From Perimeter to Zero Trust: The Cybersecurity Evolution in Public Sector
Zero Trust is not a new concept in cybersecurity, but it has gained renewed attention and relevance for the public sector in recent years. As cyberthreats become more sophisticated and pervasive, and as remote work and cloud adoption increase, traditional perimeter-based security models are no longer sufficient to protect sensitive data and systems. Zero Trust is an approach that assumes no access for any entity, whether inside or outside the network, and requires continuous verification and validation of all access requests and transactions.
But what does Zero Trust security look like in the public sector, and how has it evolved over the past few years? To answer these questions, we partnered with Market Connections, a leading market research firm that specializes in the public sector, to conduct a comprehensive survey of 200 federal and 200 state and local government IT decision makers from August to September 2023. The survey assessed their knowledge, confidence, challenges, benefits and barriers regarding Zero Trust adoption.
Why There’s an Increased Focus on Zero Trust
Public sector entities face a vastly different security landscape since the Executive Order on Improving the Nation’s Cybersecurity in 2021. The order notes a need for the federal government to lead by example in taking big steps toward protecting the nation. In order to foster continuous trust with residents, a Zero Trust approach is necessary to proactively defend against increasingly sophisticated attacks carried out by malicious actors.
CISA’s Zero Trust Maturity Model guides agencies toward continuous security modernization in this rapidly evolving technology landscape, with protection in each of the following five pillars: Identity, Applications and Workloads, Devices, Networks and Data.
Agencies and Their Zero Trust Adoption Journeys
According to our survey with Market Connections, most agencies are progressing in their adoption journey, with 73% of IT decision makers across federal, state and local agencies reporting they feel confident in their agency’s overarching security strategies. Although only 1% of respondents felt they have expert-level knowledge of Zero Trust, agencies are getting closer to having a fully implemented Zero Trust security architecture.
Common Agency Challenges in Adopting Zero Trust
Despite significant progress in Zero Trust adoption for many agencies, there are a number of obstacles that make it difficult for adoption across the board, including technology limitations, workforce challenges and budgetary restraints.
Technology limitations
Integrating Zero Trust within existing infrastructures is a top barrier for many agencies—our survey found that 70% of agencies feel rebuilding or replacing legacy infrastructure is an important aspect of their Zero Trust journey.
Furthermore, we found that over 80% of organizations see the need to continuously improve threat detection in order to implement Zero Trust, and many legacy infrastructures aren’t currently equipped to do so. For many, the cost and resource implications of technological overhauls are daunting.
Staff and workforce challenges
Over 70% of respondents expressed that finding security professionals with the appropriate skills and expertise is critical to implementing Zero Trust. Federal respondents expressed more of a challenge than state and local agencies with having skill gaps in their internal IT staff. This demonstrates an opportunity for partnership with organizations to train and upskill staff in security practices.
Budgetary constraints
Funding and cost concerns are a major barrier in Zero Trust implementation, with 86% of state and local government respondents expressing it as their top concern. The public sector faces unique challenges when implementing the right security practices to protect critical data. Responsibly maximizing taxpayer value and strategically allocating resources are additional barriers they face on their Zero Trust journeys.
Where Do Agencies Go from Here?
Zero Trust requires government entities to shift their security focus from simple response and mitigation to proactive protection. CISA recognizes this evolution in the second edition of the Zero Trust Maturity Model, stating, “Fundamentally, Zero Trust may require a change in an organization’s cybersecurity philosophy and culture.”
By partnering with Market Connections, we discovered that over 75% of organizations recognize the need to change their culture around cybersecurity. Further, 80% of entities recognize that this change must be embraced from the top down to be successful. Adopting a Zero Trust approach to security helps to ensure only verified users gain access to sensitive data and minimizes the threat of bad actors compromising mission priorities.
Survey respondents recognized the reduced risk of data breaches as the top benefit of Zero Trust. That’s why Lumen is here to help agencies overcome adoption challenges and establish a robust Zero Trust framework that minimizes risk.
Lumen Can Help
Lumen is widely recognized for its comprehensive expertise in cybersecurity threat protection, particularly in meeting government cybersecurity standards. We’ve been a trusted partner to the government across multiple agencies helping secure mission critical data, to protect communities and agencies. Recently, IDC acknowledged Lumen as a major player in their IDC 2024 MarketScape for U.S. National Government Professional Security Services. IDC recommended federal agencies strongly consider Lumen when looking to modernize network security, implement full SASE solutions, and enhance SOC capabilities and incident response services.
By aligning with industry committees like NSTAC and frameworks like ISO and CMMI, we prioritize rigorous daily security practices and can help you meet your compliance goals without compromising performance. With Lumen’s guidance and expertise, we can help you develop a proactive and comprehensive security strategy that meets the unique needs of your agency and seamlessly integrates within your environment—without breaking the bank.
Lumen empowers you to secure your agency’s future with a seamless Zero Trust adoption strategy.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen.