President’s Biden’s May 2021 Executive Order on Improving the Nation’s Cybersecurity mandates rapid development of plans by every federal agency for modernizing their approach to cybersecurity. One of the most crucial improvements called for is the implementation of Zero Trust Architecture.
The Executive Order (EO) makes clear that Zero Trust tenets will need to be built into any software the federal government acquires or that its contractors use. The EO mandates amendments to the Federal Acquisition Regulation (FAR) to get that done. The aim is to improve not just federal cybersecurity but also that of the private sector that we’re all so dependent on—as vividly revealed by the Colonial Pipeline incident.
Changes to FAR and likewise, DFARS, mean that to continue to do business with the DoD, defense contractors will need to incorporate Zero Trust Architecture into their communication and collaboration platforms.
The National Security Agency’s (NSA’s) February 2021 memorandum, Embracing a Zero Trust Security Model, describes a Zero Trust security model as one that “eliminates trust in any one element, node, or service” and “assumes that a breach is inevitable or likely has already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.”
Modern Zero Trust security differ fundamentally from legacy systems that focus on hardening the perimeter by creating the equivalent of bigger and bigger barriers around sensitive data and network boundaries. Instead, a Zero Trust mindset eliminates any vestiges of trust when it comes to protecting networks and core data by constantly verifying every user, device, application, and data flow.
Zero Trust Architecture is designed to secure the entire breadth of computing services, data resources, and network locations across enterprises. One of the most critical components of that landscape is communication and collaboration systems. These systems—particularly emails and sensitive documents—are by far the most targeted and vulnerable points of attack. As such, communication and collaboration systems are the logical first place to apply Zero Trust principles to improve cybersecurity.
Simply put, communication and collaboration systems have three key components, each of which presents security challenges:
Zero Trust principles are not just a theoretical construct. PreVeil was built from the ground up to implement Zero Trust principles. Its email and filing sharing platform:
PreVeil knows, though, that better security isn’t enough: if security is difficult to use, it won’t be used. PreVeil is designed to deploy easily as an overlay system, with no impact on existing file and email servers. And it’s easy for users to adopt because it works the tools they already use, including their regular email address.
PreVeil is affordable too—a key factor for small- to medium-size defense contractors who often don’t have the resources and skills to build the secure systems they need. Hackers know this and frequently target such companies. PreVeil helps to turn the tables on that tactic by offering world class security at low costs.
Finally, because PreVeil embeds Zero Trust principles to protect CUI (Controlled Unclassified Information), it helps contractors comply with DFARS 252.204-7012, NIST 800-171, ITAR 120.54, and CMMC Level 3. PreVeil offers several resources in its library that explain how PreVeil accelerates your path to compliance.
PreVeil’s hope is that widespread adoption of a Zero Trust mindset will help take your organization’s security to a higher level, one needed to address today’s threat environment and to comply with federal mandates. To learn more, read our brief, Zero Trust: A better way to enhance cybersecurity and achieve compliance.