How Secure Access Service Edge advances continued government modernization

The modernization of government IT has been happening these days during a period of increasingly sophisticated cyber threats and a dramatic expansion of the government’s cyber defense operations.

Government organizations, like many large enterprises, are experiencing significant changes in how users expect to access information and services. At the same time, government organizations are adopting new service delivery models. As a result of these changes, there is a need to upgrade security architectures to provide...

READ MORE

The modernization of government IT has been happening these days during a period of increasingly sophisticated cyber threats and a dramatic expansion of the government’s cyber defense operations.

Government organizations, like many large enterprises, are experiencing significant changes in how users expect to access information and services. At the same time, government organizations are adopting new service delivery models. As a result of these changes, there is a need to upgrade security architectures to provide cyber defenders with the enhanced capabilities they need for their assigned missions of protecting users and private government information.

Civilian Agencies address network security requirements primarily through the Trusted Internet Connection (TIC) program. Enterprise-level capabilities are implemented at each agencies’ connections to the internet, and essentially create a trusted agency zone connected to an untrusted (internet) zone.

The Defense Department has built a security architecture that aligns with organizational cyber defense roles and responsibilities, providing a robust set of capabilities for each cyber defense organization. The DoD builds cyber defenses into every critical boundary position, and security policies and sensor data are aligned with the organization’s responsibility for defending each portion of the network.

In both agency models, the government supports user access and service delivery changes by creating forced network flows (backhaul) and by building additional boundaries – for areas such as cloud access – that provide a secure boundary connecting DoD or civilian agency networks with commercial clouds and mobility gateways. This traditional approach provides cyber defenders with the capabilities and visibility they need while modernizing to mobile and multi-cloud services, but it slows the path to modernization and introduces operational inefficiencies, operational complexities, high costs and risks. This is because the traditional government centralized security approach leverages complex network and security stacks comprised of a multitude of vendors (JRSS in the DoD, and TIC 2.0 architectures in civilian agencies) with disparate management systems, which are difficult to integrate and operate. The solutions chosen are typically hardware-based which add costs and force government customers to be dependent on a particular hardware stack. Often as requirements change (such as moving to cloud-based storage, expanded remote access, or cloud-based backup) hardware becomes obsolete before deployment, wasting precious budget dollars. A software stack that runs on general purpose x86 technology provides speed, agility and cost savings.

Three forces – changing user expectations, changing service delivery models, and increasing cyber threats – combine in challenging ways for government organizations. As users move to more remote and mobile access, services are evolving to a multi-cloud model with critical and sensitive services spread across traditional data centers, on-prem and commercial clouds. For example, challenges implementing comprehensive client-to-cloud security solutions arise as government agencies transition to multi-cloud environments and need to deliver increasing support to remote employees.

In addition to supporting and enabling a wide range of government modernization efforts, there is a need to address some related challenges with the traditional approach to delivering cyber defense capabilities. For an extremely regulated industry where any breach can lead to national security and compliance issues, security is clearly one of the biggest concerns in the government sector. A compromised device within the network can rapidly infect other devices, rendering them inoperable and unsafe to use, and possibly creating a public safety concern. This heightens the chance for critical records to be stolen or made inaccessible, and even facility shutdowns as a precaution.

When organizations decide to expand to new geographical locations by opening new branch offices, IT’s role is critical in quickly bringing a new location on board. SD-WAN’s centralized administration and console make it easy to turn up new services and locations, and adjust policies remotely for immediate results, without having to worry about the cost, resources and logistics associated with setting up a new IT infrastructure at a new location.

A new approach to integrating security and networking in one solution called secure access service edge (SASE) allows government IT teams to proactively set-up application transport policies and network routes to cope with traffic spikes, instead of having to upgrade circuits and bandwidth. It tightly integrates security functions into networking and SD-WAN capabilities, while adding analytics. When government organizations can leverage low-cost broadband, SASE helps by making it more secure and enterprise ready. SASE helps government providers prepare for the possibility of natural disaster/pandemic events, while protecting government information that needs to stay private and secure.

SASE creates a secure bridge between access and the service edge (the cloud, data center, network, internet). It predicates safe and secure access on the identity of an individual, device, application or service. Simply put, the goal of SASE is to provide secure work-from-anywhere  user access to all applications and data, no matter where the user is located. It combines SD-WAN and network security functionality via the cloud so that government organizations can manage security at the edge more effectively.

Government agencies and federal and state organizations are arguably some of the world’s most information technology intensive sectors, and the opportunities to leverage cutting-edge technology to improve service quality, realize affordability and enhance the user experience is wide open. SASE and SD-WAN enable government IT leaders to create a more robust, reliable and trusted network infrastructure to operate efficiently and safely. By creating the perfect balance between security, manageability, network operational efficiency and performance, government IT leaders and groups can deliver affordable, world-class services to workers to keep government moving and the data secure.

Ed Elmore is director of federal markets for Versa Networks.

Related Stories