Business & Technology

Security Strategies that Federal Agencies Can Employ to Enable Digital Transformation

By Bob Fortna | June 27, 2018

Federal security spending is expected to grow to $2.5B (Department of Defense) and $2.2B (civilian agencies) by 2020. While this is due in part to the rapidly increasing speed and sophistication of cyberattacks, that’s not the full story. IT leaders at federal agencies also face a host of infrastructural pressures that are impacting their organizations’ attack surfaces—from demands for greater network performance, to compliance with new standards and regulations, to integrating emerging technologies such as cloud and mobility solutions as part of their digital transformation (DX) strategy. The combined force of all these changes makes for greater vulnerability, inside and out.

Changes Bring Challenges to Federal Networks

As network infrastructures undergo extensive transformation, security must evolve to keep pace. That’s because many traditional security solutions and strategies that worked in the past are no longer effective on their own. Like their private sector counterparts, the rise in mobile devices requiring access, the incorporation of connected smart devices, and the adoption of cloud-based infrastructures and services means that federal agencies are now managing borderless networks. As the potential attack surface expands, opportunities for breach, data loss, and compromised information integrity come with every new connection. Traditionally isolated security solutions simply can’t see or span across this new dynamic environment in order to provide the sort of protection today’s networks require.

Government agencies also continue to demand high network performance for applications and data traffic. But new performance demands can also undermine the effective use of some traditional cybersecurity tools, which struggle to keep up with increasing speed and bandwidth requirements.

And probably the biggest problem of all comes from security complexity. Most organizations have inherited a patchwork of isolated “point” products from disparate vendors—which creates an overall security architecture that’s hard to manage, limits visibility and control, and lacks integrated, end-to-end protection.

The vulnerability of these converging issues is shown in the increasing frequency of data loss incidents reported by national civilian, defense, and intelligence agencies. Because threat actors can range from amateur hacktivists to sophisticated and well-funded nation-states, federal security leaders across the board have a common call to action—improve the effectiveness of their cybersecurity defenses.

An Integrated, End-to-End Security Architecture

One way to address these challenges simultaneously is to take all the isolated security elements across an organization’s various environments and tightly weave them into a single cohesive and coherent system. This architectural approach, sometimes referred to as a security fabric, allows agencies to see, control, combine, and manage security across their entire network (even across the multi-cloud). It enables network defenses to dynamically expand and adapt as more workloads are added. At the same time, the fabric can easily track and protect data, users, and applications as they move back and forth between smart devices, borderless networks, and cloud-based environments, collect and correlate threat intelligence to detect hidden threats, and automatically deliver a coordinated response to those threats that leverages a wide range of interconnected security solutions. 

Today’s security solutions need to be able to dynamically and automatically scale and adapt to the unique and complex requirements of federal agencies as well as critical infrastructure sectors. An integrated security framework delivers end-to-end cybersecurity with broad, integrated, and automated defenses for protecting even the most demanding federal agency infrastructure. It is especially suited to supporting DX initiatives such as data center optimization, cloud migration, and support for end user and IoT devices. Unlike traditional security architectures based on isolated point products, a security fabric operates simultaneously across the entire IT domain, and as that infrastructure expands and contracts, a fabric-based solution can dynamically scale and adapt to network changes.

Greater Visibility & Control. An integrated security fabric also offers broad protection for greater visibility and control across the infrastructure, including endpoints, access points, network elements, the data center, the cloud, and even the applications and data. Combined with dynamic network segmentation that logically separates data and resources, an integrated security fabric can cover all attack vectors to discover threats and contain them as they attempt to move from one network zone to the next.

Threat Intelligence & Detection. Combining real-time threat intelligence with an integrated security fabric’s wide integration of devices and systems, organizations and agencies not only have rapid awareness of potential problems, but that information can be shared simultaneously to security devices deployed in each place in the network—endpoint, data center, edge, and cloud, among others. The integrated security fabric can then leverage cross-communications standards and open APIs to automatically coordinate immediate action without being limited by traditional human monitoring and intervention. Intelligence-based auditing and reporting also help reduce the risk of violating compliance standards and regulations.

Efficient Operations. In 2016, the median time from intrusion to detection of a breach was 49 days. This represents a broad range of response times—from same-day detections to a breach that took more than five years to discover. Minimizing the impact of a breach means shrinking the windows of time between intrusion-to-detection as well as detection-to-containment. Because it leverages common communications and management protocols, a security fabric is able to correlate integrated threat intelligence and automatically synchronize a coordinated containment response across the organization. Replacing other traditionally manual security processes with automation, such as patching and configuration, also helps address the organizational challenges of tighter budgets and skilled staffing shortages by allowing valuable human resources to be allocated to higher order responsibilities such as strategic planning and analysis.

Teamwork Wins the Day

Federal agencies have unique security needs, which also means they require security experts who understand those needs in order to deliver the right solutions.  The Fortinet Federal Team, for example, was formed to support U.S. Government customers by bringing an extensive collective knowledge to the table—from agency-specific challenges and priorities, to procurement practices and budget considerations. Our experience in designing and delivering enterprise-class security solutions for the financial and manufacturing sectors means that Fortinet brings a wealth of technical expertise and top-rated products to protecting U.S. federal agencies as well. In addition, our extensive Fabric-Ready Alliance Partners—including major networking, cybersecurity, and cloud-services providers—means you can maintain a robust ecosystem of best-of-breed solutions without compromising on interoperability, broad visibility, or centralized control.

An integrated fabric approach to security is the best approach to meeting the evolving needs of federal customers—enabling federal IT teams to deploy and deliver proven network protection designed for the changing shape of networks and the unique security requirements of government agencies.  

Read our solution guide to learn how you can take the complexity out of security with integration and automation across multi-cloud environments. Manage risk easily and effectively, while gaining visibility.

Read more about how Fortinet Federal works with the US Federal Government to define security requirements and deliver leading solutions for federal civilian and national security systems.