Prompted by the White House executive order on cybersecurity, Federal agencies are accelerating their adoption of zero trust architectures. And according to Gerald Caron, chief information officer (CIO) and assistant inspector general (IG) for information technology at the Department of Health and Human Services (HHS), these models must include automation.
During a virtual event hosted by FCW on March 16, Caron explained that zero trust security models require continuous real-time risk analysis of what is occurring in and around a network.
“Utilizing automation not only prevents human error, but it allows for more effective and efficient monitoring of a network. By implementing automation into our models, we improve our detection and response times to cyber threats and incidents,” Caron said.
The HHS CIO explained that in a zero trust environment, users, devices and applications are assigned a profile utilizing tactics like digital identity, device health verification, and application validation. They are then granted restricted access based on their profile. Implementing automation then provides agencies with the means “to perform these actions programmatically and at scale,” he said.
“Whenever possible it is desirable to automate remediation steps because it reduces the time it takes for an analyst to address the threat and move onto the next incident,” Caron said.
Caron also explained that Federal agencies should be concerned with measuring the effectiveness of their zero trust architectures, rather than their compliance status with zero trust directives.
“As a Federal government, we are very compliance focused, but what we need is to be concerned with measuring the effectiveness of zero trust,” he said.
