Ep. 118 An update on Zero Trust for the Federal Government Federal Tech Podcast: for innovators, entrepreneurs, and CEO's who want to increase reach and improve brand awareness
-
- Technology
There was a time when a “snapshot” of a federal system was taken, and its security posture was evaluated based on the moment in time. That may have been a tolerable solution when a network consisted of two dozen personal computers and a server down the hall. However, this superficial approach will not work with today’s networks in constant change.
For example, data is exploding and entering systems from a wide variety of portals. Add to that the devices that deliver that tsunami of data are doubling and tripling themselves.
During this interview, Jonathan Trull from Qualys gives his opinion on the state of today’s federal technology when it comes to vulnerability assessment, configuration settings management, asset management, and dynamic application security testing.
He also addresses qualitative aspects of managing assets. Jonathan Trull refers to the weakness of a “checkbox” approach to managing assets. In mature systems like the federal government has today, you may discover managed and unmanaged assets. Just because you check the box on “managed” assets, this does not mean it is professionally managed; it may be poorly managed leaving a system vulnerable.
Software development is all about Minimum Viable Products and frequent changes. Terrific for agile software development, however, each update means a new weakness could be introduced. Federal leaders must embrace agile methodologies and keep systems safe at the same time.
This means everyone should consider dynamic security application testing as part of a prudent network safety analysis.
This interview will give you a good introduction to how to keep enterprise systems safe in a world of constant change.
Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/
Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com
There was a time when a “snapshot” of a federal system was taken, and its security posture was evaluated based on the moment in time. That may have been a tolerable solution when a network consisted of two dozen personal computers and a server down the hall. However, this superficial approach will not work with today’s networks in constant change.
For example, data is exploding and entering systems from a wide variety of portals. Add to that the devices that deliver that tsunami of data are doubling and tripling themselves.
During this interview, Jonathan Trull from Qualys gives his opinion on the state of today’s federal technology when it comes to vulnerability assessment, configuration settings management, asset management, and dynamic application security testing.
He also addresses qualitative aspects of managing assets. Jonathan Trull refers to the weakness of a “checkbox” approach to managing assets. In mature systems like the federal government has today, you may discover managed and unmanaged assets. Just because you check the box on “managed” assets, this does not mean it is professionally managed; it may be poorly managed leaving a system vulnerable.
Software development is all about Minimum Viable Products and frequent changes. Terrific for agile software development, however, each update means a new weakness could be introduced. Federal leaders must embrace agile methodologies and keep systems safe at the same time.
This means everyone should consider dynamic security application testing as part of a prudent network safety analysis.
This interview will give you a good introduction to how to keep enterprise systems safe in a world of constant change.
Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/
Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com
23 min