There has been an increase in coverage recently as the White House’s Office of American Innovation (OAI) sets the stage for IT modernization under the Trump administration.
A Request for Information released by the GSA on behalf of OAI is seeking feedback on how best to create “centers of excellence” that address four key “pillars” outlined by OAI that are also consistent with the modernization visions proffered by previous top technology policymakers.
An article in FCW “White House sketches plans to staff its modernization efforts” clearly outlined the goal of establishing a quartet of research centers, each dedicated to one of the four pillars e.g. Identity management and authentication, cloud computing, consolidated contact centers and data transparency and access, with emphasis on agile development to speed pace of technology modernization. The article cited three examples of Trump’s modernization vision and goals:
- Restructuring the federal government’s network architecture to facilitate widespread cloud deployment is one of the core goals of the administration’s modernization vision.
- Improving transparency and access to data across the federal government requires a cloud-based network architecture that will make it easier to define consistent requirements for big data access and transparency initiatives.
- Leveraging high-caliber technologists with a background in disruption and change management to speed pace of technology modernization initiatives.
While these are all needed and commendable goals, what the article did not say was how the cloud will be required to play a much bigger role which inherently changes the traditional IT perimeter.
I also realized something else was missing. There was not a single reference to the words “security” or “risk reduction” in the article. While unintentional, the omission points to an underlying challenge across the entire modernization initiative. If cloud is now going to be core, the modernization architects must account for the changing perimeter to reduce risk and remain secure.
How will they deal with vast amounts of software code that needs to be rewritten as part of nearly every network systems architecture modernization? How can this infrastructure remain secure in during this transition? The answer lies in focusing on protection and resiliency.
The goal is to “control” risk during this transitional period and software defined perimeters (SDPs) are ideal for enabling this control.
SDPs represent a highly regarded security protocol that establishes an undetectable application infrastructure to protect mission critical applications and client data operating on networks and in the cloud.
The primary effect of the SDP is that it transforms the application infrastructure into an effectively invisible or “black cloud” environment that shows no domain name system (DNS) information or IP addresses.
SDPs enable significant risk reduction and are the most logical stopgap solution to allow time for rewriting code and for those needing to meet compliance deadlines.
For more information about Software Defined Perimeters, check out this white paper.