Sean Berg, president of global governments and critical infrastructure at Forcepoint, said agencies looking to implement zero trust architectures should tailor their security strategy to individual users and understand users’ behavior.
Berg wrote that implementing security policies that consider all users as equally risky could impede the ability of employees to work.
“Agencies should evaluate users on an individual basis by taking the time to understand what employees do and how they do it — what’s normal behavior and what’s not. Then they can assess the risk of an individual based on that context,” he noted.
He called on agencies to look at how employees interact with the identity, credential and access management system and data using analytics and cited how behavior-monitoring tools could help organizations identify potential insider threats.
Berg discussed the vulnerability of threat-based cybersecurity to zero day attacks and how zero trust could help agencies counter emerging cyber threats.
“A zero trust architecture assumes everything is potentially risky to ensure that agencies can deal with emerging threats and continue to evolve their cybersecurity strategies,” he noted.