Traditional security models alone are no longer effective, warns Wyatt. When cyber attackers get past corporate firewalls, like in the Target breach, they have capabilities to slowly and quietly move within the environment undetected.
The great risk reduction to this issue, said Wyatt, is to secure the data itself, so that no matter where the data travels and who has it, it can be locked down and protected.
Laying the Right Foundation for a Secure Environment
Before Wyatt was able to secure his networks and data, he needed to lay the foundation for a single secure environment. Given his overall 28 year background in technology, a Bachelor in MIS, Masters in IT and Cyber Security, combination of 16 years in IT Audit, Financial Audit, State Audit computer investigations, and audit IT infrastructure management, along with certifications in CISSP, CISA, MCSE, CCNA, CCSA, CEH, CHFI, and Azure foundations, Bill had the appropriate expertise to know what he needed to accomplish in his new role.
“When I first came to where I am working now, there was plenty of opportunity for improvement which is not unusual when working with state government entities, especially during challenging economic times when entities may have limited funding through State appropriations,” he said. “Initially, I had to take a shotgun approach and implement controls and bandaids to bridge immediate gaps. I've been working, and building a rock solid IT team, since day one, to whittle that away and simplify, consolidate, innovate, and keep cutting edge as much as reasonable. At the same time, I’m hoping to save costs while improving services, availability and security.”
Prior to being able to set up and manage the security framework needed to secure data across federal and state, Wyatt had to move to a cloud-based infrastructure to give him the flexibility, cost savings, agility, security and services he needed to execute a comprehensive ZTA security plan.
“While locally I had strong support to move to a cloud-based infrastructure, there was no shortage of red tape outside, especially at the state level,” he said.
“It took me two to three years to get through most of the red tape. Once I was able to quantify the risk regarding $28 billion in assets, and provide clear and concise information regarding risk, we finally got buy-in at the state level that was needed. Providing that clear picture of risk to state leadership was critical in removing that red tape. We simply could not put the complete set of security controls in place with the way it was architected. Since then, from an on-prem hybrid infrastructure perspective, we have settled on Nutanix, at the core.”
Wyatt has relied on Nutanix software since 2015 and is moving to HPE hardware running the Nutanix. In addition to cost-savings from moving off of VMWare, Wyatt moved all support under Nutanix in order to have a single point of contact for all issues.
“Now we don’t have to go all over the place to other vendors to get the support we need,” Wyatt said. “They are going to handle all the tiers in one place under the Nutanix hypervisor.”
[Related story: Hybrid Cloud and IT-as-a-Service, Forces Behind the HPE and Nutanix Partnership]
Once he set up a cloud-based infrastructure, Wyatt could now focus his attention in securing all the data across his network, and leveraged the ZTA concept to get there.
Strong User Identity, Device Validation are Core to ZTA
“Zero-Trust Architecture (ZTA) for me has a few major components,” explained Wyatt. “First and foremost is the user identity. Our goal was to harden that identity and have confidence in it. If controls and mechanisms around identity management aren’t strong, it puts at risk everything else.”