Digital transformation isn’t just a preoccupation of the private sector; public sector organisations and authorities also recognise the many potential benefits on offer, e.g. allowing citizens to connect with them more quickly and easily. Public sector employees also stand to benefit from the added flexibility afforded by the cloud. The move to consolidate public sector premises and the rise in mobile working generally is already driving change in the working environment in government.
However, it is fair to say that the public sector has traditionally struggled to keep pace with evolving IT demands as departmental and government focuses shift, either in line with new legislation or current events. How can a non-corporate network and Zero Trust based approach help to deliver a consistent user experience for civil servants without compromising security?
IT teams are tasked with enabling and developing user behaviour, facilitating the secure sharing of governmental data and resources on the go, as the consolidation of estates, takes place leading to a more mobile working style. The nature of public sector IT is changing; the internet is set to become the new network in government, and a flexible approach is needed that enables operational changes and delivers a positive user experience for employees. IT security is being modernized to prevent security vulnerabilities, which is particularly important given the highly sensitive data involved. The answer to managing increased staff mobility, driven by the consolidation of office space, and in combination of the security requirements associated with allowing staff remote access can be an extension of micro segmentation of who is allowed to access what to preserve security and logical boundaries.
For public authorities, there is more at stake than just a transition of services to a more citizen-friendly approach when it comes to digitisation. The security aspects of the highly sensitive data managed by staff and third parties, is of the utmost importance.
In the course of digital transformation, overstretched public authorities have to create a balancing act between online services and secure processes. To successfully adapt to new market conditions, they must scrutinise their traditional infrastructures with respect to procurement cycles, data retention, network architecture and IT security. In the cloud era, government applications are increasingly abandoning the data centre as the working environment moves away from fixed offices due to the consolidation of premises and demands to enable working from home or on the road.
The modern world of work is shifting evermore to a more flexible infrastructure that enables cost-efficiencies. Indeed, cloud-based applications – often invoiced based on specific employee numbers and usage – remove much of the capital expenditure around maintaining IT hardware. Next generation government IT teams are embracing a cloud first approach to transform their departments, becoming more agile and enacting business policies with an improved user experience and minimal risk at the same time. The benefits for IT include less time and effort being invested in maintaining infrastructure; the challenge is providing access for the mobile public servants to applications that have been migrated into the cloud and at the same time provide secure access to internal data centres.
IT teams must find a solution that allows an easy to administer way to provide secure access on the application level for civil servants and third parties, asopening up unlimited network access to any government system introduces unacceptable security risks. The cloud helps to meet this challenge. A leading edge set of technologies has been developed to enable connectivity to private apps without ever exposing them to the internet. The solution for quick, private connectivity to internal apps is based on a software-defined perimeter (SDP).
Here’s how an SDP approach works:
- An employee or third-party user wants to connect to a private application, creating an outbound call to a broker;
- The broker processes the request and checks if the user has proper authorisation (often based on IDP and SAML attributes)
- If the user is authorised to access the app, the broker calls out to the connector sitting closest to the app—the connector front-ends the apps—and the connector sends an outbound connection to the broker;
- The broker then stitches together the two outbound connections in the cloud, enabling private connectivity between the authorised user and the specific app.
Such a software defined perimeter provides the following benefits: Application access does not require access to the entire network or the use of a VPN and apps are also invisible to unauthorised users as they are never exposed to the internet. Specific users are connected with specific apps they require for their work, which means that segementation takes place on application level, so that the need for burdensome network segmentation becomes obsolete. As a consequence, the internet truly becomes the new secure network. Since this connectivity is delivered over a hosted cloud service, the ability to scale based on user volume is effortless. In effect there is no requirment to buy more appliances and add to the inbound VPN gateway stack.
Government departments and public authorities in the midst of a transformation have a myriad of considerations. Applications are rapidly moving out of the data centre and into the cloud, while users are moving off the traditional internal network. In order to reap the benefits of such a change, the public sector must first consider how to best allow users to access applications from remote locations from any device – whether government issued or not – without introducing risk.
Zscaler will be discussing the challenges and opportunities presented by digital transformation to the at GovSec – the UK’s premier event for cyber security and info security professionals and decision-makers looking to protect key public sector IT infrastructure and assets – on May 9th 2019 at the Victoria Park Plaza, London.
For more information, click here or follow the event on Twitter via #WMGOVSEC.