Popular Voices

SBA CIO: Zero-Trust is Next Step in Agency’s Cyber Evolution

SBA CIO: Zero-Trust is Next Step in Agency’s Cyber Evolution

Implementing zero-trust frameworks is the next step in advancing the Small Business Administration's cybersecurity tools and strategies, said Guy Cavallo, the agency's chief information officer.

“Our next step is to take all of this to every one of the 115 different SBA locations to zero-trust networking and break apart from everything being connected and once you are on the SBA network, you are trusted, to not trust anything,” Cavallo said.

The zero-trust approach is a cybersecurity principle that says organizations should not automatically trust anything inside or outside the scope of their cyber defense, Federal News Network reported.

Cavallo said SBA's continuous diagnostics and mitigation program, which is led by the Department of Homeland Security, prepared the agency to move toward a zero-trust framework. 

In combination with the DHS-supervised Trusted Internet Connections program, the CDM program allowed SBA to rely on cloud security tools to oversee on-premise and cloud network services.

According to Cavallo, the SBA's modernization efforts would allow the agency to shift from its 1990s-era "hub and spoke" model, which he described as less secure.    

Cavallo said that under the SBA's new model, each agency office would act as its own hub, preventing an agency-wide paralysis if one office is compromised. 

The agency has reportedly partnered with the Air Force and the Defense Information Systems Agency, among other agencies, to pilot the concepts around the zero-trust approach.

SBA is a government agency that supports entrepreneurs and small businesses. It advances the federal government's efforts by delivering a large chunk of prime contracts to small businesses.  

Category: Popular Voices

Tags: Air Force CDM Program cloud tools Continuous Diagnostics and Mitigation cybersecurity DHS DISA Federal News Network Guy Cavallo Popular Voices Small Business Administration Trusted Internet Connection zero trust framework