惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
Latest news
Latest news
Help Net Security
Help Net Security
S
Security Affairs
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
Forbes - Security
Forbes - Security
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Help Net Security
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
Cyberwarzone
Cyberwarzone
The Last Watchdog
The Last Watchdog
S
Securelist
N
News and Events Feed by Topic
S
Secure Thoughts
F
Fortinet All Blogs
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
M
MIT News - Artificial intelligence
F
Full Disclosure
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Security Blog
Microsoft Security Blog
I
InfoQ
P
Privacy International News Feed
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CERT Recently Published Vulnerability Notes

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government
Shift to Telework: Enabling Secure Cloud Adoption for Long-Term Resiliency
Stephen Kova · 2020-09-03 · via MeriTalk

Over the past few months, agencies have strengthened remote work tools, increased capacity, improved performance, and upgraded security to enable continuity of operations as employees work from home and in various new locations.

However, as networks become more distributed across data centers, cloud, and remote connections, the attack surface increases, opening up the network to potential cybersecurity threats. Agencies have been forced to balance operations and security as they shift how users connect to government networks while remote.

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS – CISA) has played a key role in providing telework guidance through updates to the Trusted Internet Connections 3.0 guidance (TIC 3.0). This was an important step to provide more immediate telework guidance, open the door for modern, hybrid cloud environments, and provide agencies with greater flexibility.

In a recent webinar, I had the opportunity to speak with Beth Cappello, Deputy CIO, DHS, about IT lessons learned from the pandemic and the future of modern security with TIC 3.0 and zero trust.

TIC 3.0 and the Cloud Push

“When you think about TIC 3.0 and you think about the flexibility that it introduces into your environment, that’s the mindset that we have to take going forward,” said Cappello. “No longer can it be a traditional point-to-point brick and mortar fixed infrastructure approach.”

TIC 3.0 has enabled agencies to take advantage of much-needed solutions, such as cloud-based, secure web gateways and zero trust architecture to support secure remote work.

Prior to the pandemic, DHS had begun adopting cloud – moving email to the cloud and allowing for more collaboration tools and data sharing – enabling the agency to transition from about 10,000 to 70,000 remote workers almost overnight. Many other agencies have similar stories – moving away from legacy remote access solutions to cloud and multi-cloud environments that offer more scalability, agility, and security.

IT administrators must be able to recognize where threats are coming from, and diagnose and fix them through “zero-day/zero-minute security.” To do this, they must turn to the cloud. Cloud service providers that operate multi-tenant clouds can offer agencies an important benefit – the cloud effect – which allows providers to globally push hundreds or thousands of patches a day with security updates and protections to every cloud customer and user. Each day, the Zscaler cloud detects 100 million threats and delivers more than 120,000 unique security updates to the cloud.

Secure Connections From Anywhere 

When the pandemic hit, agencies needed to find a way to connect users to applications, security as-a-service providers, O365, and the internet, without having to backhaul traffic into agency data centers and legacy TICs – which often result in latency and a poor user experience. Agencies required better visibility to identify who is connecting to what, see where they are connecting to, and send that telemetry data back to DHS.

Rather than focusing on a physical network perimeter (that no longer exists), the now finalized TIC 3.0 guidance recommends considering each zone within an agency environment to ensure baseline security across dispersed networks.

As telework continues, many agencies are evolving security by adopting zero trust models to connect users without ever placing them on the network. We know bad actors cannot attack what they cannot see – so if there is no IP address or ID to attack on the network, these devices are safe. Instead, agencies must verify users before granting access to authorized applications, connecting users through encrypted micro-tunnels leading to the right application. This allows users to securely connect from any device in any location while preventing east-to-west traffic on the network.

The Move to the Edge

For long-term telework and beyond, the next big shift in security architectures will need to address how agencies can continue optimizing working on devices in any location in the world. As agencies move to 5G and computing moves to the edge, security should too. Secure Access Service Edge (SASE) changes the focus of security from network-based to data-based, protecting users and data in any location and improving the overall user experience.

A SASE cloud architecture can provide a holistic approach to address the “seams” in security by serving as a TIC 3.0 use case and building security functions of zero trust into the model for complete visibility and control across modern, hybrid cloud environments.

For agencies like DHS, who have a variety of sub-agencies and departments of different sizes and missions, cloud is ideal to facilitate secure data sharing and collaboration tools.

“So, when we’re securing our environment, we’re provisioning, monitoring, and managing. We have to be mindful of those seams and mindful of the gaps and ensure that as we’re operating the whole of the enterprise that we are keeping track of how resilient the entire environment is,” said Cappello.