Our guest today is Michael Friedrich, Chief Architect, Cyxtera Technologies – Federal. Today’s interview has a focus on perimeter cyberdefense. He has a background in senior engineering positions in organizations like SAVVIS, Terramark, Verizon, and IBM. Many of the projects he was involved with included agencies like F.B.I .GOV and Whitehouse .GOV.
Because of this experience, he has a unique ability to expand on the concept of cybersecurity and zero trust. People who have been involved in networking for their careers know that the Virtual Private Network (VPN) has been around since the mid-1990s. During the discussion Michael states that the VPN was a great solution in its time, but cybersecurity has moved on.
Today’s network environment assumes that attackers are inside the system, what is commonly known as internally compromised clients. The VPN van be viewed as just another option for entering a federal system and then moving horizontally. Michael Friedrich says that the new perimeter is the person.
He talks about Multiple Authentication Transport Layer Security. This means to authenticate first, then allow access to specific sets of data. This authentication can involve identifying devices, locations, and even time of access. Today, this concept is commonly known as zero trust.
Firewalls have evolved into systems that have thousands of rules, a complexity that gets in the way of responding to a threat. In order to protect high value data sets, one must not assume data is available on a need to know basis.