Zero trust, privacy insights from state CISOs

Government Technology reports that changes in the cybersecurity landscape during the past two years have prompted state chief information security officers to emphasize zero trust approaches and privacy efforts. Numerous security concerns emerging from growing cloud adoption and remote workforce utilization could be addressed with zero trust security, which pushes for rigorous device and user authentication, according to Virginia CISO Mike Watson. "It's required us to come up with some very creative, structured mechanisms to say, 'Look, I'm establishing trust based on an identity and then I'm taking that identity and trust and tying it to every transaction that I'm making,'" said Watson during a FedInsider discussion last week. Moreover, Arizona CISO and state Homeland Security Director Tim Roemer noted that implementing zero trust could also help combat insider threats. However, ensuring zero-trust adoption across state agencies remains a challenge, said Roemer. Meanwhile, Virginia and other states have also been working to balance the use of data for improving government service access and convenience, while ensuring data privacy.