A proven Department of Energy (DOE) prime contractor, Criterion is committed to protecting and securing our nation’s resources and national security interests through innovative cybersecurity and IT solutions.
We are happy to once again be sponsoring the NLIT Summit in 2021 and are preparing a panel on the Department of Energy (DOE) Zero Trust Reference Architecture to take place later this year.
Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from status, network-based perimeters to focus on data, assets, applications, and services (DAAS). Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the Internet) or based on asset ownership (enterprise or personally owned).” Zero Trust requires designing a simpler and more secure architecture without impeding operations or compromising security. The classic perimeter/defense-in-depth cybersecurity strategy repeatedly shows to have limited value against well-resourced adversaries and is an ineffective approach to address insider threats. For example, Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, adding layer 7 threat prevention, and simplifying user access control.
Criterion’s Zero Trust Approach assumes that an attacker is ever present within an environment. As such, our approach is an enterprise reference architecture that is based on drastically reducing the size of implicit trust zones while adding granular access rules and opportunities to enforce these rules. This is achieved by expanding the number of policy decision and enforcement points across key areas of the defense-in-depth model and leveraging both new and existing cyber capabilities to challenge subject and data movement. This approach will more effectively mitigate the risk of successful data breaches and limit internal lateral movement as a result of internal compromise. Our approach is also effective across any type of system boundary, whether it is on-premise, hybrid, or native cloud.
IT’s response to the pandemic has highlighted the technologies, strategies and culture necessary to drive success going forward. The health crisis has dramatically changed the way IT departments provide services to their organizations. That includes supporting the massive shift to a work-from-home model that few could have fathomed a few months ago. But the crisis has also highlighted the importance of investing in modernization and the need for Agencies to develop, update, improve and implement their IT modernization plans. In June 2020, Sen. Maggie Hassan, D-N.H., sent letters to 10 major federal agencies asking what each is doing to modernize aging IT systems, as issues with legacy systems have been exacerbated by the COVID-19 crisis. This panel will share some lessons learned and discuss some of the challenges and promised benefits of IT modernization.
Criterion’s Agile IT modernization approach is designed to modernize agency infrastructure in a repeatable, scalable manner based on best practices identified by industry and internal government stakeholders. Using our two-speed approach, Criterion focuses its efforts on quickly fixing/updating customer-facing applications while taking a slower and more measured approach to updating backend systems. This allows very quick iterations on the frontend without incurring the concurrent cost and risk that goes along with updating supporting systems at the same time. Backend technology is updated at a more moderate pace, which ensures that technology transformation occurs without putting the organization at substantial risk.