The US Federal Government Moves Toward Zero Trust
On January 26th, 2022, The Office of Management and Budget (OMB) published the OMB Memorandum M-22-09. The concept behind this strategy is to “set forth a Federal zero trust architecture strategy, requiring agencies to meet specific cybersecurity standards and objective by the end of the Fiscal Year 2024 in order to reinforce the Government’s defense against increasingly sophisticated and persistent threat campaigns,” says the order. With this order, Federal agencies will be mandated to improve their overall IT infrastructure and modernize how they approach security. “The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted,” says the Department of Defense Zero Trust Reference Architecture.
This is a major step in the right direction to securing the US Federal Government’s infrastructure, networks, and data. At Flosum, we are no stranger to security and secure infrastructure. From the outset, we committed to a “Native Salesforce” architecture which prevents your sensitive DevOps data from leaving the secure confines of the Salesforce cloud. As added measures, we encrypt your data in transit and at rest and build in advanced auditing features to address compliance. With no API connection into the Salesforce infrastructure, Flosum requires no “backdoor” access to your data. As a native application, every new release of our DevOps product is rigorously scrutinized by Salesforce InfoSec teams which allows us to conform to SOX, GDPR, GovCloud and other worldwide standards. To address the Zero Trust standard, we explicitly state in every customer contract: “We do not have access to your data. We cannot modify or disclose Your Data to any organization.” What this means is that there is no technical way for us to access your data which, after all, is the highest standard for Zero Trust compliance.