The New “Normal” for Federal Agencies
The impact of the COVID-19 pandemic has forever changed the American workplace. The rapid growth in telework and remote access, along with the shift to “virtual office” IT services will present many challenges to CIO’s, CISO’s, and IT leadership across US federal agencies. ThunderCat is committed to helping these agencies understand both the challenges and the solutions to some of the issues they will face. Below are 5 challenges organizations will be faced with in reaction to this shift in the landscape.
1. The importance of staying proactive; assess traditional methods for remote access and collaboration as you plan for longer term challenges.
As organizations react to the mandates for social distancing and the reaction to COVID-19, many are realizing their current infrastructure does not support their entire workforce. Whether that is the number of licenses available on virtual private network solutions, the capacity on collaboration and messaging platforms, or the network bandwidth to support remote access.
Addressing these issues begins with assessing the current capacity to support a remote workforce from a connectivity standpoint. However, these issues are just the “tip of the iceberg”, much more lies beneath the surface as organizations factor in the potential for large scale telework to continue beyond this current pandemic.
2. Following the private industry, Government Agencies will naturally migrate towards a “virtual office” environment. Thus, enabling telework by moving many of the IT services away from a physical internal infrastructure to a distributed and scalable environment the overarching network architecture must also follow this pattern.
The migration of IT resources to a “virtual office” environment will drive the adoption of modern networking capabilities like Software Defined Wide Area Networking (SDWAN), Secure Access Service Edge (SASE), and policy based Zero-Trust architectures. These modern network capabilities will replace the legacy remote access and backhaul MPLS based networks.
The necessity of large scale telework as a reaction to the COVID-19 pandemic, has drastically accelerated the need for organizations to rapidly move towards these modern network architectures. Every organization needs to have a strategic plan in place for this foundational shift in network design and a plan for how they will achieve it.
3. Operational processes that worked in an on-premise environment before COVID-19 including Endpoint Security & Management, Privileged Access Management, Video Streaming, Secure File Sharing, and others, will be impacted.
Traditional Remote Access Infrastructure was commonly deployed on a smaller scale than the infrastructure that supports the core network, because more people were working on the local LAN. For example, it is not uncommon for an organization to have redundant 10Gb connections to the internet, yet only have 1Gb connectivity to their remote access infrastructure. In the new normal this model must change.
Today this has been reversed. The majority of the workforce needs to perform their jobs remotely and few people are connected locally. However, the operational tasks that are in place assume a user is connected on a local network and well-connected to the data center. Use cases like endpoint management, application deployment, video based training delivery, and remote admin account access will require broader and more innovative solutions.
4. The push to a “virtual office”, coupled with a lack of mature cloud security policy & visibility will most likely result in data breaches.
In some cases, agency responses to these challenges will result in a quick reaction to utilize Public & Hybrid Cloud. One of the largest security challenges facing public agencies, is the rapid adoption of cloud technology without foundational operational security policy and visibility in place.
The distributed, scalable, and highly available benefits of cloud offerings can be extremely beneficial to these organizations. However, mature operational practices must be established around these technologies or the organizations can leave critical data exposed. As IT operations shift from on premise workloads like file sharing, collaboration, and internal websites to cloud based resources, the need to understand the differences in the native security controls (logging, DLP, content scanning, etc…) of these resources is critical.
5. Organizations must revisit internal policy around what is considered “trusted access”, to networks at different levels of classification and sensitivity.
The discussion around what gets classified and how much is too much, has been raging for decades. But it also has impacts that technology professionals should consider. Perhaps the greatest challenge facing agencies in these uncertain times, is remote access to sensitive or classified networks. Numerous agencies have missions that require data that is sensitive or segmented across networks at multiple levels of classification. Providing remote access solutions to these networks is technically achievable with certain levels of security controls. Controls that limit screen capture, print & save functionality, and deliver via specific methods of connectivity can allow such access.
The challenge requires a revisit of what should and should not be classified and at what level. Too often agencies approach sensitive data by immediately classifying everything at the highest level possible. This a quick and easy way to ensure against spillage of data.
However, in the new normal. Agencies will have to take hard a look at their mission, and the data that it entails. By reviewing their data and taking a judicious approach to how data is classified. Agencies can enable less impact to their mission.