When implementing a zero trust security architecture, an official from the Department of Health and Human Services (HHS) said today that the real change is not a change in technology, but rather a “change in culture” within the organization. .
At ATARC’s Federal Security Breakfast Summit on April 14, Nicole Willis, chief technology officer of HHS’s Office of Management and Policy, Office of the Inspector General, explained that her agency is currently working on a strategy to include zero trust in the HHS culture.
“It’s not just a change in technology, we’re making efforts to change the culture and change our communication,” Willis said.
“We’re really taking the approach of how we can transform our business operations to manage a multi -cloud environment and make sure we’re building things – building on security and zero trust architecture from scratch,” he added. . “And enabling development teams to be part of zero trust and cyber practices.”
One way HHS does this, Willis says, is through zero trust -centered employee training. These could come in the form of a “zero trust 101” training with staff or a “why zero trust is important to everyone” training throughout the OIG community, he said.
Willis explained that it’s important to educate everyone on zero trust and bring users into the community to be a “part of zero trust” so they can be “comfortable with the concepts.” Willis ’explanation is piggybacked on HHS OIG CIO Gerald Caron’s talk from earlier at the summit, which focused on the importance of communication and collaboration in building a zero trust architecture.
“Sometimes they are scared. They think zero trust is just to lock everything in, ”Willis said.“ But in some cases, I want to show it that it’s like we’re securing data and applications, sometimes they have more flexibility to do the things they need to do but in a secure way. ”
Jonathan Alboum, Federal CTO and chief digital strategist for the Federal government at ServiceNow, agreed with Willis and said it also helps explain zero trust to Federal employees in terms of mission.
“We do IT in the Federal government, not because we’re technology organizations, we do IT because IT is the foundation for the mission delivery plan,” Alboum said.
“If you can make the connection between these changes that you need to make for zero trust and the architectures that we will implement, the way we need to build systems, and you tie that back to the mission results, the people served by HHS. … Well now people who need to make some changes will find a little more incentive to do so, ”he added.