Always On, Zero Trust Requires Continual Authentication
As part of North Dakota’s zero-trust strategy, the state has deployed more than 100 Palo Alto Networks firewalls, creating nearly 1,000 separate virtual LANs that segment network traffic to keep threats from spreading.
“We can’t assume our servers are clean,” Kramer says. “We assume they’re compromised, and then we limit the number of other servers they can get to.”
Kramer says that procurement has also become a powerful tool to enforce zero trust, as the state can insist that vendor’s implement certain standards as a condition of purchase.
“Zero trust is not a switch that you can turn on and off,” he says.
Zero-Trust Solutions Resemble a Team of Superheroes
Adam Ford, CISO for the state of Illinois, compares cybersecurity solutions to a team of superheroes, such as the Justice League or the Avengers.
“This notion of bringing together different capabilities in furtherance of the common good, it’s an apt metaphor for our journey into this zero-trust approach to security,” he says. “It’s a real shift from the castle-and-moat philosophy that we’ve had in technology for decades. With the rise of these modern attacks, such as ransomware, and these sophisticated organizations that can penetrate the castle walls, you now must have a plan for what happens when someone gets inside.”
The state’s zero-trust solutions include multifactor and single sign-on tools from Okta, enterprise cloud security solutions from Zscaler and Splunk’s security information and event management tool. Occasionally, while talking about the tools, Ford will liken one of them to a specific comic book character.
“Splunk is a little like Professor X from X-Men,” he says. “He always had an idea of what was going on with everybody. Splunk is where we get that overview — even while we still have the Wolverines of the world out there slashing people and healing our network.”