According to a recent MeriTalk study, 70% of Feds say successful cloud adoption will reduce their agency’s security spending, and 69% say it will strengthen their agenct’s overall security position.
However, the existing Trusted Internet Connection (TIC) program was not designed to handle the volume of growing internet traffic in the cloud. Therefore, the recent “Report to the President on Federal IT Modernization” highlights the need to modernize the TIC program as a priority in support of the Federal government’s digital strategy.
TIC’s current perimeter-based cybersecurity architectural design limits the government’s ability to take advantage of cloud and mobile technologies. Users need consistent protection anywhere they go and wherever the applications are they access – architecture that requires security appliances designed to protect the network is simply out of date. Instead of protecting the network, we need to focus on protecting the user. Letting go of the perimeter orientation will lead to decisions that provide optimal security and better user experience. This is especially significant since agencies are accelerating cloud adoption and the Federal workforce is increasingly mobile. If users and applications are in the cloud (which they are), then TIC should be there as well. The best way to modernize the TIC is through the approach “TIC-in-the-Cloud” – moving TIC away from the perimeter and to the cloud.
It is important to note that this does not mean take a “lift and shift” approach by virtualizing everything and putting it directly in the cloud. Instead, we need to take a holistic approach. Agencies can move to a software-defined gateway, and host in the cloud. The key to a solution starts with software built and born inside the cloud.
The current TIC security appliances are designed to protect the network – this is done with a “hub-and-spoke” network design where traffic is backhauled over dedicated Wide Area Networks (WANs) to centralized gateways, adding complexity, and increasing the distance between the user and their destination unnecessarily. Simply put, this approach of protecting the network to secure users and data is costly and becoming increasingly irrelevant. The technology landscape has shifted, and so should an agency’s approach to security.
The significance of these security implications continues to increase as the number and diversity of sophisticated threats rises. A constantly changing threat landscape exploits the limitations of security appliances running in isolation. By moving TIC security controls and other advanced security services to a cloud platform, Federal leaders are able to see better protection, visibility, and control of agencies user traffic to the internet. And traffic can be routed locally and securely to the internet over broadband and cellular connections.
Industry and government should work together to successfully run and manage a TIC overlay within the FedRAMP program. GSA ran a pilot program in 2016; technology is improving rapidly and hopefully that was one of the first. By moving security and access controls to a FedRAMP-compliant distributed cloud, Federal employees will be protected in all locations, benefit from cloud efficiencies, and agencies will see cost reduction.
Additionally, it is critical to differentiate between the terms “multi-tenant” and “shared-services” when it comes to cloud. These two terms hold drastically different meanings. The term shared services is seen as everyone sharing the same technology, whereas the term multi-tenant refers to many people on the same platform but using the services individually. “Multi-tenant” should be used when referring to cloud, because a multi-tenant cloud security platform applies policies set by the agency to securely connect the right user to the right application, regardless of the network.
The user experience must improve. Through a “TIC-in-the-Cloud” modernization approach, we can eliminate costly appliances, strengthen cybersecurity, and – significantly improve the user experience and productivity.
This article was originally posted “TIC Modernization” from Cloud Strategy Magazine.