As federal agencies digitize their processes and modernize their IT systems, the value and potential of the data they collect increases significantly. The right digital infrastructure platform enables collaboration with broad ecosystems of service providers and government mission partners across the globe that wasn’t available before the latest advancements in technology. Examples include direct interconnection with data analytics providers with machine learning capabilities that allow intelligence analysts to identify leads quicker and software-defined networking that removes IT siloes to integrate data sets across agencies.
That platform also helps agencies improve their customer experience by facilitating the digitization of payment and application processes with consistent, streamlined service delivery to the public regardless of physical location.
However, moving more agency functions online comes with an increased cybersecurity attack surface.
After multiple high-profile significant cybersecurity incidents, including the SolarWinds breach, the Microsoft Exchange Server hack, and the Colonial Pipeline ransomware attack, the Biden Administration issued Executive Order 14028[1] in May 2021 to shore up the Nation’s cybersecurity hygiene and practices. The EO requires federal agencies to develop a plan to implement a zero-trust architecture (ZTA)—including multi-factor authentication and encryption of data at rest and in transit, where possible—while simultaneously prioritizing resources for secure cloud adoption.
Since then, the Office of Management and Budget issued a memorandum[2] building upon the EO and setting a target for agencies to achieve zero-trust security goals by the end of Fiscal Year 2024. The clock is ticking.
Today’s bad actors are numerous and highly motivated. Therefore, agencies should view ZTA as a shift away from the concept of “trusted networks” and assume they need to perpetually defend against malicious actors both inside and outside their network. This means no longer relying on traditional cybersecurity perimeters, but breaking them down into isolated environments.
What does zero trust look like?
The U.S. Department of Defense (DoD), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have released variations of Zero Trust Reference and Maturity Models. All three have five pillars in common: users/identities, devices, networks, applications, and data.
Cyber attacks are launched against government networks on a daily basis, and it just takes one click on a phishing email for an adversary to gain a foothold inside the network. That’s why it makes sense for agencies to treat all users as potential adversaries until proven otherwise and assume all devices are internet connected. Previously the saying went “trust, but verify.” Now, the mentality should be “never trust, always verify—and continue to reverify.”
In practice, a zero-trust architecture means every service, user, application, workload and data flow is challenged for authentication before it’s allowed access to the network or any resources within the network. When access is granted, it’s by the principle of least privilege, meaning users and specific devices are authorized to access the specific resources they have a valid reason to access—and nothing else. Access is also conditional: it can be revoked at any time if the agency detects red flags in the user’s behavior.
The network aspect of zero trust applies to where the transfer of data occurs. This could include across internal agency networks, wireless networks, and the internet. Agencies must use network segmentation to enforce access and policy restrictions to ensure that any breach can be contained quickly and with minimal data exposure.
Any effective ZTA must also be backed up by secure applications. The volume of data entering agency networks has grown rapidly over the years. Now, artificial intelligence and machine learning (AI/ML) models are helping cybersecurity professionals scale their capabilities, scanning millions of access attempts every day to identify anomalies in real time. In addition, the models can be retrained using new data sets. As cybersecurity threats grow more sophisticated, the AI/ML models evolve to keep up.
Finally, zero trust must account for the information an agency needs to conduct its business—its data. This would include data both in on-premises and cloud environments. Federal agencies can apply interconnection services to bypass the public internet and privately exchange data with partners and service providers, thus keeping data protected as it moves back and forth between various cloud and on-premises environments.
How zero trust maps to digital infrastructure
Equinix has first-hand experience helping both public and private sector customers navigate the shift from siloed, centralized data centers to distributed, interconnected digital infrastructure. With that shift, organizations are able to accelerate their ZTA adoption.
Digital infrastructure is made up of three distinct components: digital core, ecosystems and edge.
A digital core is deployed in distributed locations throughout the globe, adjacent to cloud, network, and other digital service providers. When designing an interconnected digital core with Equinix, agencies are able to take advantage of API integration to add security capabilities wherever they need them, and not just at the network perimeter.
From a digital ecosystems perspective, deploying in a vendor-neutral environment adjacent to cloud, network, and other digital service providers allows agencies to leverage a combination of services from security vendors like Zscaler and Cloudflare and many others specializing in this space who are continuously emerging in the ecosystem landscape. In addition, agencies can connect with their mission partners to enable interagency collaboration and data sharing. They have the flexibility to connect with all the partners in their digital ecosystem via physical cross connects in colocation data centers or via virtual connections enabled by a software-defined interconnection solution like Equinix Fabric™.
Some agencies are also taking advantage of secure cloud services to accelerate zero-trust adoption. A recent DefenseScoop article[3] details how the DoD is working to identify partners that may be able to offer zero-trust capabilities via cloud adoption as part of its Joint Warfighting Cloud Capability (JWCC) multicloud initiative.
Finally, the digital edge means executing the mission closer to end users and devices wherever they may be, and enabling authorized access to needed services and applications. The nature of the services agencies provide will change constantly, as will the cybersecurity threats faced while doing so. This means the digital edge isn’t a specific location; it’s a baseline to start from, with the understanding that the baseline will shift constantly.
GXI benchmark data underscores the importance of interconnection
The 2023 Global Interconnection Index (GXI), a market study published by Equinix, quantifies the important role interconnection plays in building modern digital infrastructure, and why it’s a natural fit for any zero-trust security strategy. According to benchmark data from the GXI, interconnection bandwidth[4] is set to grow at a five-year compound annual growth rate (CAGR) of 40% across the globe.
The GXI data demonstrates the growing complexity and diversity of the digital ecosystems that modern organizations rely on. Service Providers still account for 57% of global interconnection bandwidth mix, compared to only 43% for Enterprises. However, Enterprises are growing interconnection bandwidth much faster: 46% CAGR, compared to only 36% CAGR for Service Providers.
This is a clear sign that organizations across the globe are interconnecting with more partners and exchanging more data than they may have in the past. Being able to integrate these partners into digital ecosystems—in a way that allows them to exchange data and services freely, but without being granted improper access—is a key part of the challenge of building an effective zero-trust architecture.
Equinix can be the partner that makes zero trust work
The caveats around ZTA are clear: there’s no single approach that’s right for every agency, which means there’s no one-size-fits-all solution.
That said, when federal agencies utilize Equinix’s digital infrastructure platform, it allows them to bring together the complete ecosystem of both commercial and government partners needed to support the unique zero-trust requirements of their agency—cloud service providers, network service providers, security vendors and more—on one platform. In addition, our global footprint of 240+ data centers across six continents helps ensure your ZTA can adapt to wherever your mission requirements take you.
To learn more about how Equinix can help support the unique security requirements of your agency, contact us today to schedule a Digital Edge Strategy Briefing.
See our Distributed Security Blueprint for a deeper look at the design patterns and principles that drive the Equinix approach to cybersecurity.
[1] Executive Order 14028, “Improving the Nation’s Cybersecurity”. May 12, 2021.
[2] Office of Management and Budget, “Memorandum for the Heads of Executive Departments and Agencies: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles”. January 26, 2022.
[3] DefenseScoop, “DOD looking to cloud vendors to accelerate zero trust and CMMC adoption”. Billy Mitchell, September 16, 2022.
[4] Interconnection bandwidth is a measure, calculated in bits/sec, of the capacity provisioned to privately and directly exchange traffic between two parties, inside carrier-neutral colocation data centers.