Developing a hybrid approach doesn’t require radical rearchitecting and redevelopment. What it requires is a zero trust security architecture strategy.
This content is sponsored by Zscaler.
As more and more agencies solidify their reentry plans, there’s lots of discussion around returning to not just the office, but to normal as well. But after two years of mass telework, is returning to normal even possible? Or is this new hybrid workforce model actually the new normal?
“For much of the workforce, we’ve been able to prove that people can be very effective, working from wherever,” said Jose Padin, director of presale engineering for the public sector at Zscaler. “This is normal now. And we need to instrument and think about how we can enable our people to be effective wherever they happen to be, whether that’s at home, on the road, or in office. And our systems need to be designed to do that in order to make sure that we have great satisfaction from our users, and that we have a great level of security and efficiency.”
The struggle is that federal systems weren’t designed for this dynamic. From a security architecture standpoint, the assumption was that workers would be in the office. And it’s this legacy mindset that is driving the current conversation around returning to the office. But if you assume instead that users are wherever they happen to be, whether that’s in the office or not, then you’d architect and design very differently.
But developing a hybrid approach doesn’t require radical rearchitecting and redevelopment. What it requires is a zero trust security architecture strategy. Over the last two years, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Defense Department, and numerous other agencies have been working to put actual structure and design around this philosophy. It’s not just a buzzword anymore; it’s a well-defined architecture.
And that’s precisely what the Biden administration is building momentum behind.
“So right in the White House’s zero trust security architecture strategy memo, there’s a really nice landmark that’s right in there, a flag that’s been planted to say how you can take action right away. And that is, if you have a FISMA moderate system that is not Internet facing, to follow the zero trust security principles to allow it to be accessed via the Internet, to use the internet as your network to get access to this FISMA moderate system,” Padin said. “I think it’s genius, the way that this was structured, because it creates a very clear and achievable goal that every agency can do in the next 365 days, that leads them down the path to evolve to a zero trust architecture. And it allows them to get confidence and to prove that it can be done in a relatively short period of time.”
Because after agencies achieve success with one system, that tends to begin to snowball into more systems and more successes. And that’s important, because there’s a culture in government that tends to think in very long term, multiyear projects by default. But it takes that first taste of success to start the process off.
In order to start moving in that direction, Padin said agencies need to get a better understanding of their apps and their data. Which apps are important to users, and which ones are mission-critical? Then agencies need to turn their focus to identity. Which users need access to these apps? Which ones need access to which data?
This is an opportunity to realize government can be agile, Padin said. And it already has been, in fact.
“If we look at what happened in 2020, the government moved at incredible speed, was able to change very quickly to allow a modern hybrid workforce in short order. And it was incredible what I’ve seen agencies be able to do in that period of time,” Padin said. “So we have the momentum, we have that ability to break the mindset of these long term IT programs and move quickly and agilely.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.