Article

Investment Tradeoffs for Zero Trust Implementation

By Donna Roy

Federal chief information officers (CIOs) manage a diverse portfolio of major initiatives. CIOs are responsible for building a robust cyber defense, providing modern software delivery, enabling high-functioning data analytics platforms, and retaining a highly skilled IT workforce in a competitive market. The White House has released memorandums requiring agencies to rapidly strengthen their systems against cyber threat actors. This included the issuance of the Office of Management and Budget (OMB) Memorandum 22-09, Move the U.S. Government Toward Zero Trust Cyber Principles, released on January 26, 2022. 

As mandated by OMB M-22-09, all federal agencies must transition to a Zero Trust architecture, which requires a sufficient budget, resources, and time. Forming a budget for Zero Trust implementation requires identifying the right balance of investments to keep progress on other major initiatives underway. While this is a complex problem, finding an approach that will work for your organization can be as simple as taking the following three steps to ensure you are funding and prioritizing the most important and impactful efforts:

 

Review what's in flight — Your teams are managing a portfolio of projects, and it is critical to make sure that these efforts align to the organization’s long-term vision and strategy. If initiatives do not move the dial forward on your agencies’ goals and objectives, they must be de-prioritized, and their resources reallocated to increase support for other major priorities.

Check your toolbox —  Take the tools out of the box, align services to the US Cybersecurity and Infrastructure Security Agency maturity model’s five pillars, and identify where capabilities overlap and simplify to reduce complexity.

Assess your maturity — Prioritize new work based on the organization’s maturity levels in the five Zero Trust pillars. Begin with the assessment of OMB survey responses and the risk posture of your agency. Identify the most significant risks and develop opportunities to increase maturity and reduce risk.

 

Benefits of This Approach

It is critical to invest in initiatives that align with your agency’s vision and strategy to produce the greatest results. Assessing the value of the organization’s current portfolio can help identify investments to continue or halt to reduce redundancies and build a stronger cyber defense.  

 

Why Guidehouse?

Guidehouse understands the complexity, time, and financial constraints of implementing the Zero Trust principles as part of IT modernization. Guidehouse has successfully led the Zero Trust deployment at the enterprise level for federal organizations. Guidehouse will present time-saving strategies and approaches to avoid financial pitfalls, establish change-management routines, and maintain compliance throughout the process. 


Let Us Guide You

Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.