Through the adoption of modern security technologies, Federal agencies are adopting security solutions that map to a Zero Trust architecture, even if the agency isn’t yet ready to pursue a full Zero Trust model, according to new research from MeriTalk.
In an infographic produced by MeriTalk and underwritten by Okta, survey data shows that one-third of Federal agencies have an active plan to implement a Zero Trust architecture, and 93 percent have implemented at least one solution that maps to Zero Trust. Even without an explicit initiative, the ideas behind Zero Trust are key in securing today’s cyber landscape.
While some agencies might not be pursuing Zero Trust yet, the majority of Feds recognize the security benefits of taking security beyond the perimeter. The survey showed that 57 percent saw Zero Trust as beneficial in reducing the attack surface and 54 percent believe the architecture can decrease cyber incidents.
Ted Girard, VP of Public Sector, Okta explained the appeal of Zero Trust during MeriTalk’s Cyber Security Brainstorm last month, saying, “The idea before was to build a castle, put all of or assets in that castle, put a moat around it, protect it, trust anyone that’s in there, don’t trust anyone outside of that. But, if someone who is untrusted figures out how to get through the perimeter, they’ve got unfettered and horizontal access to all the goods.”
Feds are making progress on automated provisioning, with 41 percent completing the process for employees and 33 percent aiming to finish the process in the next 12 to 18 months. Agencies are also applying automated provisioning to contractors and partner agencies, with two-thirds of agencies expected to have it in place within the next 18 months.
“While passwords and smartcards (PIV/CAC) still dominate the MFA landscape at 71%, agencies are beginning to incorporate other higher assurance factors,” the infographic states, citing that 60 percent use software one-time passwords, 37 percent use security keys, and 17 percent use biometrics.
The research comes at the same time the National Institute of Standards and Technology (NIST) released a draft report on Zero Trust architectures in collaboration with the Federal CIO Council’s architecture subgroup.