Security often comes as a bolted-on afterthought in developing and deploying enterprise IT systems. Convenience, easy access to data, processing speed, storage capacity, and cost-reducing virtual infrastructure tend to take precedent.
“I’ve been working in cybersecurity for 15 years and it always seems like companies are spending more and more money with worse and worse results,” said Gregg Garrett, vice president, cybersecurity. “To get ahead we need to focus our attention on data: its use, access, and security levels. Who will use the information and when will those people access it? How will it be stored?”
The Biden Administration’s May 2021 Executive Order requires government agencies to increase their data protection through efforts such as incident response management, encryption, forensic analysis, end-point detection, and cyberattack remediation. “The EO directives are incremental improvements to existing infrastructure and reactions to threats that already exist,” said Garrett. “As a next step, the United States needs to focus on changing the cybersecurity paradigm to be more proactive.”
This next-generation cybersecurity approach is a similar concept to DevSecOps: combining the critical pieces of software development with security assurance to create an integrated and secure environment, rather than fixing the security of an application after it has been built.
After data privacy, security, and resilience have been established, then companies and government agencies can design the data architecture to fit their specific cybersecurity needs.
“Rather than stay in the catch-up phase, fixing immediate problems with legacy systems, we must look beyond the current issue to a more holistic and hardened enterprise IT approach,” said Garrett.
Cyber vulnerabilities are created both by the introduction of new technologies and the advancement of existing technologies. There are tremendous benefits to technologies that are now used for digital transformation strategies, such as quantum computing, robotics, and artificial intelligence. “But since these are data-centric technologies, they create threats as well,” said Garrett.
One solution to the problem is zero trust architecture (ZTA). ZTA is based on the premise to never trust and always verify when managing identity, credentials, and data access. Access to data and resources is restricted so only those individuals with a valid need to access have the privileges needed to perform a particular mission. Additionally, implementing data segmentation or data compartmentalization, combined with micro-perimeters, prevents unauthorized access to data, resources, and services and results in detailed access control enforcement.
Peraton has developed a proprietary zero trust methodology that uses elements of ZTA to provide government agencies the necessary support to develop customized cybersecurity strategies. These roadmaps include data mapping, data isolation, silicon-based isolation, data micro-segmentation, micro-perimeters, software-defined perimeters, and dynamic identity verification and access control—all which provide enhanced cyber threat intelligence and continuous incident response services.
“There is not a single element of a technology-enabled organization that doesn’t involve cyber, whether strong cyber defenses or secure IT architecture,” said Lonnie Price, vice president, cyber and information warfare.
“Industry needs to work on shifting how people think about cybersecurity in general,” said Garrett. “To get ahead of ever-evolving cyber threats, we must fundamentally change enterprise security architecture with digital transformation programs.”