In our first post in this series, we talked about the origin of Executive Order 14028 and why the document was a necessary response to the evolving cyber threats against federal networks and critical infrastructure. In this post, we’ll examine three key components of the Order that set the pace for the modern cybersecurity framework:
- Cloud Security (network access to the data bearing systems)
- Multi-Factor Authentication (user access to the system(s))
- Zero Trust Architecture (Further requirements about the frequency of authentication and expands into authorization, enabling users to access specific assets on said system(s))
Taken together, all of these practices comprise one largescale defense strategy that is necessary for the protection of all systems in all nations against constantly changing cyber threats.
Accelerating Cloud Security
Executive Order 14028 encourages an accelerated movement to secure cloud services, recognizing the operational benefits that accrue from the cloud, and their need for security. The transition to cloud solutions must be carefully planned so as not to compromise security or compliance with federal standards.
Elasticity and scalability are provided by the cloud for agencies in a manner needed for modern strategies in cybersecurity. Moving to the cloud enables agencies to implement modern, up-to-date security tools and protocols that might be very hard and/or expensive to establish on-premises. Without strong cloud security measures, agencies put sensitive information at risk and can create new vulnerabilities.
Multi-Factor Authentication (MFA)
The implementation of MFA across all federal agencies is one of the immediate requirements of the executive order. MFA is a simple but highly effective security measure that fortifies identity verification by requiring users to provide two or more forms of authentication before accessing a system.
Password-based authentication has been proven to be among the weakest links in cybersecurity, as attackers use techniques such as phishing and brute force to compromise passwords. MFA minimizes this risk with the addition of another layer of verification that makes it significantly more difficult for attackers to access systems. MFA can include a combination of a password or PIN, authentication app, and/or biometrics such as fingerprints or facial recognition.
Executive Order 14028 requires federal agencies to implement MFA across all systems, so that only verified users would be able to access sensitive data and resources.
However, implementing MFA with federal systems on a large scale is not without challenges. Compatibility issues may arise, especially since many agencies make use of legacy systems that were never designed to handle MFA. In addition, users may protest because MFA requires an additional step in the login process. However, these inconveniences are outweighed by their security benefits. The Denodo Platform solves the legacy compatibility issue by providing a common access layer for all data, and it can surmount user resistance with augmented metadata and self service features to encourage adoption.
Zero Trust Architecture
Traditional security models use a “trust but verify” approach, assuming that users inside an organization’s network could be trusted by default. This has become outdated, as ways around perimeter defenses have been found by attackers who can then freely move laterally once they gain access. Enter Zero Trust Architecture.
What is Zero Trust? The concept of Zero Trust Architecture relies on one simple principle; no user, device, or application should be trusted by default, whether inside or outside the network. Instead, Zero Trust assumes every interaction could be a potential security risk, and thus each request should be constantly verified. This approach limits the movement of attackers inside a network, reducing the potential damage of a breach.
Zero Trust Architecture can be a major shift in methodology for any organization, including federal agencies – not only in terms of technologies, but also in terms of shifting the organizational culture and processes. However, the benefits it brings – reduced data breaches and minimized attack surfaces – make every investment worthwhile. The Denodo Platform also supports Zero Trust Architecture by enabling secure, real-time access to data through centralized data virtualization, enforcing role-based access controls, and preventing users or applications from accessing data without continuous verification and least privilege access.
How These Components Work Together
Cloud security, MFA, and Zero Trust are not stand-alone strategies but are woven together into a layered framework. Cloud hosting provides a scalable environment in which security measures can be continuously improved upon and modernized across the entire ecosystem. MFA sits on top of this environment for robust identity verification. Zero Trust enables these authenticated users to still be authorized for each specific data request. These three layers provide a strong security framework for all data systems.
Stay Tuned for the Next Post
In the next post in this series, we will outline one of the most critical initiatives in Executive Order 14028: securing the software supply chain. We will discuss why software supply chain security is critical, how federal agencies and software vendors are expected to comply, and what this means for the future of software development and procurement.
- Transforming Cyber Defenses: Robust Protection Strategies - March 18, 2025
- The Urgent Need for Cybersecurity Reform - February 19, 2025
- Managing Misuse, in Dual-Use Foundation AI Models - October 31, 2024
- Transforming Cyber Defenses: Robust Protection Strategies - March 18, 2025
- The Urgent Need for Cybersecurity Reform - February 19, 2025
- Managing Misuse, in Dual-Use Foundation AI Models - October 31, 2024