5 ways federal agencies can augment a zero-trust architecture

A May 2021 executive order mandated that federal government agencies invest in both technology and personnel to centralize and streamline access to cybersecurity data, accelerate migration to secure cloud architectures, and advance toward a zero-trust architecture.

A zero-trust architecture doesn’t refer to a predefined, out-of-the-box network security solution. It’s a strategy based on an agency’s cybersecurity plan that contains a collection of zero-trust concepts. It requires multiple security solutions that cybersecurity teams need to orchestrate in their environment.

To help avoid disruption to daily operations, federal agencies can simplify their zero-trust architecture by including an enterprise platform strategy. This will help centralize and streamline cybersecurity data using multiple technologies from different manufacturers to avoid silos.

The Now Platform® is a single, cloud-based architecture platform that provides enterprise capabilities for legacy software, point security solutions, and agency workflows. It can augment a zero-trust architecture by addressing five high-level goals identified by the Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) zero trust engineering team.

1. Modernize information enterprise

According to the DOD Zero Trust Reference Architecture, IT modernization includes eliminating agency or command silos. In the past, federal agencies divided IT responsibilities and IT budgets along organizational, operational, and doctrinal boundaries. This led to the development of many capabilities in silos, multiple security philosophies, and multiple security solutions installed in the environment.

A zero-trust framework gives an agency the flexibility to choose best-of-breed technologies that best meet their zero-trust cybersecurity expectations. However, having a variety of technologies from different manufacturers on the network could introduce complexity and impede operations.

The Now Platform has a single data model and contains powerful cross-functional workflows that connect people, functions, and systems in a zero-trust environment. With extensive third-party integration capabilities, the Now Platform can connect security solutions selected by an agency, helping network administrators bridge organizational gaps, technology gaps, and process gaps.

2. Simplify security architecture

The Zero Trust Reference Architecture document claims, “A fragmented approach to information technology and cybersecurity has led to excessive technical complexity, which creates vulnerabilities...and high levels of latency.”

When connected to the Now Platform, security solutions and monitoring tools can be coordinated to work simultaneously to respond to security events. They can activate automated cross-functional workflows to notify security officers, quarantine suspect systems, update vulnerable assets, and lock suspicious accounts.

The Now Platform can correlate threat intelligence feeds collected from multiple security tools, providing agencies with an integrated, real-time view of compliance and risk across the entire agency. This could save administrators time on analysis while providing them with streamlined critical information to make informed policy decisions.

Security Incident Response, a SOAR security solution on the Now Platform, is a key component of a zero-trust architecture. It can be configured to consume data from point security solutions or from a security information and event manager (SIEM) solution, such as Splunk, so that incidents can be automatically prioritized.

3. Produce consistent policy

To achieve and maintain a zero-trust architecture, administrators must be consistent when applying policies. If policies are not clearly defined, documented, or enforced by agency security applications and secure workflows, the agency could be at greater risk of a security breach.

“Waivers and exceptions to written policies, based on short-term operational needs, have led to inconsistently managed, reconfigured, and/or disabled security systems, thereby making them porous and ineffective,” the DOD Zero Trust Reference Architecture reports.

To maintain a healthy zero-trust architecture, cybersecurity administrators define security policies so they can control hardware and software configurations on the production network. Policies are also defined for onboarding new capabilities, new or updated software packages, new or updated services, new IT hardware, new cloud providers, and new personnel roles.

The Now Platform can be leveraged to support an agency’s IT acquisition policies. Powerful onboarding workflows can provide governance to an agency’s acquisition processes, helping to ensure a security and risk evaluation is performed prior to a technology purchase or an installation.

ITIL change management capabilities on the platform can help administrators prioritize configuration change requests. Subsequently, change request workflows will help ensure each request is properly analyzed and approved before it’s implemented into the production environment.

4. Optimize data management operations

The DOD Zero Trust Reference Architecture states, “While data standards and policy exist, they are disparate and inconsistently implemented.” As a result, challenges exist between applications, organizations, and external partners. Many agencies are not able to “fully leverage the benefits of cloud computing, data analytics, machine learning, and artificial intelligence.”

Cybersecurity administrators can centralize and streamline access to cybersecurity data by integrating agency security tools and solutions into the Now Platform. Platform integration provides a central repository for agency security tools to exchange data or to share relevant information. It also gives analysts quick access to all the information they need to make informed policy decisions.

When cybersecurity data is centralized and streamlined, machine learning frameworks available on the Now Platform will be able to analyze enormous amounts of data in seconds, providing analysts the information they need to produce relevant knowledge articles. Furthermore, text analysis processes that are powered by artificial intelligence (AI) will help security administrators identify major incidents while providing suggestions for mitigating problems.

5. Provide dynamic credentialing and authorization

Identity, credential, and access management (ICAM) is designed to create a secure and trusted environment in which users can access authorized resources. ICAM allows the agency to see who is on the network at any given time.

The Now Platform can help administrators support their ICAM security solutions by providing a self-service portal with predefined “access request” workflows with approval capabilities that document each request. This creates an audit trail with detailed information about the request, such as why an employee needs to access a resource and for how long access is required.

When access is approved, workflows can notify resource owners or trigger additional processes external to the platform. The Service Catalog can also provide prepackaged onboarding requests that trigger automated workflows to request a Common Access Card (CAC) and network access for a new employee.

Learn more about how ServiceNow helps government agencies improve efficiency.

© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.