The updated Trusted Internet Connection (TIC) 3.0 policy allows greater work flexibility at agencies, keeping up with the modern needs they have to connect to their digital working environments faster and more securely.
Previous TIC initiatives did not effectively address telework, or remote work, which is increasingly common in the modern-day workplace. Traditional connection methods often left remote workers at home or in international locations with the “spinning wheel of death” and delays caused by latent virtual private network (VPN) connections. Now, TIC 3.0 offers four use cases that provide agencies alternative approaches — including remote users — to traditional network security, ensuring flexible and secure working environments through cloud and zero trust.
“With the model we’re seeing here, the zero trust model, a teleworker can fit into the overarching cyber scheme,” said John Monroe, GovLoop’s Director of Content, at GovLoop’s online training Thursday. “I think that’s really important not just for people teleworking on a regular basis, but people teleworking on a snow day or when they’re sick.”
Traditionally, a remote user connected to the network using an agency data center, security tools, site-to-site VPN and then a TIC Access Provider or Managed Trusted Internet Protocol Services (MTIPS) to access a needed application.
“The problem is, it doesn’t just do that one [transaction] but every transaction,” said Stephen Kovac, Vice President of Global Government and Compliance at Zscaler. “TIC 3.0 is built around the abilities to cut the wires. It’s a better path for the customer; it’s a better user experience.”
Through TIC 3.0, cloud-based networks for remote users can offer direct connections to the internet instead of passing through a TIC or MTIPS utilizing a cloud-based security stack, which eliminates back calls and latency for quick, secure access.
Additionally, the policy gives agencies a framework to adopt stronger security postures in increasingly complex environments with a zero trust approach, which grants access based on a strict verification basis instead of a perimeter basis. This means that users must be cleared for access at each level or entry point before they’re able to enter an application.
“TIC 3.0 use cases are opening up really neat and really creative ideas to modernize TIC and how we use internet connectivity and improve the [agency] mission,” Kovac said.
This online training was brought to you by: