Securing cloud environments is more important than ever

In an era of progressively sophisticated hybrid threats, agencies must act now to secure their cloud environments and the high-value data and functions within.

It’s essential to have a comprehensive cloud security strategy. Without that, federal agencies and critical infrastructure organizations risk the security of essential information and data for energy, transportation, communication, financial services and more. But many departments still face barriers to faster cloud adoption, including loss of IT visibility and control, the lack of staff expertise and high costs.

Combined with the rapid adoption of emerging technologies, end-to-end adaptive cloud security is timely and necessary to ensure that organizations can securely meet their sensitive, mission-critical data needs.

Prioritize zero trust network approaches

Beyond merely adopting a cloud strategy, agencies must implement and follow the White House Cybersecurity Executive Order’s mandated zero-trust model to truly secure federal networks. Zero trust is based on the assumption that any user or device could have potentially already been compromised. It established strict access controls, maintains connection monitoring, and grants privilege to only those resources a user or device need to do their job. However, a successful end-to-end adaptive cloud security strategy relies on establishing a zero-trust architecture that spans the entire distributed network, from campus to remote user to data center to multi-cloud.

In particular, agencies put their entire network at risk when users are given excessive control over access. As we saw in the SolarWinds Hack, once perpetrators make an initial breach into the system, they can then insert malware to hide their presence and establish lengthy dwell time that allows them to surveil the environment, identify valuable resources, and slowly exfiltrate data without being detected. The fallout of such attacks can end up costing millions of dollars, compromise critical resources, and require years of work before systems are secure again. Zero trust can mitigate the severity of sophisticated attacks since traffic is logged, users and devices are limited to specific resources, and identity is not only not trusted but continuously verified.

To improve security without disrupting user experience, a zero-trust architecture combines reverse proxy and single sign-on (SSO) authentication systems. This approach provides end-users with a seamless experience, as they authenticate the same way whether accessing cloud or on-premises data. And because adversaries are unable to see how the reverse proxy and SSO work in the background, entry is safeguarded on both ends.

Integrate secure SD-WAN and secure access service edge (SASE)

Users should also consider complementary solutions designed to enhance zero trust. Software-defined wide-area networking (SD-WAN) allows remote employees to securely connect their applications to the internet, providing accelerated cloud on-ramp and application access while ensuring optimal user experience.

Before SD-WAN, traditional routers would backhaul internet and cloud traffic through the core network, decreasing user productivity and speed. The SD-WAN model is built to support direct user access to the cloud and on-premises data centers. This became critical during the pandemic when 59% of federal employees were suddenly working remotely and utilizing cloud applications to access their organization’s data. And for many agencies, that work-from-anywhere standard is here to stay. But without secure and reliable access to online data, applications and other resources, the federal government is more at risk than ever.

However, the problem with most SD-WAN solutions is that they do not include a robust, built-in security layer. This tasks organizations with the burden of finding and deploying an additional service to secure their private network, resulting in higher user complexity and costs. And while secure SD-WAN solutions can provide a full stack of enterprise-grade security to branch and field offices, this is more difficult to achieve with remote workers.

Many organizations are looking to leverage new secure access service edge (SASE) solutions that work seamlessly with SD-WAN to apply consistent security and a direct view of the network’s users and applications across the distributed network, encompassing campus, data center, branch and cloud environments. The benefits are lower costs, a better user experience, secure user access to the network from anywhere in the world, and a rapid deployment process.

And where possible, every security solution and integrated system must be bolstered with Machine Learning (ML) and AI to reduce the time needed to detect, investigate and respond to threats.

Foster cyber-strategic human capital management

For an adaptive cloud security strategy to work, agencies must bolster the skills of both their IT teams and their employees so they can navigate today’s hybrid environments and utilize the technologies needed for their success. The critical skills gap in the federal workforce needs to be addressed before adversaries take advantage of this new distributed workforce and resources model. And the challenge is real. The Government Accountability Office has featured human capital management ­– specifically in IT and cybersecurity – on its high-risk list for the past 20 years.

Federal agencies need to reskill seasoned employees while upskilling new ones. To do this, organizations need to create more education pathways for emerging cybersecurity professionals and remote workers. This requires continuous learning and professional growth within agencies.

Keeping up with demand means getting out ahead of the challenges

It’s clear there are many ways to employ cloud capabilities, but regardless of the method or architecture used, data remains at the heart of countless services on which citizens rely. Agencies and government contractors cannot afford to be late adopters to the technologies that users require, nor to implementing necessary layers of security in the cloud. By prioritizing identity, networks can combine resource segmentation and stronger risk detection to address irreplaceable damage to resources and operations while ensuring consistent user experience for the agency workforce and the citizens they serve.

The time is now to secure the cloud—including at the edge—with zero trust, AI, ML, and improving the awareness and skillsets of human capital. With the right tools and strategies in place, government agencies and critical infrastructure operators can significantly improve their cybersecurity posture, making today’s federal government effective and secure.

Bob Fortna is president of Fortinet Federal

Comments

Sign up for breaking news alerts