Security

How SASE Can Enhance Security for Agencies with Remote Workers

A secure access service edge approach can help the federal government improve cybersecurity in a variety of ways.

George Kamis is CTO for the global governments and critical infrastructure business at Forcepoint. He works closely with information assurance industry leaders and government executives to help guide long-term technology strategy and keep it aligned with federal and industry requirements.

The coronavirus pandemic dramatically reshaped the work landscape for federal agencies, with thousands of government employees now working remotely who weren’t before. This shift placed an unprecedented amount of demand and pressure on VPNs as organizations sought ways to create secure, encrypted tunnels between users and access points. In some cases, VPN gateways became overloaded with the mass migration to remote work, causing workflow interruptions like denial of service.

However, while stand-alone tools like VPNs are useful for connecting users to a single network, a secure access service edge (SASE) solution can offer unified protection across numerous environments. Cloud-based SASE solutions can also quickly scale to meet demand, without requiring the purchase additional enterprise security appliances. SASE can grow and contract with the needs of the remote workforce.

Put simply, SASE combines multiple platforms — such as cloud access security brokers, zero-trust network architecture, content disarm and reconstruction, and remote browser isolation — into a single, cloud-based solution that enables secure, remote access from anywhere and can scale with demand.

The software has the flexibility to run in the public cloud for optimal scalability, in an isolated cloud, or on-premises. Let’s look at how these solutions work hand in hand to offer the highest level of security for remote work environments for government agencies.

Click the banner to get access to customized content on cybersecurity by becoming an Insider.

How Zero-Trust Network Architecture Secures Agencies

ZTNA combines strict identity verification with explicit permission requirements for every person or entity attempting to access network resources. By operating zero-trust gateways as virtual machines that create connection points to support the transfer of complex data, agencies can tightly control the security of information as it passes from one connection point to another. Throughout this exchange, data moves through a multistep security process that is tailored on a case-by-case basis.

Users can only access the specific data they’ve requested, as opposed to the entire agency network, as they can with a VPN connection.

ZTNA allows agencies to constantly evolve and adapt cybersecurity postures to fit the habits and needs of their users by granting them access only to servers required for remote work and eliminating approval delays. This service remains “always on” and does not require a user to activate a VPN connection.

Zero-Trust Content Disarm and Reconstruction Offers Data Protection

Meanwhile, zero-trust content disarm and reconstruction (ZT CDR) takes the zero-trust model and applies it to the data level. Any suspicious file can be disarmed and reconstructed from scratch to ensure it doesn’t contain anything that is unsafe to transfer.

Rather than attempting to detect malware, ZT CDR works by extracting valid data, verifying the information and then building a brand-new document identical to the original. ZT CDR offers data protection across the board from bad actors implanting ransomware into attachments or employees who maliciously or unintentionally forward these infected files.

This layer of protection is particularly important in the age of remote work, as people outside the protections of government agency networks often share digital content with others working outside of their protected networks.

ZT CDR permits users to download, access and send files with complete security and certainty — without any bottlenecks created by virus scanners or file detonation chambers.

EXPLORE: How do granular identity and access management controls enable zero trust?

Remote Browser Isolation Helps Secure Remote Federal Workers

Remote browser isolation is a very effective cybersecurity solution that places the user’s browser session in an isolated cloud environment instead of a local computer. This ensures the user and corresponding activity are contained to the cloud, away from the agency network.

This keeps both the user and local systems safe from compromise. Remote browser isolation also allows government agencies to quickly mitigate risk by automatically redirecting users attempting to visit suspicious websites into a contained cloud environment where they are isolated from the rest of the enterprise.

By isolating users and their agencies from unknown and potentially harmful websites, they cannot compromise their local machine or harm the enterprise, allowing them greater freedom to search the web as they please.

Cloud Access Security Brokers Give Agencies Flexibility

Finally, CASBs secure remote work by automatically detecting the use of unauthorized applications and the exchange of information gleaned from potentially hazardous Software as a Service providers, flagging behaviors that can put agencies at risk.

CASBs deliver increased visibility into cloud services, giving IT teams greater control and oversight over the cloud-based tools that their fellow employees may be using. For example, many users are likely utilizing unauthorized applications for sake of convenience and inadvertently extending shadow IT influence.

CASBs are an effective tool that can be used to mitigate these actions while also providing data loss protection and control over what data can be accessed.

Overall, the shift toward remote work forced agencies to rapidly adapt to a new environment that poses significant cybersecurity challenges. In this environment, agencies need layers of protection so workers can perform their jobs remotely, efficiently and securely. By leveraging SASE security, organizations can keep their workers connected while also keeping their servers highly secure.

DIVE DEEPER: What are the benefits of a cloud security posture assessment?

gorodenkoff/Getty Images