“The Census Bureau needs time to move to a zero-trust security architecture because it’s still in the early stages of cloud migration, said Chief Information Security Officer Beau Houser.”
“While the bureau uses cloud services, it can’t abandon its wide network perimeter in favor of smaller ones around particular IT assets until more of those assets are in the cloud, Houser said during the Federal Zero Trust Virtual Summit on Tuesday.”
“A hybrid model mixing on-premise and private and third-party cloud services is required, and Houser hopes to get to a point where the bureau can share its data with researchers more easily.”
“’We feel like zero trust will also give us a lot of flexibility with customers who want to do different types of research projects,’ Houser said. ‘So we can be very flexible with what the customer is doing and still maintain a strong security posture around the data.’”
“The bureau still uses a virtual private network as its primary remote access method. A VPN serves as the point at which the agency enforces security, but that’s not always helpful if an attacker has acquired an employee’s username and password through a phishing attack. Once the attacker is on the network, it becomes very difficult to distinguish their movements from legitimate traffic, Houser said…” Read the full article here.
Source: The Census Bureau’s move to zero trust begins with the cloud – By Dave Nyczepir, September 22, 2020. FedScoop.