Date : 6th April 2023
The US Department of Defense (DoD) is ramping up its cybersecurity efforts with the implementation of a Zero Trust strategy across its networks. The move comes in response to the increasing threat of cyber attacks, with the DoD acknowledging that its networks have already been infiltrated by malicious actors. The Zero Trust approach entails the verification of every identity that seeks access to the DoD's systems, rather than relying on a “trusted” perimeter-based network.
The DoD's Zero Trust plan consists of seven pillars and aligns to four high-level goals. Each agency within the DoD must implement baseline capabilities across these seven pillars to achieve compliance with the department-wide Zero Trust framework by fiscal year 2027. Advanced Zero Trust capabilities must be implemented by certain organizations based on system and information sensitivity.
Identity security is a key focus of the DoD's Zero Trust strategy, as it represents a critical component of the agency's overall cybersecurity efforts. Adaptive multifactor authentication (MFA) and strong passwords are used to secure identities, and every user – employee, partner or contractor – is authenticated upon login. Intelligent privilege controls enforce least privilege consistently for both human and machine identities across any device, while continuous monitoring and analysis of sessions help to quickly detect and respond to threats.
Devices are a gateway to highly sensitive government resources and prime targets for cyber attacks. Identity security controls authorize user devices at each access request and automatically detect security issues, blocking credential theft before it can cause damage. Meanwhile, the traditional perimeter is dead, making flat networks even more dangerous. Creating credential boundaries makes it harder for attackers to get to their ultimate target, and session web management strengthens these boundaries and creates extra layers of security.
Applications and workloads also require protection in a Zero Trust environment, as machine identities now outnumber human identities 45:1. All calls from machine identities seeking access to network resources must be protected, with credentials managed and automatically retrieved, and access securely granted to applications and bots with the same robust identity security controls used for human identities.
Finally, advancements in artificial intelligence (AI) have made it possible for security teams to better visualize, understand, and detect their identity-centric risk profile. Automation and orchestration are also key components of the Zero Trust approach, as the vast number of human and machine identities across government networks today represent a greatly expanded attack surface that adds pressure to mounting compliance requirements.
Reference Links : https://www.cyberark.com/resources/blog/how-identity-security-addresses-key-dod-zero-trust-requirements
