Page 44 - FCW, September/October 2021
P. 44

FCWPerspectives vice edge capability to DOD’s “Fourth
Estate” agencies.
Zero trust with near-zero funding
The price tag for pursuing zero trust architectures is significant, the group noted. Those funding challenges are far from unique, but it can be difficult to find the money for such foundational changes.
“We’re all poor,” one participant said. “I’ll speak on behalf of my agen- cy — we haven’t gotten a red cent to support these additional initiatives so it’s, ‘Let’s do more with less.’ With zero trust coming to the forefront and with all the other things that our CIO shops are faced with, at the end of the day, it’s about picking your battles. It’s not realistic [to think] we’re going to be able to do everything well.”
“I want to emphasize the amount of pain we feel on the funding aspect,” another said. “Within my organization, we do not have any enterprise fund- ing. And trying to implement zero trust, what we have is always coming from the customer.”
OMB has encouraged agencies to apply to the Technology Modernization Fund (TMF), saying zero trust initia- tives will be given priority and possibly more lenient repayment requirements. Roundtable participants, however, were skeptical.
“There’s some leniency on the pay- back, but there is potentially a payback still,” one official said. More important- ly, “if I get TMF money and I deploy a bunch of new stuff, I need money to sustain it as well. Where is that going to come from?”
Most participants have decided to price zero trust requirements into each product rather than seek dedicated funding for the architecture efforts.
“When you want to introduce a new product, you’ve got to have the archi- tecture, the concepts, the governance and the rules so that if you want to plug into the network with this thing, it’s
going to meet this zero trust environ- ment,” one official said. “You’ve got to make sure that it’s all upfront and fits into the architecture.”
“We’ve had our zero trust founda- tion in place for about two years now, and we’re still not enterprise funded,” another official said. “We’re still relying on working with our customers, giving them a bill that includes our zero trust architecture and what it takes to run it and the resources and the manpower that are needed for it.”
“Succeeding isn’t something that’s going to guarantee any kind of fund- ing,” that official added. “Just having a path to hand it off may be the most appropriate approach.”
Investing in the human network
Most of the roundtable participants have been immersed in the govern- ment’s zero trust discussions for years, but even they acknowledged the chal- lenge of processing all the information on such a complex topic.
“I find myself in almost sensory over- load because of the amount of informa- tion that’s available without the tools that allow me to navigate the complex- ity so I can decide what it is I need to apply and where,” one participant said. “That’s the greatest challenge I’m experiencing as we try to continue to evolve those techniques that really are foundational to what we call zero trust today and also position ourselves to anticipate future threats.”
The good news is that “this is caus- ing a lot more collaboration than I’ve seen before with some of the govern- ment efforts,” another participant said. Government/industry working groups are active in ACT-IAC and the Advanced Technology Academic Research Center, and most vendors have stopped pitching their technolo- gies as a zero trust silver bullet, several participants noted.
“You see more collaboration and integration efforts between the ven-
dors in partnerships,” a government official said. “They know it’s an integra- tion effort. The collaboration is great.”
“What I’ve been telling people is to network,” one participant said. “We’re all trying to solve the same thing. Get out there because lo and behold, you’re going to find somebody who belongs to one of these working groups at some point and hopefully get some of the things that you need.”
“Honestly, I don’t see how you embrace conceptually what zero trust architecture is supposed to be doing without that type of collaboration,” another official said. n
Gerald Caron III
CIO and Assistant Inspector General for IT, Office of Inspector General, Department of Health and Human Services
Monica Farah-Stapleton, Ph.D.
Chief Engineer, Defense Healthcare Management System Modernization, Defense Department
Matt Huston
CIO and Chief Information Security Officer, Platform One, Department of the Air Force
Lisa Lorenzin
Director ofTransformation Strategy, Zscaler
Drew Schnabel
Vice President, Federal, Zscaler
VictoriaYan Pillitteri
Computer Scientist and FISMA Project Leader, National Institute of Standards and Technology
Note: FCW Editor-in-ChiefTroy
K. Schneider led the roundtable discussion.The Sept. 16 gathering
was underwritten by Zscaler, but both the substance of the discussion and the recap on these pages are strictly editorial products. Neither the sponsor nor any of the roundtable participants had input beyond their Sept. 16 comments.
September/October 2021 FCW.COM

   42   43   44   45   46