Government COVID-19 lessons learned to improve security and productivity

As public sector organizations review remote work progress to date, most are planning for sustained telework — how to evolve virtual infrastructure to keep employees safe, productive, and connected regardless of location.

COVID-19 swiftly eliminated the most significant barrier to telework within the public sector — culture. Success over these past months has proven to even the most skeptical that government missions can continue in a mass telework posture.

As IT teams reflect on telework progress, much of the success revolves around one key initiative: Cloud transformation. By relocating applications and data to the cloud, and switching to a cloud-capable infrastructure, governments have been able to continue working at scale.

Based on experience across thousands of customers, we have learned that agencies are in one of three transformational stages. First, agencies that had already implemented a sophisticated digital structure before the pandemic were able to respond quickly. Second, agencies that used the crisis as an opportunity to prioritize cloud projects were able to ensure employees could work with maximum convenience and productivity within a few weeks. Third, there are agencies that expanded their existing hardware-based infrastructure to meet their employees’ remote access needs. Across these categories, there are variations in the productivity, efficiency and security of the work from home environment.

1st lesson: Prioritize bandwidth management and scalability

Initially, many government agencies did not have the bandwidth or throughput to meet mass telework needs. Ensuring your agency is scalable during continuity of operations scenarios is one of the most important criteria moving forward.

With the massive increase in traffic as users connected to government networks from many locations, agencies that relied on traditional remote access solutions, such as virtual private networks often experienced a latency bottleneck.

VPNs are laced with vulnerabilities, creating higher levels of risk as employees connect from personal devices and various locations. In addition, as agencies placed their security technology at the perimeter of their network, all traffic had to be backhauled through the data center and VPN before they could access applications, resulting in poor user experience and reduced productivity. Security and user experience must expand alongside bandwidth and throughput as teleworking grows, or users will bypass security to do their job. As an example, availability of 5G networks will improve connectivity and provide consistent user experience and mobile access to government employees.

Since traditional VPNs did not have sufficient bandwidth to cope with increased traffic, agencies responded with a variety of different strategies. Some procured new hardware to circumvent bandwidth bottlenecks. In most cases, a hardware solution was impossible due to lead times or deployment complexity.

Agencies that had already moved data and applications into multi-cloud environments for a secure remote access infrastructure had the least difficulty adjusting to work from anywhere.

The Cybersecurity and Infrastructure Security Agency’s release of the finalized Trusted Internet Connection (TIC 3.0) guidance documents was an important step in the right direction for federal telework plans. TIC 3.0 states that agencies can connect users with direct-to-cloud access, without cumbersome backhauling.

The guidance opened the door for agencies to adopt modern, hybrid cloud environments. As agencies continue to support a remote and distributed workforce, this security approach will be critically important to securely take advantage of cloud, and be able to scale up and down as needed.

2nd lesson: Balance security and operations

Every organization works to balance security and operations. Striking this balance is even more important as governments scale up their remote workforce, while continuing to protect sensitive information. Governments had to evaluate how they provide secure, context-aware access for users.

Throughout the crisis, it was also difficult for agencies to maintain user identities across all devices being used for remote working. As each user identity is linked to specific access rights, there was increased risk of the wrong people being granted access to sensitive data. We are now seeing forward thinking agencies beginning to move to cloud-based zero trust environments to connect users to applications without ever placing them on the network. IT administrators can verify all users before granting access to authorized applications and data.

Context-based access to sensitive resources regardless of user, device or location prevents users and adversaries from reaching applications they were not intended to reach. Agencies can provide access for the right users to access the right applications, while maintaining visibility and security across their environment.

Moving forward: Sustaining telework and building future resiliency

Take the opportunity to evaluate your existing infrastructure and convert emergency workarounds into practical approaches for the future. Many employees have come to value the greater flexibility of being able to choose where they work. The new world of work requires an approach that combines connectivity, security and performance.

The cyber threat landscape has changed, with attacks targeting specific users as a gateway to damage government networks. The Gartner-termed security model, Secure Access Service Edge (SASE) responds to modern security challenges by focusing on protecting the user, not the network. This provides a more holistic security platform as IT environments expand across cloud and data centers, and users work on any device in any location.

It is important for agencies to take this as an opportunity to modernize their security and network, move to cloud, and determine how to integrate telework into their office culture post-pandemic. The lessons learned from COVID-19 have the potential to strengthen state, local and federal government cyber defenses and improve productivity. The right visionary leadership, coupled with cloud and security transformation, provides the opportunity to make real progress towards resilient, responsive modern government. Our job is to keep moving forward together.

Peter Amirkhan is senior vice president for Public Sector at Zscaler.

Related Stories

    The 2019 enterprise cloud index points to vast digital transformation of the public sector

    Read more

    Cloud based internet isolation initiatives to give DoD new kind of cyber protections

    Read more

Comments

Sign up for breaking news alerts