Security

CISA’s Greenfield Solution: A Model for IT Modernization in the Zero-Trust Era

Often, starting fresh allows IT teams the opportunity to see the bigger picture and implement new strategies to advance their cybersecurity goals.

Gregory Kushto

Gregory Kushto is Vice President of Engineering at Sirius Federal.

Managing security effectively across a vast landscape of legacy technologies at some point feels like a losing proposition for federal cybersecurity and IT teams. There are too many updates, patches and critical fixes to tackle — all to maintain systems that likely don’t offer the power or agility required to run more innovative solutions.

Enter the “greenfield” approach, which allows agencies to regain control and build new environments free of legacy code while dramatically reducing their attack surface. The term greenfield comes from the construction industry and describes a project that starts from scratch on an empty, undeveloped field. In the modern era of zero trust, a greenfield strategy offers IT teams a clean slate.

CISA Adopts a Greenfield Approach

The Cybersecurity and Infrastructure Security Agency embraced the greenfield option, undertaking a large-scale modernization that will replace most legacy IT systems with a brand-new environment, both in the cloud and (where necessary) on-premises. Rather than struggle to sustain and secure decades-old systems, CISA is building an environment free from many of the old vulnerabilities and historical design decisions that bad actors are most likely to try to exploit. In fact, CISA is asking vendors to embrace this new approach as well in the Secure by Design program.

The approach allows CISA to free itself of all the legacy code no longer supported by the vendor, and replace older or obsolete custom code whose creators are no longer available to deliver the care and feeding required to ensure ongoing security.

Click the banner to read CDW’s white paper on enhancing zero trust for your agency.

How a Greenfield Solution Enables Zero Trust

A greenfield approach becomes especially valuable as agencies see implementation of zero-trust frameworks edge higher on their list of priorities. Many legacy systems were not built with security top of mind; more often, cybersecurity solutions were bolted on after the fact, making it difficult to implement the holistic, end-to-end security environment called for under the zero-trust framework.

Many agencies have weighed their options in this situation and decided that it’s more cost-effective — and a better use of stretched-thin IT talent — to start from scratch. While the sheer size and scale of federal systems means it may be impractical to take a greenfield approach to everything, that isn’t always necessary. Many agencies will find it makes sense to implement greenfield solutions in more targeted ways, especially in support of more robust security controls.

My team has been working with a civilian agency to redesign its approach to identity, both internal and constituent-facing. We’re helping the teams there build a brand-new environment that assigns an external “source of truth” for identity, which then serves as validation to access needed systems. The point is that those business systems remain in place, supporting agency employees and driving constituent engagements. Their greenfield approach to identity delivers a fresh, modern and wholly secure capability, replacing fragmented and inefficient legacy identity mechanisms.

DISCOVER: DOD’s principal deputy CIO says all military services have submitted zero-trust plans.

Here at CDW Government, we are well positioned to support such efforts. Through our engagements with nearly every civilian and defense agency, we’ve seen a lot of unique environments. We know what works and what doesn’t, and that enables us to deliver insights into best practices that ultimately help agencies achieve their technology goals.

IT teams gain long-term value simply by considering a greenfield option. To map a greenfield plan, IT teams must step away from the daily grind to truly take in the bigger picture. That’s a good opportunity to understand how systems connect, where the data flows and where gaps may exist in defense. Undertaking the exercise offers IT teams deeper insights into their security situations, which drives smarter strategies on the path to zero trust.

CDW Government can help drive the process forward while alleviating some of the stress. Our workshops, assessments and deep understanding of industry best practices can assist IT leaders with demonstrating the value of modernization, implementing an agile approach and tackling technical debt in small, manageable steps.

This article is part of FedTech’s CapITal blog series.