Cloud and Government: Have We Finally Made a Love Connection?

The government's relationship with cloud computing has been an evolving affair. Initially, there was skepticism that cloud solutions could not provide the needed security that on-premise systems had been providing. With checks and balances provided by FedRAMP, security concerns were slowly but surely overcome. With the move to more remote work and the demand for digital interaction with citizens, cloud has moved from a novel approach to a necessary part of the Federal IT infrastructure.

Cloud and Security

Initial concerns about the levels of security maintained by cloud providers have proven to be unfounded. Cloud systems are built with security as a top of mind concern by some of the brightest, most experienced cyber experts in the world. No matter how skilled Federal IT teams are, they just cannot build an on-premises system that meets the same rigors. In fact, today cloud security concerns lie with the users of cloud rather than the providers. Continue reading

Key Trends for Selling to Government

Selling into the government means abiding by a number of strict procurement rules around RFP submission, security and clearance compliance, and even buying lunch for customers. Luckily, in addition to these rules, government contractors can hone in their B2G marketing with clear, publicly available guidance on exactly the solutions government needs.

Each administration brings with it a new set of priorities that inform budgets and investments. As we near the halfway point of the first term of the Biden administration, there are a number of key documents that will guide what technologies and solutions government customers will buy. Continue reading

Zero Trust in Government Accelerates 0-60

Zero Trust is a logical evolution of security in a world where remote access to networks and applications is more common than being on-site with an organization's data center. From cloud applications to the explosion of remote work, the traditional "castle and moat approach" simply does not scale or protect networks that are constantly being accessed by outside users.

The Executive Order on Improving the Nation's Cybersecurity (Cyber EO) has a strong emphasis on moving government toward a Zero Trust approach for security. It laid out deadlines for agencies to submit plans for implementing Zero Trust architectures, holding organizations accountable for changing how they allow users to access their systems. Continue reading

Putting a Value on Trust — Introducing Zero Trust Security Approaches

With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.

Continue reading

Do Your Part. Be CyberSmart: 2020 Cybersecurity Awareness Month

For the past 17 years, the Cybersecurity & Infrastructure Security Agency and the National Cybersecurity Alliance have led a month-long national focus on cybersecurity best practices. In coordination with a number of organizations around the country, each October features events and campaigns to help educate businesses and individuals on avoiding dangers lurking online. As with everything else, the activities for the 2020 Cybersecurity Awareness Month will look a bit different. But perhaps it is fitting that most of it will be taking place online. It's a great opportunity to practice what you preach when hosting virtual events and resources.

The theme for 2020 is "Do Your Part. #BeCyberSmart," encouraging individuals and organizations to look at their own role in protecting cyberspace and providing proactive steps to enhance cybersecurity. A big part of this is the idea of "if you connect it, protect it." Resources and speakers will focus on securing devices at home and at work, securing Internet-connected healthcare devices, and looking ahead to the future of connected devices.

In government, doing "your part" means making a transition to a zero trust security environment where access controls are maintained around data and systems even after someone has shown the proper credentials to get into the network. The name "zero trust" implies a difficult hurdle that has to be overcome to earn the trust, but that is not the case. A different way of looking at it is "context-based trust" or "variable trust" meaning that devices with network access will receive immediate entry. Other devices that are unknown to the network will be subject to additional checks and balances. Key to this is establishing what is perceived as normal behavior on the network and by users. As activity deviates from that norm, systems and data can be locked up until legitimate access is verified. Continue reading