The Biden Administration’s new Executive Order on Federal Cybersecurity underscores a growing understanding of cyber vulnerabilities and IT’s vital role in every Federal program and mission. The EO outlines a number of actions, including a significant directive for the Department of Homeland Security to develop a federal cloud security strategy that moves the federal government closer to a true centralized enterprise model based on the principles of zero trust.
We had Cloud First, and then Cloud Smart. The new Executive Order moves us into the era of Cloud Secure.
Under the new EO, CISA will develop a federal cloud service governance framework; CISA and FedRAMP will together establish a framework to coordinate and collaborate on cybersecurity and incident response activity related to cloud services.
And, the new EO includes steps to ensure new levels of software supply chain security -- requirements Zscaler already meets -- that collectively will reduce risks to federal programs, infrastructure, and national security.
We are encouraged to see the focus on developing cloud security strategies, technical reference architectures, cloud governance security frameworks. Additionally, we strongly agree that zero trust is a critical and urgent need for effective cybersecurity in the face of evolving threats.
It is also critical that we embrace the important cloud security frameworks that FedRAMP and CISA have built, including the Trusted Internet Connection (TIC) 3.0 guidance, as they will shepherd us into the new Cloud Secure era.
Zscaler’s Zero Trust Exchange is a powerful tool for agencies as they move forward with their zero trust plans, supporting efforts to work-from-anywhere and access data from anywhere, whether in a sanctioned or unsanctioned environment by securely connecting users, devices, and applications. Core components currently supporting more than 100 federal agencies and federal integration partners include:
- Zscaler Private Access (ZPA™) which has achieved FedRAMP-High JAB Authorization
- Zscaler Internet Access (ZIA™) which has achieved FedRAMP “In Process” status at the High Impact level, sponsored by a U.S. Department of Defense (DoD) Command and prioritized for Joint Authorization Board (JAB) authorization currently (authorized at the Moderate Impact Level)
Zscaler’s Zero Trust Exchange enables dynamic, context-based access controls to secure cloud transformation and change how agencies defend against modern attacks. Unlike legacy network security approaches that expose applications and open the door for lateral movement, Zscaler:
- Connects users and devices to apps, not networks, to eliminate lateral threat movement.
- Makes applications and users invisible to the internet, thus reducing the attack surface.
- Uses a proxy architecture, not a passthrough firewall, enabling full content inspection and security, including encrypted traffic.
We are also encouraged to see the call for improved endpoint detection and response. You can’t manage what you can’t see, and this step is a critical foundation to enabling improved threat information sharing. Zscaler partners with Crowdstrike, a leader in cloud-delivered endpoint protection. CrowdStrike’s AI-powered Threat Graph integrates with Zscaler’s cloud security platform to provide customers with real-time threat detection and automated policy enforcement.
Over the past ten years, private industry has spent billions of dollars securing the cloud. And, we’ve seen CISA and FedRAMP take advantage of industry partners and knowledge. The public sector can build on this foundation (rather than re-creating the wheel on programs like TIC 3.0, CMMC, etc.) -- it’s great to see the focus on collaboration.
Federal digital transformation dramatically accelerated through the pandemic, and we now have an urgent need to accelerate cybersecurity modernization, including industry best practices like Zero Trust Security. The goals set forth in the EO are ambitious, but we can meet them with strong public/private collaboration and coordination across government as we enter this new Cloud Secure era.
We applaud the Administration for launching this all-of-America effort.
Join us for our webinar “Strategies for Creating Your Agency’s Zero Trust Playbook” on Wednesday, May 19th to learn actionable steps that you can take to advance your organization’s Zero Trust strategy and deployment.
We’ll also be sharing several frameworks to help achieve the targets of the executive order at Zscaler’s upcoming virtual Zenith Live event - register for free today.