Anyone for Alphabet Soup? ZTNA, SWGs, MFA, and More: Lessons Learned from Fed Day CyberThreats 2021
Last week, we gathered a few of the most prominent leaders and experts from every corner of the federal space to talk about all things cybersecurity and digital transformation. Discussions ranged from the move toward Zero Trust Network Access (ZTNA), and effectively managing identities and access with a secure web gateway (SWG) to keep data safe, to what the executive order on cybersecurity means for agencies -- time to implement a multi-factor authentication (MFA) solution.
While appetizing (maybe) and intriguing (definitely), albeit at times confusing, I'd venture to say that the alphabet soup of solutions and frameworks discussed in the summit isn't the most interesting part; it's the combination of all of the sessions and the narrative they create.
Taken together, the summit tells the compelling story of a changing landscape, one where threat actors are getting smarter and working harder to exploit every vulnerability they can -- with agencies implementing plans to outsmart them at every turn. What were once crimes of opportunity have evolved to calculated and planned attacks on critical infrastructure. Matthew Swenson, Chief of the Cyber Crimes Unit, DHS HSI Cyber Crimes Center, hit the nail on the head. He mentioned seeing an uptick in criminal activity online, especially given the reliance of the general population on the internet in our day-to-day lives. Similarly, Akamai has seen an increasingly dangerous threat landscape with a higher level of attacks. CTO of Security Strategy Patrick Sullivan said, "The velocity of attacks upon which we collect data has gone significantly up over the last year. [Between] web applications and APIs, there is a continual effort [by cybercriminals] to find imperfections in those applications that can be exploited."
This rings true in the industry too. In response to these threats, the Biden administration issued an executive order on cybersecurity (May 2021), hot off the tails of the DarkSide ransomware attacks, Microsoft Exchange vulnerabilities in March 2021, and the SolarWinds attack in December 2020.
The executive order named MFA and Zero Trust specifically, outlining the future of cybersecurity and network access. This was well aligned with what Akamai EVP and CTO Bobby Blumofe spoke about in his session, The Zero Trust Imperative: Securing Information in the Cloud. He helped the audience understand the intention behind this framework -- and that it's not nearly as scary as it seems. He said it best: "At its core, then, Zero Trust is just very tight access control, ensuring that access is granted only to strongly authenticated and authorized users, and only to what is needed. Despite its name, there is nothing intimidating about Zero Trust. The concepts are simple and can be thought of as a very strong form of least privilege."
Least privilege is the most secure way to exist on the internet. MFA helps you get there.
With the industry context set, Akamai Advisory CISO Steve Winterfeld explained on a more agency-specific level the importance of managing identities to keep citizens and their data safe. He covered the role of a SWG in establishing secure enterprise access and the benefits of the move away from traditional VPN. The first step to securing citizen and agency information is ensuring a known and secure access point.
By the end of the summit, it all made sense. Viewers could see what others in the industry are coming up against and what they're doing about it. They were able to get their arms around the industry trends, what's coming up for the future, and how to prepare for it.
If you're looking for more of what was covered in the summit, you can watch it now.
We also know a two-hour summit can only cover so much. What did we miss? What would you like to hear more of? Reach out to us or contact me directly on Twitter at @bemusedbridget. I'd really love to hear from you.