With the swiftly approaching 2024 deadline for Federal IT and security teams to implement zero trust architectures, agencies must enhance their cybersecurity efforts to combat growing risks within user access and authorization to organization assets. At Federal News Network’s recent event, Zero Trust Cyber Exchange, industry and government experts shared insights on implementing zero trust, and topics like “How Zero Trust Extends Defense in Depth,” “Why to Start with a Data Inventory” and “Identity as Critical Infrastructure.” Sessions also examined some agencies progress with their zero trust transition and take-aways from the process.
In 2021, The Cybersecurity and Infrastructure Security Agency (CISA) outlined five foundational pillars of the Zero Trust Maturity Model: Data, Applications Workload, Network/Environment, Device and Identity. However, there is a “sixth pillar” equally as important as the others—the workspace. With a collaborative environment, the workspace is the intersection of data and the user that also promotes positive cybersecurity reinforcement. Public sector organizations should consider the workspace environment while developing strategies and planning to move toward zero trust implementation.
Collaborative Environments are Key
In modern cybersecurity, one cannot assume their content is secure simply because their network is secure. A full zero trust framework should go beyond protecting the network and devices and provide security to workspaces, content and data. These workspaces constantly change as users are added or removed, and content often evolves into different drafts and uploaded by various people with different file names. This can lead to mishaps like unreliable tagging, which disrupts the system from automatically categorizing sensitive information from non-sensitive data.
Additionally, controlling access to workspaces is inherently important to prevent risks such as overprivileged users and increased negative exposure. By adding the “sixth pillar” to an organization’s zero trust planning through appropriate strategies, the risks that come from an unsecured workspace can be avoided. These include having delegated administration with the right-size permissions, sensitivity labels, catalog workspaces, policy enforcement, actionable insights and secure external sharing.
Understanding Data to Create Efficient Workspaces
When working in these collaborative spaces, the idea is simple. Agencies should regard an entire workspace with a high level of security for every piece of content or data, and only make exceptions for information that is less sensitive to be shared amongst a broader audience. At the beginning of the process of designing zero trust with the “sixth pillar” in mind, organizations should consider the expected level of sensitivity of the information within this workspace. Once determined, administrators can automatically set adequate security parameters and user privileges for each individual workspace that is created.
Customers in the Department of Defense (DoD) need a reliable way to lock down specific data without having to lock down an entire department workspace. If someone tries adding a foreign user to a workspace with data from the International Traffic in Arms Regulations (ITAR), they are immediately incompliant. That workspace, particularly, can be given specific policies to avoid unwanted user access without having to prohibit all users’ access to the sensitive data. This provides a truly collaborative workspace environment while also remaining fully secure.
Easing the Implementation Burden on IT and Security Teams
One of the most significant challenges when implementing any new cybersecurity strategy is finding a balance so as not to put extra strain on organizations’ IT and security teams. Often, requests for changes can increase and overburden staff because their resources and budgets do not grow exponentially with these requests. To save IT teams time, programmatically securing data from users becomes an important first step so they can focus on those exceptions instead of the automatic rules set from the start. Another way to avoid overloading security staff is by delegating the proper administration credentials so the correct users are authorized to share within the centralized environments. Considering the “sixth pillar” allows those administrators to recognize specific sensitivities and department landscapes and create workspaces accordingly, ultimately processing it through the lens of zero trust.
Why the “Sixth Pillar” Works
When approaching the topic, the best way to capture organizations’ attention is to discuss how the “sixth pillar” can enable department administrators to manage their own content and data. Instead of admins having to manually run script, the secure workspace approach allows them to set immediate policies and automatically deploy them, saving time and headaches for the entire organization. On any level, public sector organizations can define their sensitive data and utilize the “sixth pillar” by implementing workspaces without overworking IT and security teams, leading to an enhanced zero trust framework for overall improved security.
Visit the AvePoint resources page to learn more about how AvePoint can support your organization’s zero trust mission using the above strategies and procedures.