Zero trust isn’t just for security teams, but a strategy where organizations meet compliance standards, vendors behavior, govt policies. Overall zero trust is a shift in how an entire enterprise thinks how to access risk and more than a checklist.

The White House is developing a “Zero Trust 2.0” strategy to focus on targeted, high-impact cybersecurity initiatives and improve the efficiency of federal cyber investments.

Trump admin Officials aim to streamline compliance regimes and tailor software security requirements, especially differentiating critical from low-risk software.

The administration is also preparing new guidance on drone procurement and use, restricting purchases from certain foreign entities, and finalizing instructions for agencies to adopt post-quantum cryptography following recent NIST standards.

The zero-trust security architecture was introduced by Forrester Research in 2010. Zero trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.

Nick Polk, branch director for federal cybersecurity at the Office of Management and Budget, said OMB is looking toward the next iteration of the federal zero trust strategy.

“We’re still coalescing around the exact strategy here, but it likely will be focused on specific initiatives we can undertake for the entire government,” Polk said a July 16 online meeting of the Information Security and Privacy Advisory Board.

AI & Zero Trust

AI tools help build a Zero Trust foundation for enterprises fixing different layers of security and focus on elevating security strategies . Now with the advent of AI-driven advancements, the path forward offers some intriguing prospects for AI and zero trust synergies.

AI and Zero Trust intersecting will unlock key opportunities for holistic cyber security maturity, further AI generates an informed narrative for granting or denying resource access. The security approach seamlessly aligns with a core tenet on principle of Zero Trust and least privilege.

Key Security Updates

Nick Polk also explained some of the key changes in President Donald Trump’s June cybersecurity executive order. Trump maintained many Biden-era initiatives, but canceled a plan to require federal software vendors to submit “artifacts” that demonstrate the security of their product.

“That was really a key instance of compliance over security, requiring an excessive amount of different artifacts from each software vendor, changing requirements midstream, when software providers were already working on getting the security software development form and agencies were already working on collecting it,” Polk said, pointing to a continued requirement for agencies to collect secure software attestation forms from contractors.

How Zero trust help organizations security posture

Organizations who place Zero Trust architecture will have access control policies and definitely use micro segmentation . Required to minimize the damage from ransomware attack can cause.

Attackers not only find it more difficult to breach the system in the first place, they’re limited in their ability to expand made possible by Zero trust when put in place.

Ransomware attack, typically involves an initial infection, lateral movement and data exfiltration with or without encryption. Zero Trust implementation bring organization to address each step as it happens or before it happens. Ransomware will attack a business, consumer, or device e

According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 — up from less than 10% at the end of 2021.

Zero trust is based on the principle of least-privilege access, meaning it has to be assumed that no user or application should be inherently trusted. Zero Trust Network Access (ZTNA) takes a completely different approach than VPNs to securing access for remote workers.

Implementing zero trust will connect users to network and no risk is involved with network. Users are connected directly to only the applications and data they need, preventing the lateral movement of malicious users with overly permissive access to sensitive data and resources.

Behavioral Analytics and Anomaly Detection with AI its much easier to detect and entity actions

Automating Threat Response and Remediation is faster with AI as, AI takes the lead in automating response measures by swift device isolation.

AI involves real time risk assessments and determines when to give access resource.

In few years from now many organization will attain the optimal posture for Zero Trust as AI and zero trust emerge as strong significant partner for a better security maturity and posture.

(Source: https://www.computer.org/csdl/magazine/co/2022/02/09714079/1AZLiSNNvIk)

Source: https://www.govcon.community/c/news-summary/trump-admin-focuses-on-zero-trust-2-0-cybersecurity-efficiencies