Mike Rosa and Alicia Rosenbaum of Salesforce (NYSE: CRM) said government agencies seeking to protect users and data in the cloud should adopt a zero trust framework.
Under the zero trust model, an individual “seeking information is authenticated every step of the way, data is isolated and protected, and administrators have the ability to audit who’s been where and done what,” Rosa and Rosenbaum wrote.
“A zero trust approach never assumes that an organization is safe and sound within its own ‘secure’ corporate network; rather, it places control around the data assets themselves,” they added.
They noted that zero trust involves the use of multifactor authentication and ways to encrypt sensitive data at rest or in transit.
Rosenbaum and Rosa said agencies should continuously monitor threats and improve cybersecurity and foster partnerships with industry as they implement zero trust.
“A zero trust approach to security is necessary so that agencies can confidently use cloud technology and so that they can provide assurance and data security for constituents sharing sensitive information with the government,” they noted. “For this to happen, agencies and their industry partners must move from ‘trust but verify’ to ‘trust but verify and validate.'”
Rosa is vice president of public sector security at Salesforce. Alicia Rosenbaum is a VP and associate general counsel at the company.