Zero Trust in the Context of Browser Security - July 16th
Icon Rounded Closed - BRIX Templates

Three steps to Zero Trust for state and local agencies


With cyber threats to state and local systems and data growing non-stop, there’s no doubt that implementing a Zero Trust cybersecurity strategy is a top priority. In fact, NASCIO’s The 2021 State CIO Survey found 67% of respondents will be introducing or expanding a Zero Trust framework in the next two to three years. Those plans have likely been galvanized by the Biden administration’s executive order mandating Zero Trust for federal agencies.

The frequent interactions between state, local, and federal governments make it highly advisable for IT leaders nationwide to follow suit with the federal directive. Doing so will help prevent malware that might have penetrated state and local systems from finding its way onto federal systems – and vice versa.  No two states or cities are alike, and every journey to Zero Trust will be different. But every Zero Trust strategy should include these three initiatives:

1. Education.

Zero Trust is a concept, not a product or service. As an IT leader, you probably understand it. But what about everybody else? Make sure your staff is familiar with the CISA Zero Trust Maturity Model. Approaches will vary, but in general, Zero Trust encompasses multi-factor authentication (MFA), least-privilege access to data and applications, and micro segmentation of IT networks and infrastructure.

Many organizations are already implementing some Zero Trust technologies, like MFA. But as other technologies to secure web browsers are introduced, agency employees will have to adapt to tighter access controls and, potentially, extra steps. You’ll need to educate them as to the purpose behind the additional layer of security. Because Zero Trust needs to become a way of life for your staff as well as for your users, consider building Zero Trust advocacy into all your cybersecurity communications.

2. Budgeting.

The reality is, without funding, you will never truly implement Zero Trust. Although the recent allocation of $1 billion in cybersecurity funding is welcome, you’ll need to convince those who control the purse strings that Zero Trust will be worth a chunk of this money. By sharply reducing the number of successful breaches and drastically limiting the damage caused, the investment of time and money in Zero Trust can more than pay for itself.

While budgets can fluctuate from year to year, your commitment to Zero Trust must continue for many years — it won’t be enough to get funding for only one budget cycle. To make sure expenditures are baked into the budget every year, you will need to make the case for Zero Trust annually. Track the value of Zero Trust by measuring the decrease in attacks and their resultant damage, if any, compare your outcomes to other, similar agencies across the country, and be ready with hard numbers to make the case for future funding.

3. Technology.

To go beyond the basic measures of Zero Trust, you’ll likely have to embrace some new defensive technologies. A key tenet of Zero Trust strategy is to limit potential malware damage by isolating IT elements from each other. Micro-segmentation of servers and networks prevents malware from leaping laterally from one application to another. To implement micro segmentation, you will need to create network zones and define policies that govern the data traffic between zones. 

Similarly, a virtual “air gap” implemented through Remote Browser Isolation (RBI) interrupts the data traffic to browsers and email clients, keeping malware from ever reaching end-user systems, whether desktops, laptops, or tablets. When a user accesses a web site, RBI displays an image of the site on the user’s system. The content of the website is never trusted to reside on the user’s device. The Menlo Security Cloud Platform powered by an Isolation Core™ implements RBI transparently, so users can access the web and online resources without changing their daily routines.

For state and local governments, the federal mandate is a game-changer. Zero Trust is not a matter of if, but when.

Learn how Menlo can help you achieve Zero Trust security at ask@menlosecurity.com.

Menlo Security

menlo security logo
linkedin logotwitter/x logofacebook logoSocial share icon via eMail