Program Recordings and Recaps  

On Thursday, May 6, INSA hosted a webinar titled “Lessons Learned: Adoption and Implementation of Zero Trust in Legacy Networks.” Moderator INSA EVP John Doyon sat down with panelists Kevin Bingham, Zero Trust Technical Lead, Cybersecurity Directorate, NSA; Gerald Caron, Acting CIO, Office of the Inspector General, Department of Health and Human Services; Sean Connelly, Trusted Internet Connections Program Manager, CISA; and Dr. Cynthia Mendoza, Chief Technology Officer, Bureau of Intelligence and Research, U.S. Department of State for a candid conversation about the implementation of Zero Trust and the roadblocks that remain.

After introducing themselves, the panelists discussed how organizations can get started with the Zero Trust framework. There was consensus among the speakers that the obstacles are cultural rather than technical. A necessary first step is helping organizations assess their networks and mission needs, and then explaining what vulnerabilities exist in their legacy networks. This is an iterative process that can start at a very basic level. Next, securing organizational buy-in from implementers to operators is critical. All of the panelists agreed that it ‘takes a village’ to successfully implement Zero Trust, and doing so can be a lengthy process. Conversations that identify the ‘crown jewels’ of the organization, where the data needs to go, and who has access to it must occur at the start.

The panelists admitted that there are few success stories to date but nevertheless remain optimistic about the direction of Zero Trust and broad buy-in. Many organizations are initially overwhelmed by the Zero Trust framework and are uneasy about changing their legacy networks. Others have dismissed Zero Trust as the latest buzzword that does not differ too much from what already exists. Nevertheless, these opinions are often temporary and quickly change after organizations learn more about the promise of the Zero Trust framework. People across government and industry are beginning to understand that the capabilities of this ‘assumed-breach’ approach are powerful and carry many benefits.

In closing, the panelists underscored the opportunities afforded by Zero Trust. Mr. Bingham explained clichés including ‘the vulnerability of one is shared by all’ and ‘you’re only as strong as your weakest link’ are not necessarily true. “It doesn't have to be this way. We have the opportunity to break this mindset.”