How to Establish a Shared Baseline of Early Zero Trust Maturity
Posted by: Matt Keller
Published Feb 2, 2022
Last week, the OMB released a Memorandum, titled “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles” which requires agencies to meet the Federal Zero Trust Architecture (ZTA) strategy standards by 2024.
It is encouraging to see the Federal Government provide guidance on cybersecurity as opposed to leaving it up to agencies to make their own decisions. Zero Trust isn’t a new concept and many agencies have been doing what I’d call “zero trust lite”. However, transitioning to a true zero trust architecture will not be a quick or easy task for an enterprise as complex and technologically diverse as the Federal Government. The strategy set forth in this memorandum is designed to reduce uncertainty and outline a common path toward implementing EO 14028, by updating and strengthening information security norms throughout the Federal enterprise.
GuidePoint Security is committed to supporting our customers’ Zero Trust journey and just launched our Zero Trust Workshops to support this effort.
The focus of this offering is to work with individual teams within an organization to map current capabilities to meet the required Zero Trust mandates put forth by the White House. GuidePoint will work with agencies to identify gaps, design solutions, and build a Zero Trust roadmap that meets their requirements.
We break our workshops down into the main pillars of Zero Trust by focusing on the following:
- User
- Asset
- Network
- Application
- Data
It’s important to remember that Zero Trust is not a singular product or technology — it is a security model. Shifting to a Zero Trust model is not about ripping out and replacing the infrastructure. It requires an architectural mindset to assess what an agency currently has, determine how those pieces might fit together like a puzzle, and then automate processes to ultimately grant access per the situational awareness of the security posture of the entire enterprise. Getting to a Zero Trust state is more of an incremental journey to modernizing the IT and security environment where agencies can identify high-value assets and data within the network and ultimately protect this information beyond traditional cybersecurity methods — regardless of where users, apps and data reside.
Our team is here to help make sense of the complicated requirements and thus look forward to supporting your journey. For more insights around these requirements, please join us for a virtual panel discussion with other cybersecurity experts.
Matt Keller
VP Federal Services,
GuidePoint Security
Matt Keller is responsible for providing world-class information security solutions to government customers across the globe. In addition, Mr. Keller also is responsible for architecting, designing, and engineering solutions to combat advanced cyber security threats to include networks, systems, and investigation challenges.
Prior to joining GuidePoint, Mr. Keller worked for a Government Systems Integrator where he led a team of security engineers to design and develop next-generation threat protection and defenses. Prior to that, Matt was a Principal Cyber Forensics Analyst for the Department of Defense, where he worked both Law Enforcement and Cyber Intrusion cases for the Department of Defense.
Matt has extensive experience in architecting and engineering government private cloud solutions and currently advises government customers on Attack Driven Defenses for network protection. He began his career in Information Technology and Security in 2006 and has a Master’s Degree in Information Security from Eastern Michigan University and multiple forensic certifications from both private and DoD institutions.