Insight by Zscaler

Understanding the challenges and benefits of cloud-delivered cybersecurity solutions

If agencies can overcome cultural resistance and learn to trust and fully leverage cloud solutions, they’ll reap the benefits of scalability, flexibility, spe...

This content is sponsored by Zscaler.

Cloud-delivered cybersecurity solutions have been a game changer for federal agencies. Having security tools and appliances managed on prem was a strain on frontline cybersecurity professionals. Cloud-delivered solutions allow them to enforce security policies across multiple disparate environments, giving them the flexibility to follow users wherever they are.

But agencies have to actively cultivate a zero trust security posture; what they already have isn’t good enough. An on prem managed security stack will handcuff their efforts.

“If you don’t pass these litmus tests, it’s not zero trust. It’s just a cloud managed solution,” said Hansang Bae, public sector chief technologist at Zscaler. “If it’s reachable from the outside in, it’s not zero trust; anybody can reach out and touch  . Remember, if it’s reachable, it’s breachable. So be sure to evaluate your risk within the framework of zero-day attacks. If you have to depend on the network to deliver the traffic to your security solution, it’s not zero trust. Wherever the user is, whatever device they’re using, the protection has to follow the user workload, the app, and not be delivered through the network.”

It’s not the fault of agencies that they haven’t achieved zero trust yet, Bae said. The technology changed practically overnight, and suddenly a whole generation of tools – firewalls, access control lists and virtual local area networks – just weren’t good enough anymore. Now there are new challenges, and new tools to bring to bear against them.

“You want instant or near real-time visibility into that telemetry data, bringing it down and having processes to massage the data and get it ingested properly,” said Danny Connelly, chief information officer for the Americas at Zscaler. “Sometimes there can be a little delay in that, not from the service provider standpoint, but from whatever the agency is wanting to do and the views that they want to see. So leveraging cloud solutions, they’re able to move faster.”

Another major challenge is cultural resistance. It can be hard for some IT professionals to let go of their data and their physical security stacks. There are two major fears Bae said he sees regularly: in line fear and performance fear. Both of these are about losing control, he said. In line fear involves blackholing  data, while performance fear is the concern that cloud service providers just can’t handle it as well as you can.

“This goes to the scalability of cloud,” Bae said. “The whole reason is automation. And with that automation comes scalability, with that scalability comes performance. That’s elasticity.”

And not only can agencies not do that with their own hardware, but they can’t currently trust the supply chain to acquire more hardware as they need it. Cloud is their only option for scaling.

Cloud-delivered cybersecurity solutions also benefit from specialization. Large enterprises, especially federal agencies, have numerous positions and focuses. Cloud service providers, meanwhile, are able to specialize. They are practitioners armed with the right tools. It’s far easier for them, for example, to fix zero day vulnerabilities as they’re revealed. Agencies simply can’t keep up with that kind of pace anymore. Agencies shouldn’t think of this as outsourcing; they’re enhancing, by leveraging specialists. They still retain the flexibility to manage their own policies. They’re just offloading the overhead.

“Being able to react quickly to this changing cyber environment is a huge benefit of going down this path,” said Jose Padin, director of U.S. public sector at Zscaler. “When we’re talking about real time, telemetry of what’s going on from a cyber perspective, and being able to respond quickly to that, that’s what the solutions are designed to do. We can prevent active cyberattacks, and spread that information throughout the cloud, protecting all of our customers quickly, in near real time, as opposed to what it would take to reactively go through and run updates.”

And zero trust is a team sport; no one cloud service provider can do everything when it comes to modernizing an agency’s cybersecurity. That’s why cloud solutions are built to integrate. The entire ecosystem is already built in. Agencies don’t need one-off solutions for specific problems.

The cloud security model also increases user experience. Traffic isn’t forced on prem through security stacks that can’t scale. It goes directly to the internet, where it’s destined.

“If I’m trying to go to an agency specific site that’s on the internet, or something on the internet that I need to do to get my job where most apps and most data is located, why can’t I just go directly over the Internet through a security stack that’s on the internet?” Padin said. “Forcing users to go on prem creates a lot of issues when it comes to user experience. So not only do you increase your security, your flexibility, your ability to scale, but you also can have a much better user experience in doing so.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    federal pay reform

    Blue-collar federal pay reform heading toward rulemaking process

    Read more
    Graphic By: Derace LauderdaleDefense Pentagon Graphic

    Parts of DoD’s modernization strategy are vague, lack metrics

    Read more