The long road to implementing zero trust security architectures may be driven by top-down policy directives and prioritizing technology pillars, but the art and science of communication and collaboration are showing up as vital inputs into organizing Federal agency technologists and network users to move toward the government’s zero trust goals.
Those were a few of the top-line takeaways from Gerald Caron – who is Assistant Inspector General/Chief Information Officer, Office of Management and Policy, at the U.S. Department of Health and Human Services – during a keynote address at ATARC’s Federal Security conference on April 14.
On the communications front, Caron hammered home the value of engaging with agency officials and employees about the goals of zero trust security and what the migration will accomplish.
“One of my strategic things is communications,” he said. “It’s very important how we talk to [agency employees] about zero trust.”
“We talk about what data they need, how they want to use it,” he said. “I get an inventory of data from them … then I tell them about the benefits.” He advised keeping network users at the forefront of the larger effort.
“Make users part of your time,” Caron said. “IT is an enabler of the mission … those are the users, the ‘fans in the stands’ that you want to make happy.”
On the technology front, Caron talked about the value of collaboration with vendors and making sure they understand the agency’s needs, and that they then have an opportunity to address those through presentations.
“In order to be successful, we’ve got to partner,” he said. “We can only learn from each other.”
Caron said vendors interesting in helping HHS with zero trust are asked about the ability to integrate their products and services with the infrastructure that the agency already uses. “Lots of us already have tools,” he said, so an important consideration is “how do you work with other products.”
I give the homework assignment to the vendors, “who can help me fill those gaps,” he said.