Page 125 - Cyber Defense eMagazine for July 2020
P. 125

connectivity?  To ensure comprehensive, secure access, agencies may initially need to take a “tiered”
            connectivity approach.

            3. How can employees connect?       Some employees may have had government-issued laptops and
            devices prior to the crisis, but do all employees now need laptops?  Prioritize needs.  Then, evaluate
            risks and develop BYOD policies and education.

            4. Can we stagger work hours?      It may not be possible to accommodate an almost entirely remote
            workforce within the typical 9-5 hours.  Some agencies can adjust work hours, moving mission critical
            work to the “graveyard-shift” hours to ensure seamless connectivity to perform critical duties.

            5. How do we improve performance/connection speed?  As the network perimeter expands, many
            agencies are moving to the cloud through a secure access service edge (SASE) model.  Direct access
            via internet breakouts provides fast, secure access for all users.



            What’s Next?  Evaluating and Evolving Telework Health for the Long Haul

            Once mission critical teams are operational in remote environments and the organization has moved past
            that initial crisis response – the next step is to take the lessons learned and evaluate how to continue
            down the modernization path.  What will drive simplicity, reduce costs, and create scalability for any future
            COOP scenarios?

            This is not a one-and-done process but should be built into ongoing IT operations and planning.

            Here are six design architecture questions to help frame telework health – with the goal of driving digital
            transformation and improve security, access, and support for remote employees:

            1.  Do  we  provide  a  seamless  user  experience  with  direct  access  to  internal  and  external
            applications?

            Agencies need to adjust security from traditional, legacy appliance-based tools, such as VPNs, to a
            solution that secures traffic no matter where the user or target application resides.  Zero trust connections
            allow users to directly access applications in any location.  This eliminates the hair-pinning caused by
            backhauling traffic through a VPN, reduces traffic, and reduces latency – ultimately, improving the user
            experience.  Zero trust also never puts users on the network, reducing the attack surface.

            2. Do we have context-aware access?


            Users  should  only  be  given  access  to  resources  and  applications  necessary  for  their  job  functions.
            Agencies should develop clear access policies and rules enforced through a zero trust security model,
            where only authorized users will be granted access to authorized applications.  This can further limit east-
            west traffic on the network so that users will not reach applications they were not intended to reach.
            Context-aware access also delivers benefits beyond work-from-home security, such as mergers and
            acquisitions, cloud migration, third-party access, and more.  Zero trust network access solutions address
            all of these scenarios with simple policies that are user-centric, rather than network-centric.






            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         125
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   120   121   122   123   124   125   126   127   128   129   130