We’ve all seen the news lately. It seems as though the revelations about OPM’s cyberattack and data breach keep getting worse, potentially exposing up to 18 million Americans’ personal data (mine included).
These events have shot Cybersecurity reform into the spotlight at all levels within the Federal Government.
Tony Scott, the newly appointed Federal CIO has ordered a “30 day cyber sprint” to secure agency networks and data while assembling a tiger team to review current policies and recommend a formal Cyber strategy. The Department of Defense doesn’t appear to be immune from a lack of Cyber-compliance either.
How can a Software-defined Workplace help the Government tackle the issues of Cyber Hygiene and Compliance?
Tony Scott outlined the key areas of focus for the 30 day sprint, some of which agencies have been struggling to adopt for years. Several of these areas are naturally addressed by transitioning to a Software-defined Workplace, which combines the power of Virtualization, Mobility and Networking to create a Secure Government Workspace:
- “Dramatically accelerate” the use of PIV Cards and other forms of multi-factor authentication.
Citrix Secure Government Workspace has natively supported PIV cards and multiple forms of multi-factor authentication across various endpoints (Win, OSX, Linux, iOS, Android, Zero clients) for years. This same Workspace can enforce multi-factor/PIV authentication for Windows/Web Apps that weren’t originally built for PIV. This can help save on application development costs associated with meeting this authentication mandate for existing legacy applications.
- Protecting Data: Better protect data at rest and in transit. Citrix’s Secure Government Workspace can ensure all data in transit is encrypted using FIPS 140-2 compliant algorithms, allowing data to be accessed securely when over unsecure networks including Web Apps, VPN, Mobile Access or virtual remote access. Our Workspace solution can also be completely virtualized negating the need for any data-at-rest on the end-user device therefore reducing data exposure. For instances where data must be stored locally due to network connectivity concerns (e.g. mobile devices), all data-at-rest can also be encrypted using FIPS 140-2 compliant algorithms.
- Standardizing and Automating Processes: decrease time needed to manage configurations and patch vulnerabilities. Keeping Applications and OSes patched is an arduous process, which needs to be 100% compliant in order to be an effective cyber-defense. Virtualizing Servers, Desktops and Applications as part of a Secure Workspace solution can provide simplified image management of Applications and Operating Systems. Once virtualized, patching is done once in the data-center where it can be controlled and compliant, then delivered everywhere instantly.
- Reducing Attack Surfaces: Decrease complexity and number of things defenders need to protect.
Network simplification and consolidation ensure critical entry points into secure Govt networks can be controlled and secured. A Unified Gateway in the DMZ can help consolidate existing multiple network appliances that are managed and patched separately creating network complexity. This consolidated DMZ appliance can help simplify external access methods for all remote users and applications; enforcing authentication and authorization at the border before allowing entry into the network.
Ensuring adherence to a well thought out Cyber policy can ensure our nation’s most valuable assurance resources within DHS, CYBERCOM and the IC can focus on the real threats instead of reacting to preventable breaches.
Although not a magic bullet, a secure Government Workspace can help to address Cyber-Hygiene to enhance the security posture of any agency. How are you using Citrix solutions to improve your agency’s Cyber posture? Would love to hear your ideas in the comments section below.