For agencies like the California Public Employees' Retirement System (CalPERS), the nation’s largest public pension fund, this challenge is especially acute because our workforce extends well beyond traditional employees. Consultants, contractors and external partners are essential to delivering for our 2 million-plus members. Yet the systems designed to connect third parties to our internal infrastructure are showing their age.
WORK IS CHANGING. LEGACY TOOLS HAVEN'T.
Today, applications have migrated to the cloud. Collaboration now lives in software-as-a-service (SaaS) platforms, and generative AI is rapidly changing how employees do their work.
This shift is incompatible with the technology stacks most agencies rely on: virtual private network (VPN) access layered on top of virtual machines, combined with email provisioning and a patchwork of published applications.
These network-centric tools were designed for a previous era when applications and servers lived inside the office walls and employees worked primarily from trusted networks. In modern cloud-driven environments, these approaches introduce operational complexity, high infrastructure costs and poor user experience.
Consider the onboarding process for contractors. In many cases, they simply need email and access to a limited set of resources. However, to enforce security boundaries, agencies often default to setting up virtual machines, maintaining application licenses and managing infrastructure that far exceeds the contractor’s actual needs.
This is both inefficient and costly, requiring IT teams to provision and maintain virtual environments, manage VPN access, publish applications and ensure compliance across a fragmented tool set. And as the number of contractors grows, so does the overhead. This complexity and the operational burden impede agencies’ abilities to deliver results for their constituents.
Work is changing not just because of the transition to the cloud, but also because of the transition out of the office. Remote and hybrid environments are now the norm. Although the traditional perimeter has dissolved, many agencies continue to rely on tools designed to enforce it.
This mismatch creates both security gaps and usability challenges. VPNs, for example, were intended to extend the network perimeter, not to secure a distributed, device-agnostic workforce. They introduce friction for users while offering limited visibility and control for administrators. For agencies like CalPERS, where phishing remains the No. 1 threat vector — and where AI tools are accelerating the sophistication of attacks — this model is increasingly insufficient.
A NEW APPROACH OFFERS SIMPLICITY, EFFICIENCY AND CONTROL
A fundamentally different approach is needed that replaces infrastructure-heavy solutions with a unified, cloud-based platform purpose-built for modern work.
Rethinking how we connect our teams and secure our systems will enable agencies like CalPERS to manage access at a granular level, delivering only the applications and resources each user truly needs and without exposing the broader environment. It would allow IT teams to establish consistent security controls across all users, regardless of whether they are employees or contractors, in-office or remote.
Equally important, it would provide real-time visibility and monitoring, allowing agencies to detect and respond to threats proactively. This way, security is embedded into the user experience itself, not bolted on through additional layers of complexity.
By consolidating access management, security enforcement and monitoring into a single platform for enterprise work, agencies can dramatically reduce the operational burden on IT teams. Provisioning becomes faster and more precise. The need for virtual machines, redundant licensing and additional hardware diminishes. Costs come down, not just in terms of infrastructure, but also in the time and effort required to maintain it.
Just as critically, this approach reduces friction for users. Contractors can access the tools they need quickly and securely, without navigating cumbersome VPN connections or managing complex environments. This enables them to be productive from day one, no matter where they’re working.
THE PATH FORWARD
For state agencies, the stakes are high. They must balance accessibility with accountability and agility with security. Continuing to rely on legacy access models makes that balance nearly impossible.
The task is clear: simplify the stack, modernize access and adopt platforms that are designed for the realities of today’s workforce. By doing so, agencies like CalPERS can not only strengthen their security posture but also empower the diverse ecosystem of contributors whose work constituents rely on for critical services and benefits.
