Skip to content

Legacy tech could undermine ‘zero trust’ push

June 22, 2023 – Published on Route Fifty

State and local governments may be determined to implement so-called zero trust cybersecurity strategies, but legacy technology and infrastructure could present a major obstacle.

Zero trust is a security framework based on the principle of never trust, always verify. It is designed to protect users, applications, infrastructure and data, whether systems reside in an agency data center, in the cloud or in a hybrid environment. 

Many government agencies still use legacy systems to manage complex, critical business functions like benefits programs, and mission-critical business functions and processes. But because these systems were developed before cybersecurity was a major concern, they lack features that can make them more secure. 

It all adds up to a big headache for state and local governments that must balance their need to defend themselves against evolving threats with managing legacy assets that cannot easily be upgraded or migrated to the cloud.

One way agencies try to protect their legacy systems against modern threats is by adding features to address specific vulnerabilities, but that approach has drawbacks. 

“Government is always good at fighting the last war,” said Matt Keller, vice president of federal services at cybersecurity company GuidePoint Security. “We always go in and look at what has happened in the past, and then build requirements to fight that last war.”

Read More HERE.