In a perfect world, cybersecurity isn’t restrictive. You read that right. Done thoughtfully, it can empower employees, enhance safeguards and minimize workflow disruptions.
Let’s unpack this truth. At one entity within the Treasury Department, security is non-negotiable. The agency is tasked with ensuring the safety and soundness of the federal banking system.
Like many organizations, the agency was challenged with the explosion of remote work and hyper dependence on virtual private networks (VPN)s. But as a forward-leaning agency, leaders were bullish on investing in innovative approaches to security such as zero trust.
A pivotal part of the agency’s journey was adopting TIC 3.0 capabilities, said Jason Ohs, Director of Federal Systems Engineering at Netskope, a global cybersecurity company that is redefining cloud, data and network security to help federal organizations apply zero-trust principles to protect data. TIC 3.0, also known as Trusted Internet Connections, makes it possible for agencies to secure remote users’ network activity without pushing it back through the VPN.
“The agency moved quickly to allow us to become that TIC 3.0 access point,” Ohs said. In other words, Netskope serves as a security checkpoint for web traffic flowing from cloud applications to end users.
This partnership improved the agency’s ability to see what data was going through those checkpoints while also enhancing network performance.
Ohs recalled that the agency’s messaging around zero trust wasn’t about taking things away from employees but rather helping them perform better.
There was a proprietary banking app that 80% of the organization used. The app wasn’t performing well over VPN, which made it the perfect candidate to transition to a zero-trust model.
“We believed that if we could get this app away from VPN, we could get better performance,” Ohs said.
The move involved tightening zero-trust security principles around data, security and analytics. Tasks that used to take bank examiners 15 minutes because of delays in data syncing, now take about three minutes, he said.
Focus on the Data Level
Partnering with Netskope, the agency is gaining a better understanding of what apps employees are accessing, what workloads are running in the cloud and the data center, and how zero trust is governing that access. This work is also informing the agency’s data policies.
What makes Netskope’s approach unique is that it looks at the data level to understand what activity is happening within the app and how data flows.
Set the Tone Through Strong Leadership
At the agency, everyone understands the mission and knows what pain points bank examiners face, Ohs said. The organization’s openness to new technologies and security approaches is what ultimately allowed them to better mitigate their risks.
“Sometimes customers are looking to check a box on compliance. But in other organizations you get perfect alignment,” Ohs said. “There’s friction in every organization, but how you compromise to overcome that friction is key.”
This article is an excerpt from GovLoop’s guide “Why (Zero) Trust Matters at Work: And How to Foster It.”