Share these talks and lectures with your colleaguesInvite colleagues
Zero trust in an all too trusting world
The traditional network model used the moat and castle defence, a clearly defined perimeter whereby everything outside your network is untrusted, but everything inside is trusted. The issue with the traditional model is that when a bad actor is able to obtain access to get past the outside walls, there is nothing of significance left to protect the internal network. With a zero trust network model, the protections do not stop at the perimeter, because the model assumes the adversary is eventually going to breach the walls and therefore treats all communications as untrusted. Within a zero trust network the key criteria are what the data is, where the data is located, and who should access the data. The premise of zero trust is built on strong identities, authentication, trusted endpoints, network segmentation, access controls, and user and system attribution to protect and regulate access to sensitive data and systems.
The full article is available to subscribers to the journal.
Gerald Caron is a member of the Senior Executive Service (SES) and serves as the Director of Enterprise Network Management (ENM) within the Directorate of Operations in the Bureau of Information Resource Management (IRM). Gerald has over 24 years’ information technology experience. He began his career in the US Army working in hands-on technical positions, serving for seven years as a programmer and administrator. He then spent two years as a contractor with the Federal Government, where he acquired more refined technical skills and a more detailed understanding of IT operations. Gerald joined the Federal Government at the Department of State (DOS) in 2003 as a systems administrator. He has held five different positions at the department, moving from managing small technical groups leading up to his current role as the ENM Director. One of his most significant accomplishments was acting as the technical liaison during a major cyber security event at the department. His leadership allowed the department to resolve the incident as quickly and effectively as possible. As the Director of ENM, Gerald is personally responsible for the leadership of the largest office within the IRM bureau, establishing a strategy, managing the financial portfolio of over US$200m and prioritisation of work across a wide range of disciplines. Gerald received his associate degree (Magna Cum Laude) in computer information systems, network administration from the Northern Virginia Community College. At the Department of State he also has received training in executive potential program from the USDA Graduate School in 2009 and advanced leadership skills in 2014. Gerald is a Certified Project Management Professional (PMP) since 2009 and received his Federal IT Security Manager Certification (FITSP-M) in 2017. He has received seven individual awards for his exceptional service since 2004.