Government agencies are facing a dizzying array of cyber threats. As the U.S. Cyberspace Solarium Commission recently concluded, our country is at risk, “not only from a catastrophic cyber attack, but from the millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system.” However, the recent COVID-19 crisis and the ensuing “maximum telework” mandates have highlighted the importance of understanding and defending the increased attack surface that comes with remote work.
Given this unexpected shift to a more distributed workforce, agencies are taking an increased interest in zero-trust architectures – a security model that assumes that there are attackers both within and outside of the network, such that no users or machines should be automatically trusted. In fact, according to Forrester Research, government interest in zero-trust architectures is nearly triple what it was this time last year. But while the security benefits of zero-trust architectures are well-known, less recognized is the extra value that zero-trust architectures can create.
While traditional security designs collect data at the rapidly-eroding perimeter, subsequently ignoring users as they continue into the network, zero-trust architectures require agencies to continuously monitor, detect, evaluate and enforce policy as users move about the network. This design allows agencies to collect enormous amounts of data that can, and should, be used to build behavior patterns, trends and analysis that has value far beyond security. Such data can be used to determine application load demands, maintenance timing, needs for network or system upgrades and much more.
For example, in a classic zero-trust security case, the network architecture is designed to challenge a user’s attempt to access a particular application. That same data can also show that demand for this application has grown significantly more than expected and/or response time is slower than is ideal. This in turn may flag that this particular application is overdue for an upgrade or remedial action to address issues of scale.
Implementing zero-trust architectures is an opportunity for agencies to both significantly augment agency security postures while also compounding the amount of data that can be leveraged to improve decision making across the IT infrastructure. This is important because leveraging data as a strategic asset has been a core part of the President’s Management Agenda since 2018, yet most agencies are no closer to achieving a data-driven state than they were two years ago. In fact, a recent study conducted by Enterprise Strategy Group found that just three percent of public sector agencies are at a data innovation stage and more than half (60%) are still trying to understand how and where to use data in their operations.
Crisis is always a catalyst for change and our nation is known for its ability to bounce back from challenges stronger than before. The current COVID-19 crisis will surely result in prioritization of new security measures, including implementation of zero-trust architectures. Federal agencies would be remiss, however, if they did not also recognize the opportunity for zero-trust models to enable a more holistic data-driven future. The agencies that do will set themselves up for ongoing and compounding benefits for years to come.
Bill Wright is director of Federal Government Affairs at Splunk.