The federal government’s sudden, widespread transition to a remote work environment has highlighted the importance of its decision to make policy decisions that remove barriers to cloud adoption.
In particular, the Trusted Internet Connection (TIC) 3.0 initiative has opened the floodgates for increased cloud utilization in a more efficient and holistic manner, said John Amorosi, Senior Solutions Architect for Federal Civilian Agencies with McAfee, the device-to-cloud cybersecurity company.
The changes have greatly expanded an agency’s ability to embrace cloud technology without degrading performance – while still applying appropriate security controls and reducing end-user friction. The Homeland Security Department (DHS) has indicated they are transitioning the TIC program to a more descriptive, not prescriptive methodology, recognizing that there’s no one-size-fits-all approach to securing agency data.
“The new expanded and increased flexibility will empower agencies to protect agency data, secure and monitor cloud services, and protect remote users regardless of device and location,” Amorosi said.
In the same vein, the most recent iteration of the Continuous Diagnostics and Mitigation (CDM) program extends the framework to cloud and mobile devices.
CDM has been a catalyst for agencies to gain greater visibility of the assets in their environment while improving their cybersecurity posture, including both Network Security and Data Protection. Agencies should look to leverage the synergies between the two programs by enhancing their enterprise architecture and embracing the cloud, said Amorosi.
Following a rationalization of their existing toolsets and developing a strategy, agencies can accomplish this by drafting a Request for Service (RFS) to introduce new CDM capabilities that fully address the requirements, goals and efficiencies of both programs while improving the end-user experience.
A New Architecture
With TIC 3.0 and CDM, agencies are no longer required to put all security controls within the network perimeter but instead can extend security to data, devices and applications at the edge. With that architecture, end users can access cloud services directly, rather than having all network traffic routed back to the agency’s security stack in the data center. This approach will provide some much-needed boosts in network and application performance.
That is not to say that all data or applications are going to the cloud. Instead, agencies need to develop a cybersecurity framework that protects data and applications whether they are in the cloud or within the network perimeter, Amorosi said.
McAfee recently released what it calls the Unified Cloud Edge (UCE).
UCE is built around three pillars:
- McAfee Cloud Access Security Broker, which offers visibility and control over data across different cloud environments
- McAfee Web Gateway, a cloud-native service that protects against web-based threats
- McAfee Data Loss Prevention, which safeguards sensitive data on devices, in transit to the cloud and within the cloud.
“Our goal is to provide agencies with technologies that serve as Policy Enforcement Points (PEP) that they can employ to expand cloud adoption and fully support TIC 3.0 use cases, as well as support CDM goals and improve the security posture of the enterprise,” Amorosi said.