Following the Colonial Pipeline attack, one of the most impactful ransomware attacks to-date, the United States government issued an Executive Order which detailed a course of actions aiming to improve the government’s cybersecurity standards, specifically with zero-trust (ZTNA) security. The Executive Order focuses on five key areas of cybersecurity including:
-
- Sharing of threat information between the private sector and the federal government.
- Modernizing and strengthening cybersecurity with Zero Trust Architecture, cloud security services that includes SaaS, IaaS, and PaaS, and centralizing and streamlining access to cybersecurity data for identification and investigation of cyberthreats.
- Establishing baseline security standards for all software used by the government, which will require software vendors to provide visibility of their security data.
- Creating a Standard Playbook for cyber incident response.
- Improving cyberthreat detection, investigation, and remediation processes.
As seen in the past several years, whether if it’s the municipal governments, K-12 school boards, or even city airports, has been popular targets of persistent cyberattacks. This Executive Order is a welcomed change to improve the government’s cybersecurity stance. The question is, will it have any impact on MSPs? The short answer is yes, but it may not happen immediately. Like the adoption of DMARC reporting, we expect businesses to see a long tail of adaption over the next several years.
Other industries will follow the lead on ZTNA
As the departments of the federal government begin to update their infrastructures, it may take some time for investments to reach the government departments that MSPs work with. The Executive Order does have aggressive timelines tied to each area of focus and offers a guideline for when to expect project requests to come through.
More importantly, this new Executive Order will entice other industries to follow suit. As cyberattacks become more persistent and sophisticated, businesses of all sizes are feeling the pain. With the expanded remote workforce, businesses must take a Zero Trust approach to secure their data, devices, and employees.
With traditional remote access solutions, users are granted access natively, with each login as the verification. This creates security vulnerabilities as an infected device can log into a network and infect it. Using a ZTNA approach does the reverse. It allows companies to set up access control to their data and applications, which minimizes the risks involved with opening their network to all users. Each request is verified for user’s identity and device’s security posture before access is granted. The Zero Trust approach not only increases the security posture, but also provides scalability and enhances productivity when compared to traditional remote access solutions.
As an MSP, you should be prepared to have conversations with all of your customers about the Zero Trust cybersecurity approach and why the U.S. government has made it a central part of the new cybersecurity hygiene. For more information on Zero Trust, join our upcoming webinar on May 21st at 11:00am ET/8:00am PT to learn how Barracuda MSP can help expand your services to include Zero Trust.
Photo: Luca Perra / Shutterstock
