The time when Federal IT leaders can prioritize cybersecurity more than user experience (UX) is over, according to State Department Chief Information Officer (CIO) Kelly Fletcher.
Fletcher said today that both improving UX and increasing cybersecurity at Federal agencies is critical, and that adopting a zero trust posture is the best tactic for accomplishing that goal in tandem.
“I used to imagine that cybersecurity versus user experience, it was like a trade that we could make,” she said during the Zscaler Public Sector Summit in Washington, D.C., today. “I don’t think that’s true anymore.”
The CIO said that a current priority for her at the State Department is network modernization. Driving that priority is the fact that some embassies with low bandwidth in foreign countries have set up their own “secret” networks, which is a major security concern for Fletcher and her team.
“We’ve all been there. Every CIO knows that these exist, and they are a big security risk,” because the department’s security teams don’t have visibility into these private networks, Fletcher said.
“It is driving exactly the behavior we want to stop,” she said. “As we modernize our network to get to a more zero trust posture, we’re going to see improved user experience – there’s going to be less clicking and waiting – and increased security as we hoover all these random things into our enterprise network that is more performative.”
Jay Chaudhry, CEO at Zscaler, said that “zero trust architecture, combined with AI/ML technologies, can help us secure our nation. We just need to move towards embracing it.”
Luis Coronado, the State Department’s CIO for the Bureau of Consular Affairs, said he is leveraging Zscaler services to pilot application modernization and moving to the cloud.
“We have a lot of old applications that are still client installs and legacy applications that we’re looking to pilot and test out a way to ensure that when we go and modernize these applications and move things into cloud environments, that we’re able to still securely access those environments,” Coronado said.
“We are also actually looking at trying to figure out how can we also regionalize the ability for us to get to secure FedRAMP-enabled cloud as well, and this pilot will also test that capability out,” he said. “I think it’ll be huge, for not just for us within State Department, but this also has some possible use cases for B2B because we have a lot of interagency partners.”
Coronado said his priority is to not only ensure these applications are available, but for his employees to be able to leverage them during a crisis.
Fletcher added a more overarching goal for her as CIO of the State Department: to respond and recover from cyber incidents quickly.
“It would be irresponsible to say as a CIO that we will never have a cyber incident,” she said. “What I want to do is know what’s happening really fast and respond and recover, but I want us to be in the very best posture to see it respond and recover.”
Department of Homeland Security (DHS) CIO Eric Hysen, who joined Chaudhry on the panel following the State Department officials, said that zero trust is the only option for DHS because it is such a “large and complex agency.”
“We were put together after 9/11 from a combination of dozens of different offices and agencies, many with legacy systems, legacy networks,” Hysen said. “And while we maintain a strong centralized infrastructure, the complexity of our overall environment means that zero trust makes so much sense for us as a way to operate when we’ve got systems dating back to legacy customs.”
