President Biden’s recent executive directive, mandating “all federal agencies and executive departments [to] transition to a zero trust architecture to bolster defenses against … cyber threats,” demands swift action from your agency. Zero Trust Architecture Mandate.

As the landscape of remote work and cloud-based assets continues to evolve, traditional IT security strategies like VPNs and firewalls are proving less effective and increasingly perilous. These strategies, relying on perimeter defense, are becoming inefficient for organizations confronting diverse cyber threats.

With remote work at its pinnacle and assets predominantly in the cloud, the demand for secure remote access to applications, data, and services has surged. Conventional security measures may no longer suffice in thwarting increasingly sophisticated cyber attacks.

The paradigm shift in government cybersecurity is evident; perimeter defense is no longer adequate. The surge in hybrid working environments among government employees and inter-agency collaborations introduces new cybersecurity challenges and risks.

The escalating frequency, cost, and impact of cyberthreat actions necessitate a robust cybersecurity posture. Cybercriminals, now targeting smaller agencies, underscore the urgency for enhanced network security and more effective remote access solutions than legacy VPNs. Enter zero trust architecture.

For government agencies embarking on the zero trust journey, unwinding legacy security processes poses challenges but promises substantial benefits. To initiate this transformation, agencies should consider the following steps:

Engage your IT team in a conversation about zero trust architecture:

  • Acquire a foundational understanding of zero trust and its cybersecurity best practices. Explore the zero trust framework and engage in a dialogue with your IT team to kickstart the implementation process.

Recognize the importance of zero trust architecture—right now:

  • Acknowledge the urgency of adopting zero trust architecture. Prevalent threats like targeted malware, ransomware, phishing attempts, and data breaches affect both the private and public sectors. Recent legislative actions and executive orders underscore the imperative nature of enhancing cybersecurity measures.

Develop a checklist of questions to map your zero trust architecture:

  • Create a comprehensive plan by addressing essential questions related to who accesses the network, what information is needed, when and where access occurs. Collaborate with your IT team to create an effective zero trust architecture plan tailored to your organization’s requirements.

Educate your organization about the importance of data security:

Emphasize the significance of data security, particularly in the context of multifactor authentication (MFA), a crucial component of zero trust architecture. Mitigate “security fatigue” among employees by ensuring a clear understanding of data security policies and the rationale behind them.

Consider moving to a Zero Trust tool like Salesforce.  Salesforce CRM is one of foremost cloud services today, delivered with a comprehensive security and compliance approach, and via platform which incorporates a number of Zero Trust best practices.

On the Salesforce corporation side, Zero Trust helps us all become better protected against advanced persistent threats, nation-state actors, or other attacks, so that we are all more resilient. And as a product to customers, you should have comfort knowing that your data is better protected. The benefits that Zero Trust brings to our organization are the same benefits it brings to our customers. 

Salesforce also has introduced Salesforce Shield.  Salesforce Shield allows you to encrypt your Salesforce data with AES 256-bit encryption at the field-level, as well as manage your own encryption keys. Key takeaways of platform encryption include: AES 256-bit: The highest level of encryption available within Salesforce.

Zero Trust Architecture Mandate

  • In the evolving threat landscape, zero trust architecture emerges as the foundation for building trust in the public sector. The escalating sophistication of attacks necessitates continuous innovation, and a defense-in-depth approach involving technology, processes, and people is crucial. Salesforce, aligning with this commitment, mandates the use of MFA for all customers, a testament to the effectiveness of such tools in fortifying login security and safeguarding against security threats.

Executive order May 12, 2021

Content updated November 2023.

Related Posts
Salesforce Government Cloud: Ensuring Compliance and Security
Salesforce Government Cloud

Salesforce Government Cloud public sector solutions offer dedicated instances known as Government Cloud Plus and Government Cloud Plus - Defense. Read more

Why Your Company Isn’t Like a Baseball Team
public sector and tribal governent

Recently, Chris shared an excellent post about the new World Series Champion Houston Astros. In short, it was a reminder Read more

What is the Salesforce AppExchange?
Salesforce AppExchange

The Salesforce AppExchange is a robust enterprise cloud marketplace, adept at swiftly addressing unique business challenges for organizations of any Read more

Best CPQ for Salesforce
Salesforce CPQ

The complexity of CPQ (configure, price, quote) arises from its deep integration into the overall Go-to-Market workflow, with initiation from Read more