The shift to remote work has been dramatic in its scope. According to Pew Research, 71 percent of Americans were working from home by December 2020, versus 20 percent pre-pandemic. Most people would like it to stay that way. A Gallup poll found 60 percent of respondents say they’d prefer to continue working remotely in the future.
However, in tandem with the shift to remote work, federal agencies have experienced new cybersecurity threats and new challenges to how they safeguard government systems and citizen data. The geographic dispersion of employees, coupled with the fast-expanding footprint of digital connections and end user devices, has wrought profound changes on the security landscape.
The way people connect in a hybrid work environment makes for a larger and more diverse attack surface and creates more opportunities for bad actors to find holes in the network.
In this new era of hybrid work, federal IT leaders face an urgent need to rethink their security strategies. Today, many rely on a mix of endpoint security solutions, making cybersecurity tasks extremely labor-intensive and tedious, at a time when IT talent is hard to come by. Clearly, a better approach is needed.
A Better Approach
Several key characteristics help to define the emerging vision of what a truly robust and effective cyber strategy might look like, in support of ongoing remote and hybrid work arrangements.
Visibility and Control
In a remote work environment, just as in an on-prem work situation, IT leaders and security teams need visibility into what a given device is doing and the security posture of that device.
They need to know, verifiably, who’s logging in and be able to assure they are operating within authorized constraints. Additionally, they should have visibility into adverse cyber events, and the ability to control network behaviors in response to perceived threats.
A fully realized security solution will offer a granular view of IT resources and how they are being used. Threat visibility should extend all the way down to the individual device, the specific app, the actual file, and the piece of data.
Granularity suggests not just having visibility into what’s happening but also device-level control over operations and processes. Federal security teams can turn to this capability, also known as micro-segmentation, to manage fine-grained control of network behaviors, as well as gain insight into potential emerging threats and issues.
Given the rapid expansion of the attack surface due to remote and hybrid work arrangements, IT leaders need a solution that takes them beyond the present, manually intensive strategies for cybersecurity. They need a solution that delivers automation: both in terms of access control and response and remediation workflows.
Automation should be supported by standards-based API integration or publisher/subscriber models, with diverse network elements able to communicate and interoperate in support of security goals.
What encompasses all the above critical components? Zero Trust Architecture or ZTA. A fundamental tenet of a modernized federal cyber strategy is the embrace of a Zero Trust approach to network management.
The Zero Trust framework requires that all users, whether inside or outside the organization, be authenticated and authorized, and that they be continuously validated to gain access to data and applications. Not only does Zero Trust help improve security with continuous authentication and validation requirements, but it also improves the end user experience once those users are determined to be trusted in the network.
Leverage Trusted Partners
Cisco and Iron Bow are working in partnership to help agencies support implementation, so federal IT leaders can take the next steps forward on cybersecurity and their journeys to hybrid workplaces.
With Iron Bow and Cisco, agencies can modernize existing systems and add new tools to the mix, building a seamless and interoperable cyber infrastructure that meets the needs of workers in remote and on-prem settings, while simultaneously safeguarding federal data, systems, and operations.
This blog is an excerpt from Iron Bow and Cisco’s recent guide “Securing the Hybrid Workforce: A Guide for Agencies Supporting Remote Work.” To download the full guide, head here.