Infinite Endpoints: As Telework Becomes the New Normal, Agencies Look to Prioritize Security

gorodenkoff/iStock

Presented by Iron Bow | Dell Technologies | Intel's logo

Amid a sudden shift to remote work, agencies are taking steps to improve their security strategy. Here’s how.

For government agencies, the shift to remote work has made a lot of things easier. Once burdensome activities, like long commutes, have all but disappeared, and a long-term move to work from home could cut real estate and transportation costs. 

But the transition to telework has also presented several challenges, especially for IT departments. Working from home, of course, has required many agencies to adopt an entirely new IT infrastructure that takes into account multiple endpoints in various locations. As a result, enterprise security has become a high priority for agency leaders. 

The need to enable secure remote access comes as the FBI’s Internet Complaint Center reported striking new evidence that cybercrime increased by 400% since the onset of the COVID-19 pandemic. Public sector IT departments are now taking proactive measures to immunize their agencies from common security threats. 

Protecting Classified Information

Government agencies know all too well that managing classified data requires extra tight security measures. But as risks increase, how can agencies ensure the right employees gain access to this information so that they can do their jobs effectively — while taking proper measures to secure it? 

“Providing a virtual desktop infrastructure is the first step toward achieving a secure infrastructure, but organizations need to go beyond that,” said Rob Chee, technical director of Iron Bow Technologies’ security practice. “It’s important for agencies to ask themselves, ‘what is going to be the most secure way to provide this VDI access, assuming the user is not in a secure location?’” 

The U.S. government has taken a number of steps to develop solutions that solve these very challenges. The National Security Agency and Central Security Service, for example, established the Commercial Solutions for Classified Program, an opportunity for users to better secure their classified data by leveraging proven commercial technologies. 

“We're talking about a purpose-built laptop that has two layers of encryption,” Chee said. “It uses cryptographic algorithms that have been approved by the NSA and done in a way that dramatically reduces the attack surface."

CSfC also provides the “Data at Rest” capability package to protect classified data stored on an end user’s device — and allows that data to be considered unclassified when the device is turned off. 

But what happens to this sensitive data in the event that one of these devices makes it into the wrong hands? Today, agencies have an opportunity to wipe that data remotely. In other words, if a user loses their device, agency IT leaders can remove specific applications or any other potentially compromisable data. 

Troy Massey, director of enterprise engagements at Iron Bow Technologies, has experienced this challenge firsthand. As part of a partnership with a federal healthcare agency, Iron Bow provides laptops to patients’ homes to support the organization’s telehealth initiatives. 

But these patients “don’t always keep the laptop or tablet — sometimes they sell it,” Massey explains. “So, we need to be able to easily wipe those devices of sensitive data.” 

The Path Toward Secure Cloud Operations 

While enacting policies that protect classified information on users’ devices is a critical step in the journey toward secure remote operations, agencies must also consider the bigger picture. That begins by understanding how — and where — they store their data. 

With the shift to remote work, more agencies have moved to multi-cloud environments aimed to offer enterprises increased flexibility and scalability as they adapt to telework. In many ways, this type of configuration can give organizations a leg up on security. 

“This multi-cloud approach can offer enterprises a unique ability to move to a cloud that has more advanced features, giving them the flexibility to move to a more secure vendor,” Iron Bow Technical Director of Data Analytics Brandon Lockhart said. 

However, it also puts the onus on the agency to exercise more control over its security infrastructure. 

“With multiple cloud environments, you have various security models in place as opposed to just one model to conform to,” Lockhart continued. “It’s up to the customer to protect, secure and improve their data, no matter where it sits.”

To make that happen, organizations must implement tools that offer insight into each cloud environment. 

“One of the best things agencies can do is leverage tools that provide threat visibility to identify potentially malicious behavior that could indicate an attack occurring,” said Chee. “Security analysts can then use the information provided to understand how the attack entered, define what devices are affected and reduce the time to remediation and root cause analysis."

Ultimately, he added, analysts can begin to understand exactly how many endpoints have been affected by an attack and a possible root cause. 

Furthermore, Chee says organizations and IT departments can mitigate security breaches by starting the journey toward implementing a Zero Trust architecture. That means identifying an organization's users, devices and applications and using appropriate security appliances to implement stricter rules that require every user to prove that they are authorized to access an application using a particular device. 

“The concept of Zero Trust has been around for a long time, but it's just in recent years that companies have really started to focus on making it end user-friendly,” Chee said. “Thumbprint and multifactor authentication solutions, for example, are going to allow Zero Trust to provide much higher levels of security for organizations with users operating remotely.”

And while the many steps organizations must take to secure their remote workforce can seem daunting, others view it as a sign of progress. 

“The fact that we can access classified data at any terminal outside of a secure facility is just mind-blowing,” said Massey, who spent 21 years managing data centers for the Air Force before he joined Iron Bow. “And now we have the technology to provide classified network access to someone’s home. It’s really incredible to be able to say that.” 

Find out how Iron Bow can help you take your enterprise security strategy to the next level at ironbow.com/irontarget/

This content is made possible by our sponsor. The editorial staff was not involved in its preparation.

NEXT STORY: Bridging the Data Gap: How Multi-cloud Can Pave the Way to Greater Government Interoperability

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.