ATARC Zero Trust Virtual Summit

Agenda

Introduction

Visionary Keynote Briefing

Technology Talk

The True Meaning of Zero Trust and How to Implement It Correctly: Context is the New Perimeter

Zero Trust is the hot new buzz word – but what does it mean and how can you actually implement it across your federal organization effectively? Being completely cut off is the only way to achieve 100% trust, but such a “Cone of Silence” approach didn’t work for Agent Smart and it won’t work for your federal agency if you need to collaborate with others.

In reality, every action does not require the same level of scrutiny or protection. Browsing LinkedIn, for example, should not carry the same level of protection as uploading a file. At Netskope, we believe that context is the new perimeter and Zero Trust (ZT) is an architectural principle with two main purposes:

Replacing implicit trust with explicit trust, continually assessed and adapted as necessary by evaluating not just identity but all of the context surrounding an interaction to determine what level of access is appropriate
Concealing resources from the public internet so that they remain undiscoverable (not just inaccessible) to anyone not specifically granted approval

Most security architectures in place across federal agencies today were engineered for a technology ecosystem that has significantly changed over the last two decades. And while the pandemic served as a forcing function, causing many federal organizations to come to terms with the shortcomings of their tooling, practices, and approach to security, the limitations of legacy (i.e., vulnerable) technology solutions were just as debilitating over the last 20+ years as the pandemic was disruptive over the last 18+ months. Traditional security practices and tools are ill-equipped to protect the onslaught of cloud applications and legacy tooling simply cannot meet the requirements of an effective ZT approach.

In this session, you’ll learn what Zero Trust really means, how to implement it quickly in the short-term and correctly over the long-term, and why context-aware security is critical to a successful Zero Trust implementation. Better security is rooted in the ability to make better business and mission decisions for your federal organization—and the ability to make better decisions relies on understanding the risk facing your organization, in real-time with telemetry-rich, data-driven context. Netskope’s approach to ZT empowers federal agencies with the ability to not just secure and protect agency data, but to confidently and continuously control access to and interaction with agency data as well.

Please join us to learn about the importance of a layered, context-centric approach, and how you can effectively implement the core tenets of ZT in your federal organization.

Visionary Panel: Using Emerging Technologies to Strengthen Zero Trust Security

Tune into this panel to hear from topic experts on the importance of emerging technologies while agencies are in the process of adopting and implementing Zero Trust Principles. In what ways do emerging technologies help this process? What best practices do these topic experts recommend when agencies are using emerging technologies to adopt and implement Zero Trust principles.

Implementing Zero Trust in Government Agencies: How to Think Beyond Identity

As enterprise networks change to support remote users and cloud-based assets that are not located within an enterprise-owned network boundary, security has forever changed. Zero trust focuses on protecting resources, not limited to network segments, as the network location is no longer seen as the prime component to the security posture of the resource. In 2020, the definitions and guidance for what zero trust is and how it should be implemented have been formally laid out in the NIST 800-207 publication and in 2021, Biden’s Cybersecurity executive order calls for agencies to use this guidance to advance towards a Zero Trust architecture. According to this guidance, users and their identities play a pivotal role in a zero trust framework, and organizations must ensure on a continuous basis that only authenticated and authorized users and devices can access applications and data. However, identity is just the beginning when designing a zero trust environment.

Attend this tech talk to learn about:

• How we must evolve to achieve an optimal Zero Trust posture
• Why we must expand upon ICAM analytics to ensure as you continually re-evaluate trust throughout the users interaction with your data

Visionary Panel: The Future of Zero Trust Within the Federal Government

Listen in as topic experts explore the current status of Zero Trust, ways to strengthen Zero Trust, as well as what is in store for Zero Trust in the future. Where do these topic experts think Zero Trust can improve on? What best strategies will help improve on these issues?

Software-Defined Zero Trust Data Management : Modernizing Mission & Enterprise Resiliency 

Public Sector Organizations are working diligently to reduce complexity in their environments, striving to avoid costs, do more with less, and take full advantage of hybrid cloud technologies and all of the business benefits associated with automation, machine learning, and Artificial Intelligence.  As teams begin their digital transformations, they have to take a holistic approach to their modernization strategies, looking across how Security, Data Management, Resiliency, and Data Harmonization across the enterprise occurs.  In this session we walk through a best practices approach of using  Software Defined Data Management to ensure mission resilience, data protection and data security, delivering on near instant recovery capabilities during disasters, and building meaningful remediation plans against ransomware and other malicious code attacks.

Securing the Hybrid Government Workforce

The global pandemic shifted the Federal government into a remote work environment overnight, while high-profile breaches resulted in the Biden Administration issuing an Executive Order focused on Zero Trust to improve the security of cloud workloads. Government leaders recognize the landscape of the federal workplace has forever changed and are faced with now securing a new, hybrid workforce environment.  Attend this session to hear how:

• Secure Connectivity from iboss Provides the Foundational Capability Needed to Ensure Employees are Protected and Productive from wherever they work
• iboss Enables Agencies to Implement a Zero Trust Architecture by Providing Key Capabilities Across Multiple ZTA Pillars

Visionary Panel: Understanding Cyber Threats Through the Use of Zero Trust

Tune into this panel to hear from topic experts on the best practices for understanding Cyber Threats through the use of Zero Trust. What best strategies do these topic experts have for eliminating cyber threats? How does the use of Zero Trust help in this process?

Technology Talk

Zero Trust through Isolation

Technology Talk

Zero Trust for Application Workloads

Erik Costlow is a software security expert with extensive Java experience. He manages developer relations for Contrast Security and public Community Edition. Contrast weaves sensors into applications, giving them the ability to detect security threats based on how the application uses its data.
Erik was the principal product manager in Oracle focused on security of Java 8, joining at the height of hacks and departing after a two-year absence of zero-day vulnerabilities. During that time, he learned the details of Java at both a corporate/commercial and community level. He also assisted Turbonomic’s product management team in the data center/cloud performance automation. Erik also lead product management for Fortify static code analyzer, a tool that helps developers find and fix vulnerabilities in custom source code.

Visionary Panel: Securing the Cloud Through Zero Trust

In what ways has Zero Trust Security helped to secure the cloud? Why is it important to protect the data stored within the cloud? Federal IT leaders will discuss the process of securing the cloud through Zero Trust and explain the importance of doing so within the Federal Government. Tune-in as Panelists also discuss how federal agencies and cloud service providers can work together to enhance security, and why it’s important to focus on protecting data instead of the network.

Closing Remarks

Watch on demand

Introduction

Visionary Keynote Briefing

Zero Trust Network Access (ZTNA) secures and protects Work From Anywhere (WFA)

Organizations are moving applications to the cloud at the same time that users are leaving the office.   This is creating challenges for how to safely and efficiently offer remote access.  Zero-trust principles can bring order to remote access with a better solution than VPN for this new Work From Anywhere (WFA) scenario.  Zero Trust Network Access (ZTNA) provides for flexible, yet granular, access to applications.  Learn how Fortinet’s ZTNA provides for safe and secure access, no matter where the user is or where the application is hosted.  Fortinet’s ZTNA brings flexibility and control to this new WFA reality.

Visionary Panel: Zero Trust and the Federal Identity-Centric Security Roadmap 

The seismic shift to distributed workforces has dissolved the Defense Department’s traditional network perimeter and put a focus on a new critical aspect of cybersecurity: identity management. With users and devices now accessing critical information, systems, and applications from anywhere, the mindset must be to never trust and always verify. In this new environment, a zero trust approach can help agencies minimize their attack surface and cyber risk.

Tune into this panel to hear from topic experts on how to build an effective zero trust approach with an emphasis on identity and privileged access management. How does identity and privileged access management align with and enable Zero Trust? How does Zero Trust help agencies achieve ICAM Cybersecurity goals?

Advanced Threats and XDR: Getting the Entire Picture, Beyond the Endpoint

We have advanced past EDR into the land of XDR, but XDR can be both misunderstood and overused. How do we tell the story of a an advanced, targeted threat that goes beyond the endpoint? Join me in this session as we explore a threat lifecycle, and how we can visualize, correlate, and remediate based on the full and complete story that XDR unfolds before us.

Visionary Panel: Applying and Implementing Zero Trust Principles

Implementing Zero Trust takes time and effort: it cannot be implemented overnight. For many networks, existing infrastructure can be leveraged and integrated to incorporate Zero Trust concepts, but the transition to a mature Zero Trust architecture often requires additional capabilities to obtain the full benefits of a Zero Trust environment.

Tune into this panel to hear from topic experts on the best practices for implementing Zero Trust within a government agency. What best strategies do these topic experts have for implementing and applying Zero Trust principles within an agency? What challenges have these experts had while implementing and applying these principles within their agency? What solutions did they come up with to overcome these challenges?

Technology Talk

How Nutanix Accelerates alignment to Zero Trust Architecture

The recent Executive Order on Improving the Nation’s Cybersecurity mandates that government IT must move to a Zero Trust Architecture (ZTA). No small task as government IT is typically composed of a complex ecosystem of legacy technology and modern technologies like private and public cloud.  The distributed nature of data across dissimilar IT environments has created new security challenges for federal agencies. Separate silos of enterprise storage, networks, and servers mean more complexity and specialized staff to support, but also it means more vulnerability and possible attack points. 

Nutanix can accelerate government IT’s alignment to ZTA by providing the necessary foundation on which government agencies can build their IT environment, whether on-premises (private cloud), public cloud or hybrid multicloud.  In this session we will introduce you to how the Nutanix® Cloud Platform helps government agencies and the military build modern, software-defined data centers and speed their hybrid multicloud deployments.  The platform helps government IT get powerful built-in virtual networking, enhanced disaster recovery, and simplified zero-trust security that otherwise would require additional specialized hardware, software, and skills.

Dynamic Security Enables Zero Trust

The journey to Zero Trust Architecture requires a change in thinking from the “gatekeeper” mentality to a more dynamic defense that relies on continuous monitoring.  Securing your network environment, for example, requires a dynamic assessment of risk.  If you are relying on a static measure, such as CVSS, to prioritize vulnerabilities, you are thinking like a gatekeeper. Similarly, Active Directory, as its name implies, is an active, dynamic environment that requires real-time continuous monitoring to secure effectively. Securing your AD on a continuous basis is an essential step on the road to Zero Trust.

Visionary Panel: Government Guidances on Zero Trust

Listen in as Topic Experts dive into the Guidances, as well as the importance behind them. How will these guidances affect Zero Trust Security? Do these guidances bring any challenges? What benefits do these guidances bring?

Verify Everything, Trust Nothing: Zero Trust Cyber Resiliency with Veeam

NIST defines Zero Trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” In this session you’ll learn how Veeam extends Zero Trust Cyber Resiliency across your on-prem, cloud, and SaaS workloads. Options like true data immutability, granular role-based access controls, and broad platform support guarantee your mission-critical data will always be available.

Technology Talk

Strengthening Your Security Posture with Secrets Management in ZTA

A robust Zero Trust Architecture (ZTA) manages and secures secrets – passwords, certificates, encryption keys, tokens, and other sensitive and private data. Learn how ZTA strengthens your organization’s security posture by building upon a foundation of secrets management.

Visionary Panel: Adoption and Implementation of Zero Trust in Legacy Networks

Tune into this panel to hear topic experts discuss what it looks like to adopt and implement Zero Trust in Legacy Networks. How do you implement Zero Trust when you have an existing infrastructure? Where do you start? What are the best practices to do this?

Closing Remarks

Watch on demand

Zoom for Government enables ATARC remote collaboration opportunities through its cloud platform for video and audio conferencing, chats and webinars across all devices. Allowing for individuals from all areas of government, industry and academia to communicate directly. 

*** ATARC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. Program Level: Overview, no prerequisites required. Advance preparation: none. Delivery Method: Group Internet Based. Field of Study: Information Technology. Registration #140762. In accordance with the standards of the National Registry of CPE Sponsors, CPE credits have been granted based on a 50-minute hour. Refund, cancellation and complaint resolution policy.