The COVID-19 pandemic upended longstanding attitudes about remote work, ensuring that employees will likely split time between home and the office for years to come. As hybrid work persists, government organizations must address cybersecurity risks associated with a large-scale mobile workforce.
“When you add that to the fact that most government organizations are already constrained for time, people and resources, it becomes a real problem,” says Peter Romness, Cisco cybersecurity principal for the U.S. public sector.
That’s the impetus behind the model, which combines networking and security functions in the cloud. Doing so allows government IT leaders to:
The convergence of security and networking is the key to how governments can leverage SASE to transform their IT infrastructures.
“Moving to SASE is really about accelerating your journey to the cloud,” says Center for Digital Government Senior Fellow Deborah Snyder, formerly chief information security officer for the state of New York. It does this by:
- Provide seamless connections to applications in any environment from any location, without forcing everyone through a VPN
- Simplify security, streamline policies and increase protection through cloud-based security services, rather than through government data centers
- Unite security and networking through a flexible, integrated approach
Eliminating Bottlenecks
With cloud-based networking and security controls, SASE eliminates the need to route traffic from remote workers and branch offices through the enterprise data center and its in-house security systems — even when they are accessing applications that reside in the cloud.
"The old mindset was that everything had to pass through the internal security stack first," says Steve Caimi, Cisco public sector cybersecurity specialist. "It meant that all remote user traffic, including normal web browsing, was dragged through the VPN and security controls that ran inside a government data center. It consumes network bandwidth and system resources, but also increases security risk and operational costs. Today, modern applications and security capabilities have shifted to the cloud, so this legacy approach makes little sense."
Shifting the Security Mindset
SASE environments provide the flexibility to allow users — whether in the office or working remotely — to access cloud applications and services as well as legacy systems that reside in the organization’s data center. Cloud-delivered security and software-defined networking (SD-WAN) provide controls that monitor user devices and IoT equipment at the edge, preventing them from accessing malicious sites and quarantine them when suspicious behavior is detected. These approaches can limit virtual private network (VPN) usage and improve the security posture in cases where they are still necessary.
“This changes your mindset about how security works,” Caimi says. “Don’t picture racked appliances humming away for years in a government data center. Picture modern cybersecurity in the cloud that always stays current — DNS-layer security, firewalling, web and email security, malware protection, remote browser isolation, and so much more.”
Driving Efficiencies
SASE can create leaner, more efficient operations by allowing organizations to eliminate in-house hardware and security systems. “The more you try to do in house, the more people and things you have to maintain and the harder it is to keep running,” Caimi says. “SASE is as much about improving operational efficiency as it is about improving cybersecurity and keeping it current. Outdated technology is expensive. It’s difficult to maintain, and sometimes it’s not even supported by the original vendor.”
Creating a Roadmap
Planning for SASE can also help drive broader organizational strategies. “I’m a big advocate of cybersecurity frameworks and best practices that help you build a risk-based roadmap,” Caimi says. “Not every organization does this.”
Assessing the existing security infrastructure and strategy, with or without the help of a vendor, can help identify gaps or aging systems that could put your organization at risk. It can also help identify which aging systems are taking up the most time and resources to keep running and allow you to identify promising candidates for modernization.
Supporting Gradual Implementation
Cloud-delivered security provided by SASE creates an overarching layer of network security that supports both existing and new applications. “It’s simple to take advantage of — there’s nothing to install, and it immediately starts protecting the organization,” says Caimi.
Such an approach allows organizations to build on existing systems and identify where they want to prioritize modernization efforts. “You can think about what you have now that you can use as you move forward,” Romness says.
Working Cooperatively with Vendors
One benefit of SASE is shifting the responsibility of securing the enterprise to the same vendors who designed the system architecture. These organizations typically have more staff capacity and expertise to manage cybersecurity operations. But doing so requires ensuring that vendors are transparent about their own efforts, including allowing customers to see their own internal security reports — including information about breaches — as well as information about certifications and third-party verification services.
“If I’m going to entrust my security with a cloud vendor, what kind of visibility do I have into that cloud vendor?” Caimi asks. "Therefore, be sure to learn about their commitment to transparency, trustworthiness and accountability."
Allowing Quick Wins
By protecting the entire IT environment, SASE makes it easier to spin up new solutions in the cloud and deploy them across the organization. That allows IT leaders to be nimble and focus on small pilots they can scale if successful.
“For too long, security people have had to say no to new things because there was too much of a security risk,” Romness says. “Cloud-based applications can be set up quickly and rolled out to the whole organization really quickly. … It’s the whole idea of being able to say yes instead of no.”
To learn more, view, Enabling Secure Hybrid Work with a SASE approach, a Government Technology webinar with Caimi and Romness here.
To see how Cisco is driving the revolution of secure access and helping state and local governments realize SASE their way, visit www.cisco.com/go/sase.
