How Ivanti is Helping the Federal Government Make Zero Trust a Reality
As you may have heard, Ivanti was selected by the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to participate as a collaborator in its Implementing a Zero Trust Architecture project. Many of the high-level details can be found in our press release, so, rather than reiterate in this blog, I’ll be taking a closer look at what a zero trust framework entails, why this project came to fruition, and why NIST NCCoE chose Ivanti to participate.
What is zero trust?
Zero trust flips traditional “trust but verify” security strategies on its head. It’s not a technology or something you’d buy. Rather, it’s a framework that assumes bad actors are already and always on your network—hence no inherited trust. The intent is to ensure consistent validation of applications, users, and transactions, thereby moving organizations toward a comprehensive IT security model that spans the entire enterprise.
With zero trust, all users, devices (desktop, mobile, server, non-person entities ([NPEs] and IoT), applications, and networks are authenticated, authorized, and continuously validated according to granular, policy-based controls before being granted access to corporate resources. This micro-segmentation and continuous verification of posture and compliance reduces an organization’s attack surface and, ultimately, the likelihood of data breaches.
For an easy analogy, think of a museum. Some museums only station security at their front entrance, and once a visitor passes this checkpoint, they’re free to move about the premises. Most guests will comply with the rules, but there’s always the possibility a few bad actors will touch a sculpture or take a selfie despite flash photography being disallowed. This “front door only” approach is how most traditional network security operates—once you’re in, you’re in.
Conversely, a zero trust museum (if you will) places security guards at the front entrance and in every single room. There’s a checkpoint in all directions, and as visitors mill about and move from exhibit to exhibit (resource to resource), a guard is always present to verify admission and enforce compliance. Guests are never granted the benefit of the doubt, and one false or suspicious move means they’re out—no apologies or ability to move to a different area.
Makes sense, right?
What led to the “Implementing a Zero Trust Architecture” project?
While zero trust was considered an eventuality among security professionals for the past few years, the pandemic accelerated the need for widespread adoption. As workforces went remote, employees required access to corporate apps and data, often connecting via unsecured networks using a combination of organization-owned and personal devices. That, in turn, eroded the network perimeter, rendering traditional approaches to enterprise security inadequate.
Soon after, threat actors, capitalizing on these new weaknesses, ramped up sophisticated cyberattacks. The disappearing perimeter led to the exposure of exponentially more devices, and because a single exploitable vulnerability is all a bad actor needs to work their way into a network, attacks grew (and continue to grow) at an alarming rate. Put simply: The inadequacy of most enterprise security in the wake of remote and remote-first workplaces has made cyberattacks too easy—and too lucrative—for most hackers to ignore.
Recognizing the problem and seeking to leverage effective security for resources on-premises, in the cloud, and at the edge, President Biden signed an Executive Order, which states that “the Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.” As part of the recommendations for doing so, the Executive Order makes zero-trust architecture a top priority.
Ivanti was chosen as a collaborator
Ivanti’s stated mission is to make the perimeterless Everywhere Workplace possible, and we’re a leader in providing solutions that accelerate zero-trust adoption. As a chosen collaborator for the Implementing a Zero Trust Architecture project, Ivanti will lend its expertise to develop zero trust architectures that address real world cybersecurity and infrastructure challenges.
While Ivanti has a portfolio of solutions that enable zero trust, we are one of the only Unified Endpoint Management (UEM) vendors among the collaborators. UEM is a critical component of an effective zero-trust architecture because the technology enables IT administrators to gather detailed device data and automate software and OS deployments for every single device that touches their network. As remote and hybrid workplaces become the new status quo and the proliferation of user devices and operating systems grows, IT administrators can use UEM to apply security, privacy, lockdown, and sync policies to registered devices, ensuring only devices that comply with security requirements can connect to the network.
All told, we’re excited to be a part of the NIST’s NCCoE’s initiative, and we look forward to developing zero trust architectures that enable organizations to counter today’s most pressing cybersecurity threats.