Henry Fleischmann, director of government, education and healthcare solutions architecture at VMware (NYSE: VMW), said agencies seeking to protect critical assets from cyberattacks should adopt an end-to-end security framework that includes a zero trust approach.
Fleischmann wrote that with zero trust, organizations should assume that a breach within their information technology systems has already occurred and should have resilient applications, data and capabilities that can function in such conditions.
“Zero trust is a mindset within an agency rather than something it buys or builds. It is an operating model that requires agencies to understand context and what normal activities are so they can react holistically,” he said.
He noted that agencies should integrate security into application development, platforms, operations and all other IT components.
Agencies should come up with a security approach that covers remote workers’ personal devices and other endpoints at the network edge while ensuring that cyber measures do not impact personnel’s productivity, according to Fleischmann.
“A zero trust foundation for security has the agility to secure all those different environments, and it doesn’t depend on deploying a particular technology. Instead, it depends on adopting a holistic strategy that gives agencies the flexibility to respond to current and future threats.”