Alma Cole, chief information security officer of the Customs and Border Protection (CBP), said migrating network user identities to the cloud from legacy systems is key to enabling the Department of Homeland Security (DHS) to have a zero-trust security, FedScoop reported Wednesday.
He pointed out during a virtual cybersecurity event that DHS agencies have disconnected services for usernames and passwords. However, Cole added that having "cloud-first” identities could allow for more secure connections with other agencies and DHS' external partners.
The official said the department would then be able to control which network portions can be accessed by on-premise and external users.
DHS is considering secure access service edge cloud services as a replacement of its virtual private network used by remote workers and other offsite users. A comply-to-connect framework, a network access control system and a software-defined network are also planned for on-premise user access.
"That is probably the first real, meaningful way to start implementing some hard, zero-trust access control policies and really lock down your agency,” said Cole. He also called for expanded guidance on zero-trust security at the federal level.