Governance & Risk Management , Video , Zero Trust

Zero Trust Adoption in Government: Challenges and Strategies

Manuel Acosta of Gartner on Strategically Applying the 7 Pillars of Zero Trust
Manuel Acosta, senior director and security analyst, Gartner

As the concept of zero trust gains traction, government agencies are recognizing that the seven pillars of zero trust, as outlined by U.S. federal agencies such as CISA and the Department of Defense, should be strategically applied across various elements, including data, network security and identity management, said Manuel Acosta, senior director and security analyst at Gartner.

See Also: Conversational Cyber Insurance: How Cybersecurity and Cyber Insurance are Interwined

But zero trust adoption is not without its hurdles. Many organizations will have to adopt new multifactor authentication and identity management tools since both are crucial components of the zero trust strategy, Acosta said.

As the zero trust journey progresses, organizations should then focus on data security, including technologies that identify, classify and tag data. This is pivotal as organizations are increasingly aware that comprehensive security entails addressing gaps in identity management and data handling. Moreover, the challenge of applying zero trust principles to air-gapped systems underscores the need for risk assessment and mitigation tailored to specific technology limitations.

"There's a lot of recognition that zero trust is easier said than done. It's a journey that encompasses a number of technologies, not just what the federal government knows as pillars - whether CISA has published or DOD, the seven pillars are there," he said. "Organizations now within the government spaces have recognized that those pillars are best to be used from a strategic perspective."

In this video interview with Information Security Media Group at Black Hat USA 2023, Acosta also discussed:

  • The convergence of cloud and application security;
  • Technologies federal agencies are adopting to continue on their zero trust journey;
  • The integration of zero trust principles into air-gapped systems.

Acosta has extensive experience leading organizations to build their information security programs. His expertise lies in developing, assessing and managing information security program components to include strategic planning, governance program development, policy development and management, and risk management program implementation.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.