Harnessing the Ubiquity, Speed and Scale of Cloud Services
In Part I of our 3-part blog series – Supporting the Secure Remote Workforce: A Prescriptive Approach on How to Respond to the Rapid Surge of Telework and IT Services, we described the three components that agencies should manage and secure in a remote telework scenario. To recap, these are Cloud Services, Endpoints & Identities, Cybersecurity & Enterprise Infrastructure. In this blog we will expand on how we can harness cloud services to enable the secure workforce.
Enabling Secure Cloud Access and VPN Services with Cloud Security Services/CASB
One of the security design patterns in CISA’s guidance utilizes cloud security services, more commonly known as cloud access security brokers (CASB). The CASB serves as a policy enforcement point and management entity, for users’ traffic destined for cloud service providers. Since a majority of user network traffic can be optimized with direct-to-cloud connectivity, a CASB serves as a practical solution for teleworkers.
CASB augments or adequately replaces the security stack typically found in traditional data centers or TIC. And because CASB’s core competency is “brokering” connectivity to thousands of cloud services, CASBs have established optimized network routing and technology integrations which further improves remote workers’ user experiences. Many CASBs have expanded their security capabilities to include secure web gateway functionality, network threat protection, IaaS compliance, VPN services, etc. Agencies should consider these new cloud security capabilities to consolidate their cybersecurity tools and simplify operations.
CARES Act – a $2 trillion stimulus package passed by Congress that calls for rapid expansion of citizen services and corresponding technologies to alleviate the stress to existing IT infrastructure services.
“How do we scale to support a growing need for online digital services?”
Other Cloud Services to Support the Digital Services and the Remote Workforce
Improving Citizen Services and Enterprise IAM with Identity as a Service (IDaaS)
With stimulus funding tied to increasing use of digital citizen services, agencies may need to rapidly develop and deploy citizen-facing web applications and resources that can benefit from highly scalable and secure cloud-based identity services. One practical use case is to quickly provision identity services in the cloud to augment, enhance or expand the existing identity & access management solution for agencies. Think of all the business processes, applications and enrollments that agencies may need to enable in order to provide citizen services.
This same identity services platform can also serve as a logical policy enforcement point for an agency’s remote users. Policy enforcements need to expand beyond traditional network access control points – especially for remote telework scenarios – to include user authentication. IT can centralize the authentication and authorization using cloud services allowing for ease of access, improved availability and scale. Consider the paradigm of the user’s identity as the new perimeter, where policies for multi-factor authentication, single sign-on, and adaptive access can be applied.
Secure Communications and Collaboration
Cloud-based communications and collaboration tools have become an essential part of our daily work and social life. With all the negative publicity you hear regarding the security and privacy of some web conferencing tools, it is essential to recognize that there are practical applications for more consumer-focused web-conferencing tools vs. enterprise communications tools. For agency remote teleworkers, the need for secure, enterprise unified communications and collaboration (UC&C) is essential. Security characteristics of an enterprise UC&C include 256-bit end-to-end encryption, compliance features such as archiving, enterprise integration, and administrative controls. Enterprise features such as 1:1 and group messaging, audio and video conferencing, and file sharing, and screen sharing are essential for users to remain productive. Common use cases for secure UC&C might be conducting emergency response, cyber incident response, sharing sensitive information containing PII or PHI, or highly sensitive/classified information.
Whether it’s for identity service, secure collaboration, email or other remote services, we can expect increasing demand for more cloud use cases due to the ease of use, scale and rapid deployment of cloud services. It’s important to understand how best to govern the use of cloud services, while providing a frictionless experience for your remote teleworkers and consumers of your cloud services.