Michael Hylton, senior director of government sales at OPSWAT, said agencies seeking to protect information technology systems and government data from cyberthreats should extend their zero trust strategy to every file and “assume that it’s malicious until proven otherwise.”
He wrote about how OPSWAT applies its content disarm and reconstruction platform or deep data sanitation to protect personally identifiable information and other sensitive data.
Hylton discussed the concepts of zero trust and software-defined perimeter and how the two approaches could provide agencies the granularity they need to customize security protocols.
He said agencies should consider zero trust as a mindset and that the National Institute of Standards and Technology’s Special Publication 800-207 on zero trust calls on agencies to take a holistic approach when it comes to authenticating users and devices and applying that mindset to agency workflows, services and assets.
“Ultimately, IT administrators need to be able to say they know the user and trust his or her device enough to allow access to a resource such as email or a database that’s behind a firewall or in the cloud,” Hylton wrote.