The explosion of smartphones, tablets and other devices has made today’s government workforces the most mobile in history.
But progress is never without cost. How do agencies secure their data when it moves across increasingly large digital workspaces?
On Wednesday, two experts on digital workspaces argued that zero trust cybersecurity may help agencies keep their digital workspaces safe. Zero trust cybersecurity combines specific people, processes and technologies to make security pervasive networkwide.
“With zero trust, you basically deny all,” Dan Kempton said during a GovLoop virtual summit. “You only permit what’s allowed in that tier or that environment. If any of those environments or sub-environments are broken into, the hacker can’t go anywhere. You’re minimizing your risk.”
Kempton is the Director of Engineering and Cloud Services at North Carolina’s Department of Information Technology (NC DIT). Although he advocates for zero trust cybersecurity, he added that agencies should never assume they’re safe from cybersecurity incidents.
“You really can’t say ‘if,’” he said. “You have to say ‘when.’ Unfortunately, hackers are very sharp. [But] zero trust is what I believe is the best effort at minimizing any loss. No ports are open.”
Two techniques drive active zero trust cybersecurity programs. The first is continuously monitoring all activities across agencies’ networks; the second is least privilege access control, or managing which devices and users are authorized to join a network, how, when and why. Together, these tactics help agencies reduce their security risks by adopting a zero-trust posture.
Ken Liska, meanwhile, said that cybersecurity is increasingly challenging for agencies as their workloads become more digital.
“Work is no longer just a place,” said Liska. “Work follows wherever the worker goes. It can be at the office, in a car, out in the field.”
Liska is Citrix Systems, Inc.’s Systems Engineering Manager, State and Local Government. Citrix Systems, Inc. is a software solutions provider specializing in cloud computing, networking and virtualization. According to Liska, securing digital workspaces requires addressing three challenges.
“The complexity of networks leads to a lack of reliability and predictability,” he said. “You’re never really able to piece together a full picture. You need to start to worry about who is accessing the work, how they are accessing it and how you are protecting the work for that user.”
What makes digital workspaces valuable, however, once agencies have secured them? Liska said that these platforms offer workers an experience that’s more consistent and satisfying.
“On a typical day, a typical user will use about three different devices,” he said. “It’s a consistent look or feel no matter what device you’re coming in on.”
Ultimately, digital workspaces make for happier workers by providing them with access to their responsibilities on the device they prefer. Liska added that by strengthening the security of those workspaces, agencies can return to focusing on their missions.
“The biggest benefit of digital workspaces is to improve the experience of the end user,” he said. “If you can give them a system that improves their work experience, they’ll actually want to use that system. It saves time and effort while providing a secure environment.”
If you want to attend sessions like this one at future virtual summits, pre-register today!