Nov 17 2020

Amid Pandemic Chaos, Agencies Work to Secure Networks

Zero trust, cloud protections and new practices built for teleworking may become permanent.

We’ve seen a dramatic shift in the way we live our lives since March. Routine actions once done in person — from quick catchups on work projects to shopping or visits with family — have all gone online as we protect ourselves from COVID-19.

The federal government has been no exception, sending employees home to work when their jobs permitted it. Hundreds of thousands of federal employees teleworked in 2020, and many offices remain sparsely populated.

It’s expected that many of these practices — especially the work-from-home aspects — may remain integral to the 21st century workplace. The flexibility provided by telework has proved to be attractive to many workers, who are happy to be rid of long commutes and noisy offices.

But with that flexibility come additional security issues. Employees are no longer working on their hardened office networks, may be using personal devices and are often sharing home bandwidth with people who may be too young to understand multifactor authentication.

Cybersecurity Comes First for Agencies

Agencies turned to virtual private networks almost immediately as the pandemic began, but with telework looking to become a permanent part of the work experience, many are considering tougher security practices.

Zero trust, a concept already on the table, is gaining traction in civilian agencies. Our roundtable features security experts and federal IT officials who talk about the benefits the practice can bring, especially for networks with scattered endpoints.

The military provides another perspective on zero trust, with the Department of Defense components hastening to put the security approach into practice as COVID-19 spread.

Some agencies, concerned with safety in the cloud, installed cloud access security brokers to monitor data moving between cloud services. And the Cybersecurity Infrastructure and Security Agency provided new guidelines for federal agencies that had to protect their displaced networks. Assistant Director for Cybersecurity Bryan Ware outlines the details in a Q&A.

Improvements in cybersecurity are valuable, and many of these might have become standard practices anyway. But as we’ve learned in this most unusual year, when there’s no predicting what will happen — and it’s often wilder than you expect — being prepared never hurts.