As we have witnessed already in 2020, network infrastructure and security must evolve simultaneously to ensure data protection and secure access to resources whenever and wherever applications are launched. Traditional security solutions can no longer provide the level of protection, performance and access control that federal agencies demand. In addition, especially now, budget constraints at all levels of government are forcing government agencies to do more with limited resources. Going into 2021, Fortinet Federal’s Bob Fortna offers his perspective on how agencies should look to develop a sustainable security posture going forward and take advantage of learnings from this past year.
Digital transformation (or IT modernization as it is often referred to within the federal agencies) is still a huge priority for agencies. For example, while the Cloud First initiative was released nearly a decade ago, the landscape has changed enough for the federal government to understand that Cloud Smart is a better way to think about the shift.
But, for federal agencies there is no one compute model. Very few agencies utilize the cloud or data centers exclusively, so that means a hybrid cloud model is the best path forward. Even if you are a very cloud focused agency, you still have endpoints—especially with remote work today—and those endpoints are your network.
Agencies need to invest in a cloud model that allows them the flexibility to make decisions as they need over time while also providing the performance needed to keep mission critical operations up and running.
When connectivity is more important than ever, security is at the forefront of global discussion, and a security-driven networking approach is crucial for securing today’s hyper-connected government networks. Unless security is part of the network, it cannot make changes fast enough to protect network resources.
Agencies have had to pursue quick fixes and workarounds because of how quickly they had to adjust to requirements imposed by COVID. Because of that, priorities went through big changes this year which will impact what happens next in terms of IT decision-making. Coming out of the pandemic, many agencies will be looking to get operations back to normal, but it also presents an opportunity to evaluate decisions made in 2020.
I think going into 2021 government leaders should maximize the opportunity to focus on lessons learned over the last nine months and how cybersecurity will play an essential role in modernization and transformation planning, especially as remote telework is being seen as a future path for federal employees and contractors. Security must be included in these discussions as a strong cyber posture is critical for long term telework adoption.
With so many federal employees working from home now and even into the coming months, securing the edge has become more important than ever. The network perimeter has extended into the home and that leaves agencies with new risks. Thankfully, new technology makes detection and remediation possible at the edge before intruders enter the network. But for that to work, it takes careful integration and orchestration.
Seeing these new edge environments as part of the same security environment is crucial to securing networks. To do that, agencies need to integrate a fabric architecture that can be extended as new network environments are adopted, without sacrificing any functionality, visibility or centralized control.
For agencies in the age of telework, a single, holistic security strategy provides a comprehensive approach that is not only manageable and cost effective, but also fluid enough to adapt as networks undergo constant change. That will solve a lot of challenges as remote work becomes standard operating procedure. Integration has been a priority before but now it is urgent and fundamental to mitigating new risks.
The process for addressing the federal cyber skills gap is two-fold. First, agencies should automate routine cyber tasks so the analysts can focus on the more significant threats—which are typically those that require skill and creativity to defend.
Artificial intelligence and machine learning are fundamental to automating security processes. In fact, security technologies with AI and ML use the volume of data on agency network activity to be able to characterize normal activity, to spot abnormal behavior, to gauge which abnormal activity is malicious and to respond to it in real time.
Second, the government needs to develop a more diverse pool of cyber talent. While traditionally agencies draw from colleges and universities, there is a veritable untapped wealth of cyber talent in our nation’s veterans. They already understand the missions of the federal government and have a proven track record of operating under pressure in support of our national security.
Beyond just investing in new talent, agencies should be making sure it’s current roster of cyber analysts continue their training to stay up to date on the latest threats. Fortinet offers free training through its Network Security Expert initiative, which offers an eight-level training and certification program that is designed to provide cyber pros with an independent validation of their network security skills and experience. It also offers a great opportunity to upskill and reskill which can help with fostering new talent and closing the cyber skills gap.
Learn more about how Fortinet Federal helps Federal agencies efficiently protect U.S. government data and critical infrastructure against advanced nation-state threats.