The Zero Trust mandate will transform cybersecurity globally, says Jonathan Wright, Head of Products and Operations, at the managed services provider GCX.
In May 2021, President Biden issued an Executive Order on cybersecurity in response to a surge in cyberattacks on federal agencies and critical infrastructure. This Executive Order mandating Zero Trust architecture within the US government marks a pivotal moment in global cybersecurity. With a September 2024 deadline fast approaching, this order goes far beyond American borders, impacting global organisations with ties to the US market. This isn’t just a domestic policy shift, it’s a fundamental shift in the way the whole supply chain ‘do’ security with federal agencies.
The Zero Trust mandate aims to safeguard sensitive information and systems from both malicious actors and insider threats, protecting state secrets and national security, for example. Currently, every MAC address, IP address, device, user, and application fuels the growth of an attack surface. This means organisations now need to consider new security elements including end-point protection, inline-network protection, cloud-based application protection, user and device protection and identity, as well as visibility.
However, implementing tangible operations are proving to be a significant challenge. While IT leaders are championing the case, those responsible for building and maintaining these systems are grappling with difficult issues and progress has been slower than anticipated.
Transatlantic compliance
The Zero Trust mandate’s impact creates a pressing need for transatlantic compliance, especially for UK-based organisations with significant US ties. This stems from the frequent exchange of sensitive data across international borders. UK businesses must accelerate their adoption of Zero Trust principles to ensure seamless collaboration with US partners and maintain access to American markets. This shift goes beyond regulatory compliance; it’s fundamental to protect data at every point of its journey, regardless of its physical location.
Zero Trust architecture also provides a platform to implement security policies at a more granular level, meaning greater visibility, improved telemetry, with consistent security inspection from endpoint user/device to application/service. By doing this, organisations such as federal agencies can secure their IT assets and access through a single ZT framework whilst having the visibility to vital data that reflects the security and network, across the business that is essential to ward off cyber-attacks.
Global preparedness
The mandate calls for a worldwide united front on cybersecurity, one that transcends national borders. Business operations that extend across several countries and continents come with unique challenges from differing compliance standards and data residency requirements to communication barriers and cultural gaps.
As threats evolve, interconnected infrastructure creates a shared vulnerability that no single nation can address in isolation. This demands international collaboration and requires a concerted effort from governments, private sectors and local cybersecurity experts. By fostering partnerships for threat intelligence sharing, standardising security practices and developing joint response mechanisms, it’s possible to create a more robust defence against cyber threats. This not only enhances the security of individual nations but strengthens global resilience, ensuring that as threats adapt, defences evolve.
The ‘Zero Trust shepherd’
Managed Service Providers (MSPs) are uniquely positioned to guide organisations to uphold the requirements of the Zero Trust mandate. Their expertise can help organisations navigate complexities, fortify cyber defences and achieve compliance with the mandate’s requirements. Their unique position stems from a combination of technical expertise, industry experience and an understanding of evolving cybersecurity threats.
MSPs can also guide on how to navigate Zero Trust implementation for each organisation’s specific needs, from strategy to deployment and management. In addition to this, MSPs can offer innovative resources that might be out of reach for many organisations and by leveraging these services, businesses can ensure robust cyber defences without burdening their internal IT team and allow them to focus their time on core competencies.
Businesses can no longer afford to overlook centralised and unified security architectures. As the September 2024 deadline approaches, organisations must prioritise Zero Trust, viewing it not as a burden but as a unique opportunity to improve and fortify their cybersecurity practices. If done properly, this can not only simplify IT operations but make for a more robust, cost-effective security policy that businesses can rely on to future-proof their network management for years to come.
