Time to fix the TIC
- By Stephen Kovac
- Dec 21, 2017
The Report to the President on Federal IT Modernization emphasizes the need for updated IT infrastructure and shared services – specifically recommending modernizing the Trusted Internet Connections program.
TIC modernization is critical to the federal government's broader digital transformation strategy. Agencies are increasingly dependent on the internet to access critical applications that power their mission. Teams expect the same level of seamless access to applications and data as they have in their personal lives.
Because of this shift, network security is becoming irrelevant. Cloud and mobility are disrupting how we have traditionally thought of security and networking. With more and more users accessing the internet at any time from anywhere, we have to consider how to secure a network we don't control. It must be held to the TIC standard without creating usable latency, while also securely connecting the right user and device to the right app and service over the internet. The only way to accomplish this is to shift the policy away from the network and wrap the policy around the user.
Therefore, we need a fundamental shift in the TIC's architectural design and approach -- enabling feds to take full advantage of cloud-based technologies and continue to strengthen our cyber defenses. The current TIC architecture provides poor user performance, was not designed to handle today's digital data deluge -- and is not cost effective. As agencies accelerate cloud services adoption and government employees become more mobile, perimeter-based security is not the answer.
There are a few different approaches agencies can take for TIC modernization. One is a "lift and shift" -- virtualize everything and put it in the cloud. But this approach only compounds the problem because all it does is move the problem to a more complex environment, fundamentally creating even more issues. This approach will not solve the problem. In my opinion, the best approach to handle the shift in the marketplace is to wrap the policy around the user. And we can accomplish this by moving TIC to a cloud-based, software-defined gateway built in the cloud. This environment has the elasticity to scale and meet government needs no matter where the user is accessing the internet.
We need to shift the perimeter of the TIC away from the network and to the cloud, aka "TIC-in-the-Cloud." Today, applications have moved out of the data center and into the cloud. Users have moved off the network and are connecting from everywhere. The technology landscape has shifted, and so should our approach to security. In the past, everyone focused on protecting the network. Now, we need to focus on protecting the user.
How can these steps be best facilitated? We need a TIC overlay within the FedRAMP program -- the General Services Administration is exploring options, and ran a pilot program in 2016. Hopefully, there is more to come. Industry and government will need to work together in lock step.
By moving security and access controls from the data center to a FedRAMP-compliant high baseline distributed cloud, Federal leaders can provide consistent protection to users anywhere they go, while benefiting from cloud efficiencies and economics.
Current TIC architecture limits the federal government's digital strategy. By modernizing the TIC, we will improve user experiences, improve security, reduce costs, and enable modern, efficient and connected government.
Stephen Kovac is vice president, global government and compliance at Zscaler.