The May 2021 release of Executive Order 14028, Improving the Nation’s Cybersecurity, the growing attack surface due to cloud adoption, and the January 2022 Federal Zero Trust memorandum have all added urgency to the federal government’s move to implement better network security through solutions based in Zero Trust Architecture.
With initiatives such as the Cloud Smart strategy and agencies like the IRS making commitments to a “cloud first” roadmap, progress is being made to enhance and secure cloud communications between agencies and mission partners. In fact, ahead of the 2024 Zero Trust deadline established by the OMB (Office of Management and Budget), federal agencies are focusing on strengthening access and security to new and existing technologies. A more dispersed workforce requires the right equipment and layers to protect assets across the network.
Lamont Copeland, Director of Federal Solutions Architecture at Verizon, explained that “it’s moving the security infrastructure and the footprint that we have to protect closer to the end user, and at the same time further away from the operational base. Ironically it creates a larger footprint of security that we’re going to have to manage.” According to Copeland, in order to protect the larger footprint, “it is important to take a holistic view, adding multiple layers, including those in the cloud and those connected to the edge,” such as IoT (Internet of Things), cell phones, and laptops.
With devices ranging from building security cameras and HVAC systems to remote workforce and facility IoT devices, applications and data that once sat isolated in a remote repository are now traveling along the same connections as other systems. This has significantly expanded the attack surface vulnerable to a security breach.
Many agencies, including the Department of Homeland Security and the Department of Defense, are leveraging secure, managed cloud communications to collaborate with communities of interest and mission partners.
The Navy, for example, began rolling out their Integrated Navy Operations Command and Control System (INOCCS) at the beginning of March 2020. By simplifying, streamlining, and applying universal governance rules, Don Wiggins, Senior Global Architect for Equinix, described how the Navy’s digital platform is eliminating dealings with rogue entities and various cloud services that are hard to manage. Organizations with the Navy can now consume cloud services, software defined on-demand transport, and other services more efficiently and safely through secure and managed multi-cloud access points. As part of the efforts to address shadow IT, other agencies are enforcing a similar approach, centralizing their assets to better manage and secure cloud communications.
Zero Trust and other initiatives aim to protect the enterprise from advancing cyberattacks, but it is up to individual agencies to build a secure environment whether in the data center or in the cloud. The key is finding solutions that focus on the expanded footprint created by today’s agencies while protecting the network at each access point. Despite workers and assets being more dispersed, agencies can effectively manage multi-cloud access through a single, secure platform that provides a centralized viewpoint of the entire network. For agencies adjusting to this “new normal” of digital transformation, getting guidance from a trusted partner is crucial to protecting mission-critical data and applications.