Illustration: Shoshana Gordon/Axios
A security practice that few know how to define will take up a lot of the federal government's and the private sector's attention this year: zero-trust architecture.
The big picture: Federal agencies are racing to meet a September 2024 deadline to transition to it — and companies are looking to the government for guidance on what an esoteric zero-trust framework actually looks like.
How it works: "Zero trust" refers to a combination of security principles that can take several forms. Simply put, the idea focuses on limiting employees' internal access to the documents and files they need for their jobs.
Why it matters: Security experts have long held a zero-trust framework as the gold standard for organizations since it would minimize the impact a hacker with a stolen employee password could have.
Catch up quick: The White House ordered all civilian government agencies last year to establish and implement a zero-trust plan by the end of September 2024 under the administration's zero-trust strategy.
Details: Cybersecurity consultants and lobbyists tell Axios that most of the zero-trust conversation this year will focus on the White House's ability to aid federal agencies in their mandated transitions.
Between the lines: Federal CISO Chris DeRusha tells Axios his office is helping agencies overcome a handful of hurdles in their transitions, including modernizing their technology so it's capable of supporting things like MFA and finding talent to help assist in the transition.
The intrigue: The private sector has been leading the way in adopting zero-trust ideas — providing valuable insights that the public sector can learn from.
Yes, but: Zero trust isn't a total silver bullet for securing a company.
Sign up for Axios’ cybersecurity newsletter Codebook here.
Why more federal agencies, companies are adopting zero-trust … – Axios
