A recent pilot program shows how the cloud could reinforce the security of the federal government’s internet connections.
The Trusted Internet Connections (TIC) initiative in 2007 sought to optimize and standardize the individual external network connections utilized by federal agencies, including those via the Internet.
The Small Business Administration’s (SBA) trial may offer an alternative to TIC for securing on-premise network systems across the federal government.
“I think it’s definitely going to have an impact on future [Office of Management and Budget] directives about the TIC and the cloud,” said Guy Cavallo, SBA’s Deputy Chief Information Officer. “We think it was a very big success.”
Cavallo’s comments came during a July 18 DorobekINSIDER LIVE focused on IT modernization in government. He added, “I sleep a lot better now that I have these cloud security tools protecting me than when I did depending on my traditional government safety center and the TIC.”
Cavallo said that OMB requested that agencies apply for a TIC modernization project in January 2018, leading to SBA and two other agencies getting the nod. SBA was granted a TIC exemption for the 90-day experiment, which Cavallo said provided valuable insights about his agency’s cybersecurity.
“Let’s look at the overall security awareness it provides,” he said of the program’s goals. “We had incredible visibility into everything. The TIC’s just looking at traffic. This umbrella is looking at many, many other features such as improper or incorrect passwords on your servers.”
TIC was aimed at improving the federal government’s security posture and incident response capabilities by consolidating and reducing its external connections. The initiative also sought to boost monitoring and situational awareness of those connections, including ones using the internet.
Cavallo said that TIC has since struggled to keep pace with the flood of data the federal government encounters.
“The size of the government’s networks has grown so much even if it’s not in the cloud,” he said. “The amount of data we’ve tried to put through the TIC is just overwhelming.”
SBA saw a performance boost by not having to go through the TIC, Cavallo added. “[Now], we’re definitely seeing a performance hit [with TIC].”
The cloud has become a hot topic in government IT modernization discussions due to its potential for lowering costs, reducing duplicative efforts, and flexing based on an agency’s needs.
Cavallo said that the OMB’s pilot program offered SBA a chance to see the technology’s benefits firsthand.
“By modernizing our data center, it did lead to the cloud and much, much better cybersecurity tools at a cheaper cost,” he said. “We believe the redundancy, the disaster recovery abilities, the elasticity of the cloud was worth the risk.”
Cavallo added that the pilot program helped demonstrate the role refreshing workplace practices plays in modernization.
“You have to change people and processes before the technology can really have an impact,” he said. “You really need to transform the way you work.”
Cavallo’s advice: “You have to start somewhere. There’s not going to be a lightbulb that goes off across government saying, ‘Today is the day to start modernizing.’ There’s never going to be that magical day.”