Long before government employees were forced home by COVID-19, agencies have been considering remote-work settings for employees. Progress was generally impeded by security obstacles. Now that millions of federal employees are working from home, managers are being forced to support their efforts, while securing data and systems. In order to prioritize security, each cloud solution supporting remote work must utilize defense in depth.
There are five key ways in which IT and program managers can protect their teams, data and systems:
Minimize Access to Data: A significant concern for any government agency is the authorized access or removal of information. When dealing with a remote workforce, authorization based on location is not necessarily possible, creating a new level of complexity. Any cloud solution used to support remote work should have robust monitoring capabilities and secured network protocols to prevent exfiltration.
Promote Visibility: The on-demand and fluid design of a cloud solution requires federal agencies to promote visibility of user behaviors and system activities. Extraction, transformation, and loading activities must be tracked by the security team to gain full visibility. By gathering data across multiple sources spanning the agency systems, security teams can also correlate activities to better recognize threats or infiltrations. When application and infrastructure logs are monitored together, they have a better view of how events are unfolding and can examine them quickly.
Embrace Automation: Agencies should automate as much of any cloud solution as possible. Reducing manual processes eliminates the potential for human error. When automation is used in security to enforce policies and controls, it ensures that these policies are appropriately and consistently applied. Additional benefits of automation include cot reduction and freeing up security teams for items requiring more complex problem-solving. Time and resources previously devoted to processes are freed up through the use of scalable and flexible tools for security that span the environment.
Find Balance: When government agencies are committed to too high a level of security on a cloud solution, users will find a workaround to combat inconvenience or frustration. Circumvention efforts may even involve solutions outside the control and visibility of the agency solution, and this is particularly true in the case of remote workers who have easy access to non-agency resources.
Agencies need to find the right balance between security and compliance priorities and enabling employees to utilize the high level of performance and computing necessary to do their jobs.
A Secure Foundation: Many cloud service providers offer good security features, but most agencies rely on the end user to apply them to their cloud resources. Agencies can reduce this risk by prioritizing the need for security controls that are hard-wired into the cloud solution’s foundation. All responsibility for sustaining a secure environment is removed from the end user.
While every federal agency looks forward to the day when the crisis around COVID-19 is over, employees must continue to primarily work remotely. Equipping the cloud solution to balance performance with security is the challenge for the moment. Contact us at Clarksys for more information in choosing the right mix of security strategies that don’t limit productivity.