Scott Smith, Managing Director of Sila Solutions Group, visits Federal Tech Talk to discuss aspects of Identity Governance and Administration as well as Privileged Access Management.
Cybersecurity has changed. Today, we see porous networks and Virtual Private Networks (VPNs) securely connecting to compromised networks. If the malicious actors are inside the firewall, then how can administrators control their activity.?
Back in 2010, the concept of Zero Trust was introduced as a potential answer. As with most initiatives, the devil is in the details. Most of the proposed solutions involve granting access to specific individuals, apps, and data. Implementation will have to include a deep understanding of identity.
During the interview, Scott Smith talks about four basic concepts to allow federal information technology professionals to apply the concept of Zero Trust to federal systems. He outlines his thoughts on controlling users, apps, data, and the network itself.
One aspect Scott highlighted was the dynamic nature of the identification policy. For example, a person may transfer agencies and have to be reassigned rights and privileges. If that person leaves the government, access must be stopped. What happens when a federal leader travels? Should an identification system grant this person access only from one geographic location?
When it comes to the data on the system itself, some estimates are that 80% of data generated today is unstructured. If the malicious code can be resident, who should have access to that data, and when?
Scott ends the discussion with observations on how analytics can assist in applying Zero Trust the dynamic federal IT environment.