How to Improve Security and Workflows With Network Visibility MARKET TRENDS REPORT
Executive Summary The COVID-19 pandemic forced the federal government to accelerate the adoption of cloud computing so that employees could work remotely with the same efficiency as in the office. Now, agencies are realizing that the rapid migration to the cloud has complicated networking by making their IT systems hard to visualize from end to end. For scores of agencies nationwide, the environments that their workforces cobbled together from on-premises and public and private cloud IT are difficult to manage and secure. Since then, President Joe Biden’s executive order (EO) on cybersecurity has added more urgency to this issue. Biden’s EO not only mandates that agencies migrate to the cloud securely – it demands that they do so with a zero-trust security architecture. Yet agencies are quickly realizing that they cannot protect what they cannot see. Complete network awareness is the first step in the journey toward zero-trust security architectures. That’s where network visibility comes into play. With the combination of practices and tools network visibility covers, agencies can visualize and secure all IT, whether it is on-premises, in public or private clouds or a hybrid format. Network visibility can also show agencies what is operating on their networks, how these assets are connected and the risks associated with them. Network visibility can even give agencies an accurate, dynamic and comprehensive look at which of their resources are exposed to the internet. To learn more about network visibility, GovLoop partnered with RedSeal, a cloud security solutions provider, on this report. The following pages examine how network visibility can enable zero trust security for agencies’ hybrid cloud environments. Additionally, we share best practices for optimizing network visibility and zero trust security in these environments.
2
MARKET TRENDS REPORT
By The Numbers: Federal Cybersecurity and Cloud Computing at a Glance $9.8 billion
$97.1 billion
is the projected amount of cybersecurity funding for securing federal civilian networks and protecting the nation’s infrastructure in the federal budget for fiscal 2022. This proposed amount would also support efforts to share information and create standards and best practices for the federal government’s critical infrastructure partners and American businesses.
is the projected amount of federal IT spending governmentwide for fiscal 2022. IT spending frequently involves modernization efforts like cloud adoption.
$25.6 billion of the spending amount projected above is allocated for major IT investments in fiscal 2022, while $71.5 billion is listed for non-major IT investments.
$750 million of the funding amount projected above is allocated for agencies that have been affected by recent and significant cyber incidents. This funding is to address exigent gaps – the vulnerabilities that require immediate action – in their security capabilities.
950 is the number of cybersecurity recommendations from the Government Accountability Office (GAO) that federal agencies had not implemented as of July 2021.
Four of the most targeted cybersecurity vulnerabilities in 2020 affected remote work, virtual private networks (VPNs) or cloud-based technologies. VPNs extend a private network across a public network. This technology lets users send and receive data across a shared or public network as if the computing device is connected to a private network.
2018 was the year most of the top cybersecurity vulnerabilities that cybercriminals targeted in 2020 were first disclosed.
More than $100 billion is the amount the federal government spends on cybersecurity and IT investments each year as of July 2021.
HOW TO HOW IMPROVE TO IMPROVE SECURITY SECURITY AND WORKFLOWS AND WORKFLOWS WITH NETWORK WITH NETWORK VISIBILITY VISIBILITY
3
Simplifying and Securing Hybrid Clouds The Challenge: Convoluted Cloud Environments Biden’s EO suggests the cloud will play a pivotal role in the federal government’s future; it urges agencies to maximize the technology’s flexibility and scalability rapidly and securely. But what can happen if agencies embrace the cloud too rapidly? The answer is haphazard and insecure IT environments. These environments often occur when agencies combine on-premises and cloud-based IT in a hybrid model. “Complexity is the enemy of security,” said Wayne Lloyd, Federal Chief Technology Officer (CTO) at RedSeal, a cloud security provider. “It is hard to defend something when you don’t know what you’re defending.” Take resources like apps. The good news is that hybrid environments can help agencies leverage more of these commodities, whether they are legacy or modern. The bad news is that hybrid environments can be convoluted and difficult to secure. The plot only thickens with public- and private-cloud hybrids. Public clouds host multiple organizations, while private clouds serve one entity. Unfortunately, implementing hybrid
clouds often requires agencies to partner with multiple vendors. Every cloud has unique characteristics, so managing and protecting the final hybrid environment can challenge any agency. “Your people are going to be hard-pressed for some time to find a well-rounded cloud security team that understands all these environments,” Lloyd said. The more IT agencies have, the harder their hybrid cloud environments can be to govern. Rising amounts of IT can mean rising compliance and security requirements. More IT frequently equals more cybersecurity vulnerabilities to manage and incidents to address. Agencies with larger hybrid cloud environments can have more on-premises IT exposed to the internet. “If agencies don’t know the cloud vendor’s solution and all the tools it has, it can be difficult to track things down,” Lloyd said of visibility into hybrid cloud environments.
The Solution: Network Visibility For many agencies, securing hybrid cloud environments is like reading an entire phone book. At these agencies, finding potential security flaws is taxing and time-consuming. When employees must scour sprawling on-premises and cloudbased IT, the experience can resemble reading hundreds of phone book pages. In this scenario, finding security gaps like unpatched software can take days. Network visibility can help agencies view every part of their hybrid cloud environments by mixing the right activities and tools together in one platform. Even better, agencies with network visibility can continuously monitor what is in their hybrid cloud environments, what these assets are connected to and the risks associated with them. Perhaps best of all, network visibility can help agencies identify and address cybersecurity gaps, incidents and requirements faster. “You see the picture and say, ‘Wait a minute, that doesn’t look right,’” Lloyd said. “Humans are much better at picking an anomaly out of a picture than reading phone books of text.” 4
Network visibility can also launch agencies toward two valuable cybersecurity tools: automation and zero trust security. Automation involves machines performing processes with little to no human involvement; zero trust security is the principle that anything on IT networks is immediately untrustworthy and requires constant verification. Working together, automation, network visibility and zero trust security can dramatically improve agencies’ security. “It’s a force multiplier,” Lloyd said. “The analysts don’t have to chug through that remedial data analysis.” Using automated network visibility, agencies can wield zero trust security like a spotlight agencywide. Gradually, this strategy enables agencies to correct security events, holes and compliance missteps sooner and more affordably. “There are always unknowns when networks grow and change while agencies grow and change,” Lloyd said. “With a visibility platform, you can put in these rules.”
MARKET TRENDS REPORT
Best Practices: Successfully Navigating Network Visibility 1. Locate Trouble Accurately In today’s world, hybrid cloud environments can extend across any distance to support remote work. Because these environments lack perimeters, agencies must fight two battles when dealing with them. Initially, any resource agencies put in these environments — an app, a workload or something else — can become exposed to the internet. Agencies must remain vigilant about these shortcomings or risk cyberthreats. Next, vulnerabilities such as cloud-based software deployments that are not configured correctly can generate more security pitfalls. Fortunately, network visibility can overcome these obstacles with accurate information about the elements inside agencies’ hybrid cloud environments. Utilizing this knowledge, agencies can shore up any weaknesses before they cause damage.
2. Establish Access Controls Overall, network visibility is about setting the boundaries around agencies’ data and other belongings. For starters, network visibility can provide agencies with a snapshot of the legacy, cloud-based and third-party defenses shielding their networks. For instance, some network engineers route traffic around physical firewalls to elevate availability, bandwidth and speed. Through network visibility, agencies can account for these pitfalls and reduce future heartache. Agencies can additionally monitor which entities are trying to bypass their fortifications. Whether it is a user, a device or another possibility, network visibility can inform agencies about who and what is seeking their possessions.
3. Automate Compliance and Networking Processes When it comes to hybrid cloud environments, agencies have many security policies and regulations to comply with. Take the Federal Risk and Authorization Management Program (FedRAMP), which authorizes which cloud services can hold federal data. Whether demands like these are global, federal, state or local, automation can ensure agencies satisfy them more easily. Automation can also aid agencies with a central tenet of zero trust security – network segmentation. Network segmentation boosts hybrid clouds’ performance and security by splitting the environment into chunks. As a bonus, agencies can barricade these segments if cyberthreats pierce them. While cyberattacks are always problematic, automated network segmentation can stop them from becoming more painful.
4. Enforce Zero Trust Security Agencywide Zero trust security is a journey, not a destination. To implement zero trust security, agencies must develop a strategy that prepares their people, processes and technology for this philosophy. Network visibility can then empower agencies to apply zero trust security attributes enterprisewide using a platform for that purpose. Inside these agencies, concepts like continuous monitoring and network segmentation eventually become commonplace.
HOW TO IMPROVE SECURITY AND WORKFLOWS WITH NETWORK VISIBILITY
5
Case Study: An Agency’s Network Visibility Wins To understand network visibility’s benefits, look at one federal agency’s experience in Port Hueneme, California. Like other agencies, this organization had a mountain of cybersecurity compliance requirements to routinely audit. Leaning on network visibility, this agency shrank its workload and saved crucial energy and time.
Once engrained, network visibility doubled the potential capacity of this agency’s inspectors general (IG) office to conduct audits like these. The icing on the cake? Now, network visibility has allowed one person to run this agency’s whole STIG compliance operation for over a million assets remotely.
Originally, the agency’s recurring examination of its compliance with IT and cybersecurity mandates took seven days. After deploying a network visibility platform, that amount fell to two days.
Since then, network visibility has made this agency’s audit team more productive. Network visibility has also helped the agency’s personnel understand their hybrid cloud environment better. Perhaps most importantly, network visibility has improved this agency’s overall digital resilience through zero trust security. By continuously monitoring their hybrid cloud environment with network visibility, this agency has become better prepared for cybersecurity detection and defense.
How was this possible? Network visibility allowed the agency to quickly ingest information about its network and completely map it. Once that happened, the agency could also compress a typically two-week inspection of its security technical implementation guide (STIG) and technology policy demands into one week. STIG configuration standards list cybersecurity requirements for specific products, so auditing them can be arduous for government employees.
HOW REDSEAL CAN HE L P Network visibility platforms like the one RedSeal provides can help agencies find a common tongue for everyone involved with their hybrid cloud environments. These platforms ensure that data from everyone — like internal employees or external partners like cloud vendors — is collected in one place for agencies.
“RedSeal brings that lingua franca so you can simply say, ‘Can you show me?’” Lloyd said. “The power of RedSeal’s inventorying tells you everything that is on your network and how it is connected.” Learn more at: www.redseal.net/our-platform/ hybrid-multi-cloud-security/
RedSeal can also help agencies launch zero trust security efforts. By mapping hybrid clouds in their entirety, network visibility platforms can allow agencies to practice such central tenets of zero trust security as continuous monitoring.
6
MARKET TRENDS REPORT
Conclusion COVID-19 and the recent cybersecurity EO have pushed an unprecedented number of agencies to adopt hybrid clouds. In the future, these agencies must closely guard their network environments or suffer costly and disruptive cybersecurity incidents. Yet going forward, network visibility can fuel healthy security at any agency. Network visibility can also ensure that no hybrid cloud environments’ security defects remain hidden from agencies for long. Continuous monitoring, however, is perhaps network visibility’s best feature. By automating network visibility in this way, agencies can simplify zero trust security. The agencies that are not relying solely on human’s eyes to catch security traps are the ones that can also stay focused on mission wins.
ABOUT RED S E AL
A B O U T G OV LO O P
RedSeal—through its cloud security solution and professional services —helps government agencies and Global 2000 companies measurably reduce their cyber risk by showing them what’s in all their network environments and where resources are exposed to the internet. Only RedSeal’s award-winning cloud security solution can bring all network environments—public clouds, private clouds, and on-premises— into one comprehensive, dynamic visualization. RedSeal verifies that networks align with security best practices; validates network segmentation policies; and, continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.
GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 300,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com.
For more information please visit www.redseal.net/.
HOW HOW TOTO IMPROVE IMPROVE SECURITY SECURITY AND AND WORKFLOWS WORKFLOWS WITH WITH NETWORK NETWORK VISIBILITY VISIBILITY
7
1152 15th St. NW Suite 800 Washington, DC 20005 P: (202) 407-7421 | F: (202) 407-7501 www.govloop.com @GovLoop