Nat Bongiovanni, chief technology officer of NTT Data’s federal services group, suggests that agencies should focus on three basic zero trust architecture capabilities in 2023 to align with the U.S. government’s cybersecurity goals.
In a blog post published Thursday, Bongiovanni listed authentication, monitoring and authorization as the primary measures every government organization should prioritize when implementing zero trust to comply with the Executive Order on Improving the Nation’s Cybersecurity.
He said organizations can start small by enhancing authentication of people and devices involved in significant decision-making, highly sensitive information and elevated permissions as strong verification can work to reduce the security threat surface.
To update monitoring approaches, government entities can transition first to cloud storage, e-mail and any other non-opaque IT environments that allow tracking of lateral movement, data loss prevention and suspicious behavior, the U.S. Navy veteran noted.
Bongiovanni added that authorization is the most difficult aspect of zero trust, but government institutions can start with labeling sensitive information in e-mail and cloud storage. They can then use their refined authentication and monitoring tools to ensure protection of the restricted data.