Big News From DC: The Cybersecurity Mandate and Zero Trust Strategy Memo

It’s been a huge time for federal agencies and the technology providers who help them stay secure. The one-two punch of the President’s recent Cybersecurity Mandate, followed by last week’s major Zero Trust Strategy announcement, puts real teeth into the federal government’s effort to boost security in a time of ever-rising risk. The recent mandate extended last May’s Cybersecurity EO to the Department of Defense and the intelligence community, two very tempting targets for global bad guys. The Zero Trust Architecture component is a blueprint for real, meaningful action, and it’s one that comes with mandatory action timelines because the Office of Management and Budget does. not. play.

At Radiant, we’re happy to see the federal government—home to some of the world’s most complex and essential identity and cybersecurity environments—taking such a leadership role on data and network security. As a key contributor to the NIST NCCoE effort to define Zero Trust Architectures, the Radiant team is proud to help deliver on these overarching security goals, providing the unified identity data foundation that drives the Zero Trust strategy model and attribute-based access control. (Our mantra: Dial in your identity data first, so everything you do gets much easier…)

The Global Security Landscape: It’s Not Great 

Whether it’s geopolitical brinksmanship or rogue actors with chaos in mind, the stakes are sky high these days. Digital vulnerabilities can disrupt global networks and derail massive economies. While private actors are driven by many motives—money, politics, general turmoil—state-run cyberattacks are basically a way of waging war without the shooting. This new security framework, underpinned by a “least privilege” Zero Trust mindset, puts the United States on stronger footing, giving government cybersecurity teams a path forward to modernize and optimize the critical technology infrastructure that ensures our national security and safeguards our personal identity data as citizens.  

Strengthening our cybersecurity defenses has massive economic and national security implications. The order includes an array of actions designed to confront the dangers of cyber attacks as they increase in frequency and sophistication. These frameworks will also become a model for the private companies that haven’t jumped into the Zero Trust waters yet, since multinational companies face many of the same risks—massive scale, asset-rich, high-profile targets—as the federal government.

Where Radiant Logic Comes In…

We’ll have more posts on the Cybersecurity Framework and Zero Trust Strategy from key contributors across the organization, but here are some elements that stood out. The newly dropped strategy calls for centralizing IAM and the data that enables it, integrating all agency applications for centralized authentication and authorization, and tapping user attribute sources to support ABAC/RBAC. These are all great goals—and delivering the unified identity data needed to drive them is right in the Radiant wheelhouse. 

As we’ve learned over many years of implementations in the public and private sectors, making key imperatives happen within massive identity infrastructures that have grown over many years across successive (often incompatible) innovations is a major challenge. Just gathering the diverse and far-flung attributes you need to centralize IAM and agency applications and deliver on the promise of ABAC is no mean feat. And achieving a 360-degree view of all users, as well as complete and always up-to-date global profiles for every user, is essential to ensuring security and enabling the latest innovations.

In fact, the success of new security frameworks such as Zero Trust (as well as identity fabrics and cybersecurity mesh, for those of you thinking about other innovative investments) relies entirely on accurate and accessible information about the people, objects, and devices that interact with its networks. And it’s the quality, the granularity, and the availability of that information that determines the security—or vulnerability—of each organization. But delivering the needed attributes across fragmented infrastructures, while taking full advantage of all the richness your identity data has to offer, has long been an excruciating pain point. And that’s right where Radiant shines.

First Step: Get Your Identity Data Right

As Radiant technology evangelist and frequent webinar host Wade Ellery says,

“The identity data you rely on for your security must be complete, it must be accurate, and it must be highly available. If it’s incomplete, you can’t make the best decisions. If it’s inaccurate, you’ll make the wrong decision—or worse, you’ll make what you think is a valid decision, but you’re invalid because your data is bad. And if it’s not highly available, it will take too long to make decisions, and speed really matters when it comes to security, access, and user experience.”

RadiantOne Intelligent Identity Data Platform pays off years of IT debt, unifying identity data across all the complexity, diversity, and many incompatibilities of your underlying sources. So identity data becomes instantly consumable in a way that makes it much easier to deliver secure log-ons and immediate granular access to exactly the right resources each user is allowed to see. 

Our flagship Identity Data Fabric delivers a single version of identity truth, giving complex organizations one place to go for everything that’s needed, in exactly the right format every time, while quickly enabling key security innovations, such as two-factor authentication and the progressive disclosure that defines a Zero Trust environment. 

We look forward to helping federal identity teams successfully deliver on these new mandates and strategies.