Ross Foard, an ICAM Subject Matter Expert with the Continuous Diagnostics and Mitigation (CDM) Program at the Cybersecurity and Infrastructure Security Agency (CISA), spoke at a virtual summit organized by the Advanced Technology Academic Research Center (ATARC) on July 26 about why a [Zero Trust Architecture] requires machine-identity management.
“The government has focused for a long time on human identities, and we’ve done a pretty good job of making sure that we know who the human identities are, identity proofing, issuing strong authenticators. But that’s being overcome by the number of machine identities that are emerging,” Foard said…
Identity, Foard explained, is the new network perimeter, and agencies need to validate every machine’s identity regardless of location. Limiting verification to user identities could present a false notion of security, he said.
And due to all of the different operating processes with Federal agencies, there is no one-size-fits-all for machine identity, Foard said. Rather, “there are several different ways to identify and manage machine identities,” he explained…
