No agency is immune to cyberthreats, and even stringent, clear and enforced policies don’t lock down federal data, as we have seen from too many well-publicized hacks.

The problem is that agencies struggle to provide secure, fast, remote connections, so employees and contractors work around the guidelines by using insecure connections that put federal information and systems at risk. It only takes one person.

As a community, we need stronger multilayer protection that supports the way modern agencies work. We need to provide federal users with the same connectivity they have come to expect from their consumer experience. It’s not just about locking down an end-point or forcing users through a virtual private network. We need a holistic methodology that lets agencies adopt secure cloud services and considers user needs for remote connectivity. And, agencies need to provide role-based access to applications for employees and contractors to avoid misuse.

Further, we need stronger governance and improved awareness of what’s in the environment. FITARA, FedRAMP and the MGT Act take important steps forward. The recent White House report to the president on federal IT modernization suggests a new approach to governance, including modernizing the trusted internet connections program, which is critical to the federal government’s broader digital transformation strategy. We need a fundamental shift in the TIC’s architectural design and approach to take full advantage of cloud-based technologies and enable secure connectivity.

Unfortunately, the current TIC architecture, which relies on security appliances designed to protect the network, does so by placing security at a limited number of gateways, forcing traffic to be backhauled over a hub-and-spoke network so that it can be inspected. This negatively impacts service performance and availability, prevents ubiquitous mobile access and increases overall cost.

The report’s overall recommendation to modernize the TIC is vital. However, this can best be accomplished using an approach not discussed in the report — one that moves the TIC away from the perimeter and to the cloud.

As agencies accelerate adoption of cloud services and government employees become more mobile accessing those internet resources, the concept of perimeter-based security and protecting the network to secure users and data becomes increasingly irrelevant. Moving TIC security controls, as well as other advanced security services, to a modern cloud-based, shared-services platform will result in better protection, visibility, and control of agency user traffic to the internet.

The Department of Homeland Security, General Services Administration and Office of Management and Budget also need to consider how the internet and cloud have matured, and through the use of encrypted tunneling — such as IPSEC and other secure cloud technologies — agencies can route traffic securely between FedRAMP-approved providers. “Bypassing the TIC” will improve performance while not sacrificing control or security.

Agencies should also consider a “Zero Trust” model — and put in place multiple layers of protection against still unknown threats. Thinking again about well-publicized hacks, we have to dis-incentivize taking data out of the office or abusing remote access. Existing remote connections slow people down. Improving connection speed and performance, and giving the user the same fast and secure experience outside of the office as in, will be a crucial step to improving security at the same time agencies support a changing workforce with new expectations.

As federal cyber leaders consider options, the best path forward will consider technology and the user. We’ve got to pick a framework that enables government to procure quicker, certify faster and deploy at a much more rapid rate if we hope to stay ahead of cyberthreats and take advantage of the cloud’s potential.

Stephen Kovac is the vice president of global government and compliance at cloud security provider Zscaler.

Share:
In Other News
Load More