Why Cyber Resilience Aligns with Zero Trust

            Federal agencies are leaning hard toward adopting Zero Trust security architectures under mandate to
            do so from the President’s 2021 Executive Order on Improving the Nation’s Cybersecurity, as well as
            other guidance. They also need to do so, as Zero Trust is proving a robust means of keeping cyber-
            attackers at bay.

            When it comes to cyber resilience, adopting a Zero Trust mentality and architecture is an excellent place
            to start. Zero Trust assumes that access and networking within an organization can never be trusted. It
            calls for users, devices, and systems to be authenticated first before connecting, and then re-verified at
            multiple points before accessing networks, systems, and data.

            For those transitioning to a Zero Trust architecture, CISA’s Zero Trust Maturity Model offers a framework
            of five foundational pillars covering: Identity (and access), Devices (e.g., Bring Your Own Device policies),
            Networks, Applications, and Data. It then builds in Governance and Analytics, to help measure, monitor,
            and develop automations to assist with fatigue and mistakes that result from manual updates.

            This level of cybersecurity in turn gives a firm grounding to cyber resilience, by preventing many of the
            most common attacks before they can infiltrate or impact critical data and systems. Again: cyber security
            and cyber resilience go hand in hand.

            As the federal government pursues Zero Trust goals, it should view this effort as a foundation for an
            expanded view of what security entails. Zero Trust is the bedrock upon which to move beyond mere
            defense and to layer in cyber resilience so agencies can meet the main objective of security: operational
            continuity.

            Like  cybersecurity,  cyber  resilience  is  a  means  to  an  end.  Both  look  to  safeguard  critical  data  and
            systems, but cyber resilience takes it one step further. Recognizing that even the best defenses can be
            breached, cyber resilience looks to ensure that agencies can continue to meet the needs of citizens and
            stakeholders,  uphold  national  security,  and  accomplish  the  myriad  other  vital  tasks  of  government,
            regardless of what the bad actors may try next.



            About the Author


            Amanda  Satterwhite,  Managing  Director  of  Cyber  Growth  &  Strategy  at
            Accenture  Federal  Services,  is  responsible  for  growth,  innovation,  and  go-to-
            market  strategy.  Satterwhite  leads  cyber  mission  and  enablement  for  the
            company’s National Security Portfolio, managing a team responsible for creating
            cutting-edge solutions for national security missions.

            Amanda can be reached online at https://www.linkedin.com/in/mandysatterwhite
            and  via  the  company  website  https://www.accenture.com/us-en/industries/afs-
            index







            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          25
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.