2/3 Government Agencies Progressing Toward Zero-Trust Security Deadline

Highlights:

• The fundamental principle of zero trust guarantees that solely authenticated and authorized users and devices are granted access to applications and data.
• Low-code automation solutions are experiencing enthusiastic adoption, as nearly all agencies acknowledge and appreciate the advantages offered by these solutions.

Recently, Swimlane LLC, a company specializing in low-code security automation, published an unexpected report. The report’s surprising findings indicate that around two-thirds of U.S. government agencies express confidence in successfully adhering to the zero-trust prerequisites set by an executive order from the Biden administration. This goal is projected to be achieved slightly over a year before the set deadline.

In May 2021, the executive order was issued just a week following a ransomware attack that targeted Colonial Pipeline Co., causing severe disruptions to the pipeline system and leading to gas shortages along the U.S. East Coast. Among the various initiatives outlined in the order, a significant one was the mandate for federal agencies to develop and deploy zero-trust architectures.

Zero trust is a security paradigm that promotes distrusting both users and systems, regardless of their location within or outside an organization’s boundaries, unless they undergo thorough verification processes. The fundamental principle of zero trust guarantees that solely authenticated and authorized users and devices are granted access to applications and data.

In addition to the two-thirds of agencies that express their alignment with the zero-trust requirements set by the executive order, 64% of agencies also indicate their preference for adopting low-code security automation solutions to assist them in accomplishing their objectives.

While agencies exhibit unexpected confidence, the path to fulfilling these requirements is fraught with challenges, primarily from staff shortages rather than easy solutions. According to the report, 83% of federal agencies currently have vacant security team positions, and 64% of agencies note that the time required to fill a security position has increased over the past two years. One-third of federal agencies doubt their security teams will ever achieve full staffing.

Low-code automation solutions are experiencing enthusiastic adoption, as nearly all agencies acknowledge and appreciate the advantages offered by these solutions. Fifty percent mentioned that low-code reduces their dependency on coding for automation, while 40% confirmed that they effectively meet security automation needs using low-code solutions. Additionally, 38% acknowledged that low-code solutions expand in alignment with their security team’s expertise.

Conversely, despite low-code popularity, 99% disapproved of no-code solutions. Just under half indicated that no-code solutions lack essential features, 44% pointed out their inability to cater to all environments, and 43% anticipated the need for imminent replacement of no-code tools.

Cody Cornell, Co-Founder, and Chief Strategy Officer of Swimlane, stated in the report, “As a nation and society, we are at a crucial juncture with a multitude of significant cybersecurity challenges confronting us, from threats to our critical infrastructure to increasing and changing risks posed by nation-states like Russia and China. These challenges have put cybersecurity in the limelight for the federal government, as those elected to protect us realize that cybersecurity is a matter of national security.”