Zero Trust Cyber Exchange: Zscaler’s Danny Connelly offers insights on 4 zero trust challenges

Zero Trust Cyber Exchange: Zscaler

Make sure that everyone across teams is hearing that same information of what benefits zero trust brings to an agency.

Danny Connelly

CISO, Americas and public sector, Zscaler

A well thought-out strategy is a critical first step to making zero trust a reality at any agency, considering the investments needed to get any organization moving in the right direction.

The ability to plan and implement a zero trust solution is a significant technical and financial undertaking for agencies, Danny Connelly, chief information security officer for Americas and public sector at Zscaler, said during Federal News Network’s Zero Trust Cyber Exchange.

Connelly should know. Before Zscaler, he was CISO for operations at the Centers of Disease Control and Prevention.

Defining a zero trust investment plan

As part of planning, Connelly said agencies need to determine whether they have enough funding to purchase and maintain the necessary zero trust tools and resources.

“Modern cybersecurity solutions really require significant investment, in addition to what’s running currently or what agencies are supporting today,” he said.

Agencies must also ensure that in the transition to zero trust, they’re not inadvertently creating gaps in their security posture that create an opportunity for a major breach. “It’s not sustainable to implement the security solutions that we’ve all been using over the last 10 to 12 years,” Connelly said.

The shift to zero trust also requires agencies to stay on top of the culture change, and ensure that all organizations within the agency are making cybersecurity a top priority.

“Shifting to zero trust requires a new approach, a new mindset. And it’s not just one team’s responsibility anymore. The application team, the networking team, the security teams, they really all have to be in line and work together well to truly embrace the new environments that a zero-trust solution provides,” Connelly said.

Part of the culture challenge includes breaking down silos between different agency operations — for example, incident response teams sharing information with the applications teams.

“Have your incident response, your threat-hunting teams and your forensic teams share information on what they’re actually seeing on your network today. What threats are actually on your network?” Connelly said. “Because sometimes applications and network teams don’t get a security-focused project. But once you show them, ‘Hey, this actually happened,’ not ‘This might happen,’ it helps alleviate that roadblock.”

Look to other federal organizations for help

Agencies unsure of how to take their first steps implementing zero trust also have support from other elements of the federal government.

Connelly recommended that agencies just getting started with their zero trust strategies seek assistance from the Cybersecurity and Infrastructure Security Agency. “They are great and willing to help you not only interpret or get a direction with your zero trust strategy, but they’re there to help. That’s a significant benefit,” he said.

While addressing culture change must be a major part of a zero trust strategy, leveraging modern cybersecurity solutions also can help agencies achieve zero trust quickly, Connelly said.

He said Zscaler offers solutions that let organizations get to a zero trust–like state by connecting users to applications instead of the network.

While connecting users to their applications wherever they are, Zscaler can keep the application hidden from the internet to reduce attacks by malicious actors, Connelly said.

“I’ve experienced many failed attempts at securing cloud over the years, and we certainly make it easier by not having that cloud service provider front door open to attackers.”

To listen to and watch all the sessions from the 2022 Federal News Network Zero Trust Cyber Exchange, go to the event page.