Federal agencies are modernizing cybersecurity through zero trust architecture, but siloed tools, sprawling data, and budget constraints often complicate the journey. Achieving visibility across five distinct zero trust pillars – identity, device, network, application, and data – requires an integrated approach that many legacy environments lack.
MeriTalk recently sat down with Christopher Townsend, vice president of public sector at Elastic, to discuss the importance of a unified data strategy, how to avoid replacing existing cybersecurity solutions, and how agencies can meet zero trust mandates with cost efficiency and operational agility.
MeriTalk: Each pillar of the Cybersecurity and Infrastructure Security Agency zero trust framework can operate with its own set of tools, policies, and data repositories. What are the challenges created by these disparate systems as Federal agencies advance on their zero trust journeys?
Townsend: The five pillars of zero trust are well understood, but each comes with its own tools and requirements – identity management, applications, networks, and so on. As agencies work toward zero trust, they’re grappling with the size and complexity of their organizations and existing toolsets. To get a single-pane-of-glass view into the zero trust environment, agencies need a visibility and analytics layer across all five pillars. That means enabling data sharing across the pillars and building a common architecture that supports a feedback loop for managing a zero trust environment.
MeriTalk: How can agencies develop an effective zero trust strategy that avoids the pitfalls of one-size-fits-all solutions and maximizes existing resources?
Townsend: Agencies can’t afford to rip and replace the technology they already have, and they shouldn’t have to. The key is to make existing systems interoperable, and that requires embracing open standards for data sharing, like the Open Telemetry project. When your identity, network, and application security systems can talk to each other, you’re increasing the value of your current investments while moving closer to zero trust. It’s all about building an architecture that allows legacy tools to work together effectively.
MeriTalk: Why is data unification considered a foundational step in implementing zero trust architecture?
Townsend: Implementing zero trust is an opportunity to unify your security operations and network operations environments under a common architecture. Today, agencies often index the same data into multiple tools – security information and event management platforms, log managers, application monitoring systems – which means paying for the same data over and over. With a unified strategy, you can index your data once into a standards-based platform and use it across all those systems. That consolidation not only reduces costs, but also eliminates overlapping capabilities.
MeriTalk: What data platform functionalities are mission critical for zero trust?
Townsend: Federal agencies are highly siloed, partly by design and partly by the way their data has grown. Many have data in multiple clouds – AWS, Azure, Google – and in on-premises environments. Moving all that data to one cloud isn’t practical or cost-effective. Instead, you need to operationalize the data where it resides. Elastic’s data mesh architecture allows agencies to deploy small Elastic clusters directly where the data lives and search it centrally. This avoids the cost and inefficiency of data replication and movement. The Continuous Diagnostics and Mitigation (CDM) program at DHS is a great example – it uses Elastic to manage hundreds of agencies’ data centrally without duplicating it or paying ingress and egress fees.
MeriTalk: How does Elastic’s platform help agencies to progress along the stages of CISA’s Zero Trust Maturity Model with agility and cost efficiency?
Townsend: First, we provide a standards-based, open source platform that integrates with existing tools, so agencies get more value from past investments. Second, our data mesh architecture allows agencies to operationalize their data across hybrid environments without needing to replicate it. Third, our approach to storage is efficient. We license based on the memory required to index and search data, rather than data volume. That’s a huge cost advantage. Agencies can also immediately place data into frozen tier storage, which is reserved for data that is rarely accessed. We pre-index the data – essentially, that’s a table of contents for the data, so you can quickly search it, even though it’s in frozen storage. Also, our logsdb solution for logs compression can reduce log storage costs by up to 65 percent. All of this supports agility and cost control as agencies move through the zero trust maturity stages.
MeriTalk: Can you share an agency zero trust success story with us – and how it went beyond compliance to future-proof the agency’s security posture?
Townsend: The General Services Administration (GSA) is a great example. Dave Shive, GSA’s CIO, spoke at the Billington Cybersecurity Summit last year and shared how GSA met zero trust requirements using Elastic. They kept their cyber budget flat by consolidating tools and indexing data once, improved their overall security posture, and enhanced the end user experience by eliminating redundant logins. That’s rare – you usually don’t see improvements in usability, security, and cost all at once. Another example is a large Department of Defense enterprise customer that standardized on Elastic for both enterprise and tactical security environments. It was the first time this customer had a single threat-hunting platform across its operations. We’ve even estimated that we could save a group of 10 major agencies a couple hundred million dollars per year just through smarter data strategies. That’s the power of rethinking how we use data.