Why the U.S. Government is adopting SOAR as they move towards Zero Trust cybersecurity principles.
On January 26, 2022, the Biden Administration issued a memorandum for the heads of executive departments and agencies. This Executive Order (EO) expands upon the May 2021 EO 14028 which sought to improve the nation’s cybersecurity posture, and goes as far as to mandate specific cybersecurity standards to be implemented by the end of Fiscal Year (FY) 2024. Specifically, all U.S. Government agencies are now required to move towards zero trust cybersecurity principles. Security Automation, Orchestration and Response (SOAR) is one of the required technologies.
Agencies that have taken steps to implement a zero trust architecture are well versed in its foundational pillars that call for:
Enterprise Identity Management
Application Workload Security
The need for SOAR capabilities underpins, and connects, these five foundational pillars of zero trust security. It is also the technical solution to the #1 expected challenge of centralizing siloed cybersecurity tools that federal and public sector agencies anticipate facing when implementing a zero trust architecture (Merlin Cyber).
The “Why” Behind the SOAR Mandate
The implementation of security automation capabilities is referred to as a “practical necessity” in the federal zero trust strategy memo. SOAR’s importance for the security of government agencies cannot be understated. But why is this?
Without security automation there is simply no feasible way for the Department of Defense (DoD), civilian agencies, or large enterprises in the private sector to handle the volume of security alerts, disconnected tools, and complex processes while they are understaffed.
According to the (ISC)2, 86% of cybersecurity job postings attract fewer than 10 applicants today. To fill this gap, cybersecurity hiring would need to increase by 41% in the United States. These understaffed security teams are currently dealing with an average of 47 cybersecurity solutions, 10,000 alerts per day, and 39% of their processes being manual. To overcome these challenges, and implement a zero trust architecture by 2024, security automation is the only answer.
Adopting zero trust security principles is the most urgent mandate that federal agencies face today. Public sector initiatives, like the Biden Administrations executive order made on January 26, 2022, increase agencies’ confidence in zero trust solutions and we know many are still carefully evaluating options.
Automation that Delivers a System of Record for Security
The need for security automation to address these pain points is not a new concept, but it’s sure in the spotlight now. Well before the Swimlane low-code security automation platform was established in the market, I was on the front lines of security. My time working in various IT and security roles at the Department of Homeland Security (DHS), the U.S. Defense Information Systems Agency (DISA), American Express, and IBM made me acutely aware that the challenges security practitioners face will not be solved if the security industry continues down the path it was headed a decade ago.
Out of this experience, I realized the need for a solution that was powerful enough to solve the most sophisticated security challenges, flexible enough to automate anything, and capable of enabling builders so that security automation can extend beyond the SOC. The Swimlane platform is built with this in mind. Swimlane equips security practitioners with security automation tools, working within the confines of a zero trust architecture.
Intelligent security automation feels like a daunting task to take on head first, but with the right strategy and partners, it doesn’t have to be. For those of you in the public sector space, we team with very capable partners like Merlin Cyber. Together, Swimlane and Merlin stand ready to help you achieve the five core pillars of a zero trust architecture through intelligent security automation.
When you’re ready to learn more, contact us here.
See how security automation can work for you
Learn more about the Swimlane platform works by scheduling your own live demo at swimlane.com/demo.
To learn more about this blog’s author, visit swimlane.com/about/leadership/cody-cornell.