Bridging Secure Remote Application Access & Encrypted Threat Mitigation
Even as states begin to re-open after being closed for weeks due to the COVID-19 coronavirus, the government workforce along with partnered contractors will continue to work remotely for the foreseeable future. In order to be productive and effectively do their jobs, they require secure remote access to systems and applications.
While many applications have migrated to the public cloud or have been replaced by SaaS applications, there remain those applications that cannot be migrated or replaced. With cybersecurity and phishing threats on the rise during this period of maximum telework, government agencies remain on constant high alert in an effort to protect against the scourge of encrypted malicious web traffic.
On June 23, I moderated a virtual webinar co-hosted by WWT, F5 Networks, and Cisco-Duo Security exploring how government agencies at the federal, state and local levels can bridge secure remote application access, while increasing security and mitigating potential threats. During this webcast, we also discussed how to future-proof existing and planned investments in security solutions, all while delivering a superior user experience.
Thankfully, agencies have been able to evolve and adapt to make the process of enabling a remote workforce a relatively easy transition, from the perspectives of productivity, accessibility and overall work-life balance. Public and private sector workers alike have successfully adopted the work-from-home lifestyle making the most out of what has become the new daily norm.
Security challenges that follow a remote shift
The problem is, however, this transition away from on-prem legacy security systems has increased the opportunity for cyber security attacks. The sudden surge of public sector workers needing to work remotely quickly revealed how federal and state agencies were unprepared to adapt to off-prem secure application access at its current scale.
Many mission-critical, but aging, applications cannot support more advanced authentication methods such as single sign-on (SSO) or multi-factor authentication (MFA), which are now even more critical to ensuring proper safeguarding of systems and data given the nearly 100% remote workforce.
When implementing new and/or additional security controls, usability testing practices are a great way to analyze the impact of these new controls and processes on your workforce. This is important because if security puts too heavy a burden on the user, the user is likely to try and find a way around your security measures. It is important to consider usability when implementing any new security control, process or policy. Technologies such as SSO can actually make it easier for workers to access systems, while at the same time advancing your cybersecurity posture.
A look at Zero Trust
As we look ahead at how to enhance user productivity and the user experience, while simultaneously increasing application and network security, the growing elimination of network perimeters and evolution to hybrid environments calls for a Zero Trust approach to further reduce future risk to federal, state and local agencies and their workforce.
Implementing a Zero Trust security framework replaces the implicit trust granted in a legacy approach with a risk-based “least privileged” approach that extends across users, devices, networks, apps, workloads and data, creating a complete, in sync security architecture—one that will hold up to unknown, untrusted users attempting to gain unauthorized access or perform other undesirable actions, no matter the location.
When faced with the dual challenge of providing application accessibility to a remote workforce while ensuring network security and mitigating threats, investing in enhancing the user experience could provide the dual benefit of enhancing the security experience as well.
You can stream the virtual webcast its entirety here: Bridging Secure Remote Application Access & Encrypted Threat Mitigation.