In response to the escalating frequency and complexity of cyber-attacks, the US has implemented measures to bolster cyber resilience. In May 2021, President Biden signed an Executive Order, leveraging $70 billion worth of US government IT spending power to mandate all federal bodies and their private sector partners to incorporate zero-trust policies throughout their IT infrastructure.
The legislation enacted gives those in question until September 2024 to comply with tighter security regulations. The implications of which, however, extend far beyond US organisations to any organisation with ties to US business. As such, this policy has international ramifications. All organisations within federal supply chains, regardless of their location, must adhere to these standards.
This legislation comes at a time when external attack surfaces are under increasing threat, with data breaches increasing by 72% between 2021 and 2023. This legislation makes clear that new security measures must be taken to mitigate these increasing threats across the entire attack surface. This includes increasing identity monitoring and visibility across endpoints, networks and cloud security architecture through to user application protection.
Implementing these comprehensive cybersecurity measures can seem like a complex undertaking and developing a robust and adaptable strategy isn’t always easy, but it is becoming crucial in the face of evolving threats. Let’s unpack.
The need for collaboration
Zero-trust policies treat every access attempt with suspicion, whether it originates from inside or outside a network. By scrutinising each request, zero-trust enables finer control over who gets access to data and what they can do. This policy creates a security net where nothing slips through unchallenged. The result? A robust defence that keeps cyber threats at bay.
Despite being US legislation, UK businesses with US partners will naturally need to comply with these tighter security regulations. This is because the nature of modern international business means that data is often shared between companies and up and down supply chains.
Considering the extent of the supply chains in question often spans several countries, this presents several complex challenges. These range from navigating diverse data residency laws to bridging communication gaps and aligning with a patchwork of compliance regimes. If these challenges aren’t met, businesses leave themselves open to data breaches that could result in financial and reputational damages. Standard global security policies combined with innovative security solutions can help bolster resilience on a global scale.
Enhancing visibility
Properly managing supply chain security leaves a lot to keep track of, and even today, we see siloed approaches to cybersecurity, wherein organisations adopt singular tools to address singular challenges, but this is only a short-term solution. Effective zero-trust policies set out by the US mandate require enhanced visibility across the attack surface. This is because there are more policies to implement, and therefore more techniques and run books to be applied, so increased visibility provides the scope and platform to constantly monitor and resolve threats – a key principle as they increase in volume and sophistication.
With so many siloed tools out there, organisations should consider deploying network security overlays in a single stack, as this allows them to easily underpin their networks with zero-trust. For example, Software Defined Wide Area Network (SD-WAN), which was built for on-site work, is still prominent today. The shift to hybrid and remote work accelerated cloud adoption. As a result, cloud security architectures, such as Secure Access Service Edge (SASE), have become increasingly critical. Deploying both as part of a single stack solution would fortify the supply chain attack surface and unify network operating metrics so they are all visible in one place.
This is vital in the context of this legislation given its focus on supply chains. Furthermore, while the US has set the mandate, we are now seeing similar proposals to strengthen supply chain security, the European Union’s NIS2 measures and UK’s recently announced cyber security and resilience bill for example. These are great steps in standardising global security practices and must continue if organisations want to tighten security protocols on a global scale.
Leveraging industry expertise
Years of experience and gathered expertise leave Managed Service Providers (MSPs) uniquely positioned to help organisations through the complexities of the zero-trust mandate. Strengthening cyber defences requires a unique industry perspective, one that can help many navigate increasingly challenging environments.
MSPs can ensure due diligence is done. They can ensure that businesses can adopt and maintain effective zero-trust policies, strategies and management systems. For example, a single-stack solution would reduce the pressure on in-house IT teams. This comes at a time when these teams are increasingly pressed by the growing attack surface. Equally, a single-stack solution would provide a platform to bolster security and free up internal resources to focus on driving efficiency and innovation.
September 2024 is just around the corner. However, the mandate should not be seen as an inconvenience or hurdle, but rather an opportunity for transformative security enhancements.
Adopting zero-trust architecture into a single-stack offers a dual benefit in more robust security measures. But there are additional benefits. It also streamlines IT operations that offset skills shortages and the chaos of siloed security tools.
Embracing zero-trust isn’t simply just about compliance. It’s about protecting your organisation for the future. By partnering with MSPs and committing to the requirements of this mandate, businesses can transform potential challenges into strategic advantages. In doing so, they will position themselves at the forefront of secure, efficient and agile operations.
- Cybersecurity