The Biden administration’s policy arm, the Office of Management and Budget (OMB), and lead cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA), released zero-trust guidance for federal agencies last month. The OMB gave agencies until the end of September 2024 to meet five specific zero trust security goals.
Jenkins said implementing zero trust can be a difficult process. That's because it is more of a security concept than a standalone technology. It’s incorporated in many solutions that have to work together in an integrated fashion.
“There are tools that make it easier and viable for MSPs,” he said.
Zero trust does represent a growing opportunity for MSSPs and other cybersecurity providers, Jenkins said.
“More businesses are required to implement zero-trust frameworks for compliance, and it is heavily pushed by the government,” he said.
Implementing a zero-trust framework can involve various technologies, Jenkins said. Those can include privileged access management (PAM), whitelisting and ring-fencing.
Whitelisting is a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance. Segmenting high-value digital assets with ring-fencing policies isolates them from the broader IT infrastructure, reducing their exposure to threats from both inside and outside of an organization.
Jenkins said he hopes attendees leave his session with an understanding of the “different angles of the security triangle.” Those are confidentiality, integrity and availability.