Ep. 281 How Zero Trust Automation Helps Federal Agencies do More with Less

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

As this interview was recorded, the federal government was in the middle of a shutdown. Hundreds of pundits have given interviews about the politics of the situation; very few have looked at the impact on cybersecurity during a phase of workforce reduction.

Today, we sat down with Gary Barlet, the Public Sector CTO at Illumio, to see whether Zero Trust can help the federal government bridge this short personnel gap.

Barlet begins by giving an overview of Zero Trust and automation. Rather than having human beings vet entry into federal systems, the concept is to use an automated process that reviews credentials and decides on permission.

Barlet emphasizes the importance of Zero Trust in automating security tasks and maintaining operational resilience, especially with reduced staff.

He continues to mention several other benefits of Zero Trust in a federal environment.

Compliance: A well-thought-out Zero Trust architecture will enable managers to collect data to demonstrate policy enforcement.

Legacy: One can effectively take existing systems and "ring fence" them off. This approach creates hundreds and hundreds of rings of defense.

Design: During the interview, Gary recommends that you have a handle on the real traffic to reduce complexity. That way, when policies change, the rules can adapt to the environment.

Maturity Level: Although CISA has a maturity level for Zero Trust. Barlet distills down some of the requirements for which efforts can be applied to sensitive systems. He suggests focusing on security, not necessarily on a grade.

Additionally, he addresses the challenges of managing complex, hybrid environments and the emergence of shadow AI models, stressing the need for robust policies and controls.