US federal agencies seem to be moving towards zero trust, but where are the small businesses?


The US federal government is not always the last to receive a memo. This is certainly true when it comes to creating zero-trust architectures.

A brief article in GovernmentCIO notes that federal agencies have until fall 2024 to implement the prescribed zero-trust components (the cornerstone of which is two-factor authentication).

The deadline wasn’t set until January, so it’s impossible to say at this time whether the bureaucracy is meeting expectations or lagging behind, but it’s ahead of small and medium-sized businesses around the world.

The Cyber ​​Readiness Institute has released a survey indicating that small business owners are ill-prepared for the growing risk of digital theft and fraud.

The five-year-old institute, made up of multinational companies, government officials and cybersecurity officials, says 46% of small business owners have deployed recommended multi-factor authentication products, let alone architectures. According to the institute, only 13% of small and medium-sized businesses require their employees to use MFA.

More than half of respondents said they were more or less unaware of multi-factor authentication. The same share does not use the MFA in their businesses.

Half of respondents (again) who have adopted multi-factor authentication to any degree are only “encouraging the use of multi-factor authentication”.

By definition, these organizations are tiny, but by their economic weight, they are enormous: small businesses in 2019 were responsible for 44% of economic activity in the United States, for example.

That’s a lot of cybersecurity exposure.

The U.S. federal government, on the other hand, has access to “really powerful two-factor” identity authentication tools, according to Dan Chandler, chief information systems security officer at the Office of Management and Budget. , the agency tasked with rounding up the government’s cats towards their due date.

Chandler was speaking at an online panel earlier this month sponsored by the Advanced Technology Academic Research Center.

Also on the panel, Brian Hermann, director of cybersecurity and analytics for the Defense Information Systems Agency, said they were deploying secure access to the service edge to consolidate and understand user data.

Hermann said his organization has learned that it’s not enough to no longer base security assumptions on location, for example. Systems must be free to consider all relevant data to grant access securely.

It may not be a new idea for security-conscious multinationals, but it’s years ahead of small and medium-sized businesses, one of the biggest economic drivers in the world.

Article topics

cybersecurity | multi-factor authentication | US Government | Zero Trust


Comments are closed.