varying degrees of sensitivity that require diverse levels of access. Segmenting these networks is fundamental to ZTA but also creates challenges around visibility and centralized control. Using intelligent intent-based segmentation enables agencies to adopt the dynamic and granular access controls that enable a robust zero trust strategy at the network layer.

Leverage Real-Time Threat Intelligence

Threat actors, specifically nation-state adversaries, use increasingly sophisticated technology to deploy attacks. Combined with their ability to exploit zero-day vulnerabilities, automation, artificial intelligence (AI), and machine learning (ML) tools enable them to create attacks that traditional security solutions often fail to detect, and once detected are not easy to triage and mitigate. Federal agencies need security solutions that integrate AI and ML capabilities into their tools. With a coordinated and layered approach, agencies can utilize these solutions to discover zero-day attacks in real time and minimize false positives that overwhelm cybersecurity staff and reduce their productivity.

Use Advanced Endpoint Security Tools

To meet ZTA’s device pillar, agencies need an endpoint security tool with capabilities that protect all endpoints, including laptops and mobile devices. They need solutions that provide information, visibility, and control to these devices while enabling secure, remote connectivity.

An advanced endpoint security tool offers:

  • Device status reports that include applications running and firmware versions
  • Secure connectivity either over VPN or preferably ZTNA tunnels
  • Automatically isolate suspicious files
  • Enforce application control, connected-media control, URL filtering, and firmware upgrade policies
  • Apply CASB controls when users access cloud-based applications
  • Provide malware protection and application firewall service

Fortinet Federal: Expertise and Technologies Focused on Zero Trust and US Government Agencies

Fortinet Federal enables civilian and national security organizations with an experienced professional team that works with agencies to secure federal networks, users, and data. As a wholly owned subsidiary dedicated to US Government agencies, Fortinet Federal is committed to helping agencies meet public sector priorities, standards, and evolving cybersecurity mandates like they cyber EO.

Based in the US, we provide a flexible security platform with an end-to-end, integrated architecture across multiple domains, classified systems, and cloud-based resources without compromising network performance or workforce productivity. With our scalable government IT solution, agencies can simplify their security core architecture to a single platform that enhances visibility and enables them to adapt to future needs without taking a “rip and replace” approach.

Delivering a holistic, industry validated solution, Fortinet Federal streamlines cyber EO compliance and security transformation for United States Government Agencies.

Learn more about how Fortinet Federal, Trusted Cybersecurity for Government, helps agencies protect U.S. government data and critical infrastructure against advanced nation-state threats.


Expanding the Role of Women in Cybersecurity

The role of women in business has evolved significantly since Congress declared March as Women’s History Month in 1987. Today, women are increasingly visible and recognized for the contributions they make to all industries, including cybersecurity, but despite this progress they are only 24% of the cyber workforce.

IT infrastructure overlayed on top of server room

Collaboration and Simplified Tools are Keys to Modernizing Federal Legacy Systems

Federal agencies face an immense challenge in updating aging IT and OT infrastructures that are susceptible to vulnerabilities and unable to deploy the newest and most effective cybersecurity strategies.

Trusted Cybersecurity for Government. Everywhere You Need It.

Enable Trusted Network Security

Start the Journey to Zero Trust with Zero Trust Network Access

Secure Cloud Computing with Agile Agency Operations

Advance Agency Threat Detection and Response

Observe and Protect Enterprise Users, Data and Devices

Modernize Networks for Security, Simplicity and Scalability