Zscaler Cloud Security for Government
Enabling zero trust cloud transformation in alignment with executive orders from President Biden and CISA.
The White House has published a new executive order for cloud security and zero trust:
To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.
Zscaler helps agencies achieve the target goals of the Executive Order
The Zscaler Government Cloud provides agencies with secure access to the internet and cloud applications, supporting guidance from CISA, DISA, NIST, and TIC 3.0.
It helps agencies improve security, reduce cost and complexity, and deliver a better user experience.
Principles of zero trust for cloud security from the NSA
Never trust, always verify
Treat every user, device, application/workload, and data flow as untrusted. Authenticate and explicitly authorize each to the least privilege required using dynamic security policies.
Consciously operate and defend resources with the assumption that an adversary already has presence within the environment. Deny by default and heavily scrutinize all users, devices, data flows, and requests for access. Log, inspect, and continuously monitor all configuration changes, resource accesses, and network traffic for suspicious activity.
Access to all resources should be conducted in a consistent and secure manner using multiple attributes (dynamic and static) to derive confidence levels for contextual access decisions to resources.
Zscaler’s industry-leading approach
The Zscaler Zero Trust Exchange uniquely enables agencies to achieve cloud-native zero trust, protect against threats and data loss, and simplify policy creation.
Connect a user to an app, not a network
New APIs automatically create policies for apps and users, while machine learning allows for auto-segmentation of application workloads. These innovations accelerate policy-making and simplify microsegmentation.
Zero attack surface
Traditional firewalls publish your apps on the internet so they can be found by users—but also by bad actors. The Zero Trust Exchange makes apps invisible and accessible only by authorized users.
Proxy architecture, not passthrough
Unlike a next-gen firewall, a proxy architecture is designed for proper content inspection, including SSL, for effective cyberthreat protection and data loss prevention.
Zscaler enables agencies to adhere to all zero trust guidelines provided by NIST:
- All data sources and computing services need to be considered resources.
- All communication needs to be secured regardless of network location.
- Access to individual enterprise resources is granted on a per-session basis.
- Access to resources is determined by dynamic policy—including the observable state of client identity, application, and the requesting asset—and may include other behavioral attributes.
- The enterprise ensures that all owned and associated devices are in the most secure state possible, and monitors assets to ensure that they remain in the most secure state possible.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
Meeting the highest standards of government compliance
Zscaler Private Access has achieved an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) of High Authority to Operate (ATO). Zscaler Internet Access has achieved Moderate ATO and is "In Process" for High ATO.
Zscaler has received the Service Organization Control (SOC) 2, Type II Certification, an independent validation that Zscaler security controls are in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria
The Zscaler Cloud Security Platform is fully compliant with the ISO 27001 security standard for its cloud services and operations
The Zscaler Cloud Security Platform is fully compliant with the ISO 27018 for cloud privacy protection
Zscaler is compliant with the Federal Information Processing Standard (FIPS 140-2), meeting NIST requirements for cryptographic modules
Zscaler maintains compliance with Criminal Justice Information Services, ensuring the protection of information as required by CJIS Security Policy