Better together: building Zero Trust security into federal mobility

Increasingly sophisticated and targeted cybersecurity threats and the consequent risk to national and economic security have led to a government effort to modernize its cybersecurity practices and create trust in digital systems. As first outlined in the May 2021 Executive Order on Improving the Nation’s Cybersecurity and reinforced in the 2024 Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a central focus of these ongoing efforts is a move toward Zero Trust architecture.

The basics of Zero Trust

Zero Trust is a cybersecurity model based on one simple principle – no user or device can be trusted by default. It recognizes that a secure perimeter no longer exists and applies the same scrutiny to every access request, whether it originates from inside or outside the network. Simple in principle, but challenging in practice, Zero Trust requires a system that is designed to:

1. verify every identity and device connecting to the network explicitly;
2. always assume the possibility of breach;
3. enforce least privilege access; and,
4. continuously monitor for and take action against abnormal or malicious activity.

This requires an end-to-end security approach that touches every endpoint and encompasses a mix of tools and capabilities from enhanced identity and access management to integrated security automation and orchestration.

Zero-trust security is not an end state but a journey. Agencies are grappling with cybersecurity and navigating a broader digital transformation as they strive to reach IT modernization goals and support an increasingly mobile and distributed workforce. As these efforts progress, we expect to see an increasing focus on extending Zero Trust principles across more elements of the digital infrastructure, including the mobile computing environment.

Zero Trust security in a mobile world

The move toward a Zero Trust architecture places new demands on endpoint security in the mobile environment. At a high level, it requires the ability to evaluate and protect the identity and behavior of both the user and the device, as well as precisely manage access to network resources. Fortunately, much of this capability already exists, and many agencies have started to lay the groundwork needed to align their mobile security strategy to Zero Trust principles.

At Samsung, Knox is the cornerstone of our security efforts and the foundation for our support for Zero Trust architecture. Samsung Knox combines a defense-grade security platform built into Samsung devices from the chip up with a comprehensive set of cloud-based solutions that enable IT administrators to secure, deploy and manage devices to meet their Zero Trust goals. Since its introduction in 2013, Knox has secured over 2 billion Samsung devices and is used to manage over 150 million devices.¹ Knox has successfully met the rigorous security requirements set by governments and major enterprises around the world, including Common Criteria and FIPS 140-2².

Samsung Knox provides federal agencies with a foundation to extend their Zero Trust architecture to the mobile environment in alignment with the Cybersecurity and Infrastructure Security Agency’s (CISA) guidance on Applying Zero Trust Principles to Enterprise Mobility.

Key examples of Samsung Knox support for Zero Trust principles include:

• User identity: Zero Trust requires ongoing verification of users beyond initial log-in to ensure that access rights are continuously appropriate. For example, imagine a federal law enforcement officer puts their phone down briefly during an active field investigation. If a bad actor quickly picks up that phone while the officer is logged in, there is a risk that the phone could be used to access sensitive agency data. However, with continuous authentication from Samsung Knox, the phone can detect that the person using the device is not a legitimate user and can automatically lock itself before wider network access is granted. Samsung Knox supports this need with its multi-factor authentication framework that allows for the regular collection and interpretation of data to authenticate user identity.

• Device health: In Zero Trust, the identity and health of the device must be verified before network access is granted. This is an area where the chip-level, built-in security from Samsung Knox provides a significant advantage. For example, Knox can provide trusted boot and Device Health Attestation to verify that only Samsung-authorized platform software components are running on the device and to confirm device integrity. Further, in partnership with Microsoft, Samsung offers an on-device, mobile hardware-backed attestation solution that works equally well on enterprise-managed and consumer devices, an essential capability for agencies with Bring Your Own Device (BYOD) policies.

• Secure network access: Even after network access is granted, Zero Trust principles require that access be precisely managed. For example, enforcing least privilege can significantly limit the impact of a breach even if a bad actor or malicious insider is able to connect to the network. By ensuring agency employees have access to only the apps and data appropriate to their roles and clearance, agencies can eliminate opportunities for unnecessary or malevolent lateral movement and reduce the risk of data compromise. Samsung Knox Platform for Enterprise³ provides several essential features to achieve strong local isolation and tighter control over enterprise apps and data. Further, Cisco Secure Access is supported on select Galaxy smartphones and tablets to allow organizations to enforce Zero Trust access policies and facilitate least privilege access to apps via granular, app-specific permissions.

Opportunities for the future

As we look toward the future of federal Zero Trust initiatives, opportunities exist for tighter integration between mobile security platforms and security information and event management (SIEM); extended detection and response (XDR); and security orchestration, automation and response (SOAR) platforms. At their core, these solutions help security detection and response teams maintain visibility into all aspects of the network, identify and analyze threats and, when possible, speed time to remediation through automation. Extending the breadth of these tools with deeper integration into the mobile security stack will open a number of possibilities in mobile threat intelligence and advance security automation.

The move toward a Zero Trust security architecture signals a significant transformation in how we think about security, and especially how we extend protection to the endpoint. However, it is a challenge that agencies and their industry partners are prepared to meet, and many aspects of current mobile security and device management tools and platforms provide federal agencies with a solid foundation for success. Strengthening the integration between mobile security, endpoint management and enterprise security platforms under the principles of Zero Trust presents an immense opportunity to work together to positively impact the security of the digital infrastructure that powers the government and its missions.

Learn more about Samsung’s secure, reliable and compliant government technology solutions.

¹NOTE this is on About Knox page with no additional citation: https://www.samsungknox.com/en/about-knox

²For the full list of Knox certifications, please visit https://www.samsungknox.com/en/knox-platform/knox-certifications

³Requires separate license