Vu Nguyen, chief information security officer (CISO) at the Department of Justice (DoJ), explained at the Zscaler Public Sector Summit in Washington today how he expects the agency’s ongoing march toward zero trust security architectures to end up paying for itself in the benefits that the improved security yields – including by sharply reducing the cost of any cyberattacks on the agency’s networks.
Speaking during a one-on-one discussion with Zscaler Founder and CEO Jay Chaudhry, DoJ’s Nguyen listed out some of the benefits of the agency’s zero trust security progress, which is nearing the end of its first phase and the beginning of its second phase.
“What it does for us is that it shifts our security model from a reactive mentality to a more proactive one with continuous monitoring verification, because zero trust helps us to detect the suspicious activity as it’s happening,” Nguyen said. “And on top of that, it helps us to contain it [and] respond to it before it can cause significant damage.”
On the user experience front, he said the agency’s zero trust implementation is “definitely making it easier for the user to authenticate” to DoJ systems “to access the resources they need.”
One example of that improved user experience, he said, involves DoJ employees being able to use mobile devices to access any resources they need offsite, and to undertake shared tasks like co-editing documents.
“That concept five or six years ago was not doable, and that to me, is a huge win, a game changer, especially for employees that are in the field doing this day in and day out,” the CISO said.
Asked by Chaudhry about the costs of implementing zero trust security, Nguyen replied that improvements in security can yield benefits in various forms but pointed specifically to lessening the cost of cyber breaches.
“One of the biggest burdens … is breach,” he said, which involves a “lot of money, time, and effort in recovering the work, lost productivity, and not to mention the reputational damage.”
“So, what zero trust does is that it helps us to have the visibility that we need,” he said. “And on top of that, it helps us to detect threats earlier, respond to them, and contain much faster, before they actually can do additional harm.”
“To me, a strong zero trust implementation will pay for itself down the line,” the CISO said.
“Containment is important,” added Zscaler’s Chaudhry, because “lateral movement is one of the biggest issues that bad guys explore. And by design, zero trust doesn’t let you do lateral movement.”
During a separate address at today’s event, Chaudhry discussed the evolution of cybersecurity technologies and the ascendance of zero trust security architectures in replacing traditional perimeter-focused approaches.
Chaudhry also updated figures on Zscaler’s public sector customer base, which he said includes more than 7 million public sector users, and 14 of the 15 U.S. government cabinet-level agencies, along with 50 percent of states in the United States.
