President Biden’s recent executive directive, mandating “all federal agencies and executive departments [to] transition to a zero trust architecture to bolster defenses against … cyber threats,” demands swift action from your agency. Zero Trust Architecture Mandate.

As the landscape of remote work and cloud-based assets continues to evolve, traditional IT security strategies like VPNs and firewalls are proving less effective and increasingly perilous. These strategies, relying on perimeter defense, are becoming inefficient for organizations confronting diverse cyber threats.

With remote work at its pinnacle and assets predominantly in the cloud, the demand for secure remote access to applications, data, and services has surged. Conventional security measures may no longer suffice in thwarting increasingly sophisticated cyber attacks.

The paradigm shift in government cybersecurity is evident; perimeter defense is no longer adequate. The surge in hybrid working environments among government employees and inter-agency collaborations introduces new cybersecurity challenges and risks.

The escalating frequency, cost, and impact of cyberthreat actions necessitate a robust cybersecurity posture. Cybercriminals, now targeting smaller agencies, underscore the urgency for enhanced network security and more effective remote access solutions than legacy VPNs. Enter zero trust architecture.

For government agencies embarking on the zero trust journey, unwinding legacy security processes poses challenges but promises substantial benefits. To initiate this transformation, agencies should consider the following steps:

Engage your IT team in a conversation about zero trust architecture:

  • Acquire a foundational understanding of zero trust and its cybersecurity best practices. Explore the zero trust framework and engage in a dialogue with your IT team to kickstart the implementation process.

Recognize the importance of zero trust architecture—right now:

  • Acknowledge the urgency of adopting zero trust architecture. Prevalent threats like targeted malware, ransomware, phishing attempts, and data breaches affect both the private and public sectors. Recent legislative actions and executive orders underscore the imperative nature of enhancing cybersecurity measures.

Develop a checklist of questions to map your zero trust architecture:

  • Create a comprehensive plan by addressing essential questions related to who accesses the network, what information is needed, when and where access occurs. Collaborate with your IT team to create an effective zero trust architecture plan tailored to your organization’s requirements.

Educate your organization about the importance of data security:

Emphasize the significance of data security, particularly in the context of multifactor authentication (MFA), a crucial component of zero trust architecture. Mitigate “security fatigue” among employees by ensuring a clear understanding of data security policies and the rationale behind them.

Consider moving to a Zero Trust tool like Salesforce.  Salesforce CRM is one of foremost cloud services today, delivered with a comprehensive security and compliance approach, and via platform which incorporates a number of Zero Trust best practices.

On the Salesforce corporation side, Zero Trust helps us all become better protected against advanced persistent threats, nation-state actors, or other attacks, so that we are all more resilient. And as a product to customers, you should have comfort knowing that your data is better protected. The benefits that Zero Trust brings to our organization are the same benefits it brings to our customers. 

Salesforce also has introduced Salesforce Shield.  Salesforce Shield allows you to encrypt your Salesforce data with AES 256-bit encryption at the field-level, as well as manage your own encryption keys. Key takeaways of platform encryption include: AES 256-bit: The highest level of encryption available within Salesforce.

Zero Trust Architecture Mandate

  • In the evolving threat landscape, zero trust architecture emerges as the foundation for building trust in the public sector. The escalating sophistication of attacks necessitates continuous innovation, and a defense-in-depth approach involving technology, processes, and people is crucial. Salesforce, aligning with this commitment, mandates the use of MFA for all customers, a testament to the effectiveness of such tools in fortifying login security and safeguarding against security threats.

Executive order May 12, 2021

Content updated November 2023.

Related Posts
Salesforce Jigsaw
Salesforce Jigsaw

Salesforce.com, a prominent figure in cloud computing, has finalized a deal to acquire Jigsaw, a wiki-style business contact database, for Read more

Alphabet Soup of Cloud Terminology
abc

As with any technology, the cloud brings its own alphabet soup of terms.  This insight will hopefully help you navigate Read more

We Are All Cloud Users
How Good is Our Data

My old company and several others are concerned about security, and feel more secure with being able to walk down Read more

Top Ten Reasons Why Tectonic Loves the Cloud
Cloud Managed Services

The Cloud is Good for Everyone - Why Tectonic loves the cloud  You don’t need to worry about tracking licenses. Read more