Acting CIO Margie Graves recently addressed increasing challenges associated with Trusted Internet Connections (TICs) that are at the center of agency email and web browsing services employing secure centralized gateways and have been growing in seriousness for the last 10 years.
More recently, according to Graves, as agencies continue their migrations to the cloud and deployment of hybrid IT environments, the changes are “creating challenges with the TIC architecture.”
Graves’ office is working closely with the Office of American Innovation on a wide range of IT-related reforms with an overarching goal to “modify those things that no longer work or are sending people in the wrong direction” saying “we might deliver TICs in a different kind of way,” and agencies need to start thinking about security at the data layer, rather than perimeter defense and network-based security.
“A stateless architecture,” she said, is “the only way we’re going to be able to fully adopt cloud services, mobility, and the Internet of Things, and all the technologies that are out there.”
A key point she stressed is that “the alternative architectures that we’re exploring for delivering TIC capabilities do not negate the necessity to maintain your cyber posture.”
Understanding the risk inherent an agency’s data informs the level of protection needed; making that data auditable and the applying the correct TIC protections “are all important things,” she said. “But they don’t necessarily have to be done with the architectures we have today.”
Waverley Labs applauds Graves’ leadership in recognizing that the approach to protection must change to deal with the changes that are coming. Clearly, the cloud [mobile and telecommuting applications in particular] is forcing changes in computing architectures, and how we protect it.
It has long been our contention that we must deal with changing how we think about risk management and the implementation of cyber security. It involves a fundamental change assessing risk and how users connect with IT services, specifically the current authentication processes and technologies. We have developed solutions employing the Software Defined Perimeter, that have been tested and proven and is ideal for protecting critical applications and infrastructure while also reducing the attack surface. Our mantra is to reduce complexity, increase security and reduce the total cost of ownership of cyber protection.
For more information on changing the IT security status quo, check out this blog.