This blog is the fourth in a series on digital transformation and its implications and benefits for state and local government agencies and programs.
As state and local government organizations consider how to improve services delivery, simplify processes and reduce administrative costs using digital technologies (such as cloud, Big Data, artificial intelligence and the Internet of Things), one major concern is security.
In fact, a survey by the Public Sector Media Group found that 50 percent of respondents were very concerned about security risks related to digital services, while another 33 percent reported being somewhat concerned.
This preoccupation with security is understandable, considering that:
- Cyberthreats continue to escalate and evolve, as seen by the recent ransomware attacks on government entities such as the UK’s National Health Service.
- Citizens’ personal data is a prime target for hackers.
- Many digital technologies – especially cloud and mobile – move data beyond the protection and control of the traditional datacenter.
These trends are all part of the fast-changing cyberthreat landscape, where threat actors are taking advantage of people’s desire to be connected at all times and targeting the evolving enterprise network, which is expanding and becoming increasingly undefined and diffuse.
The Secure Digital Workspace
Digital literacy is increasing, as shown by these stats:
- By 2020, half of the world’s population will be online (4.1 billion Internet users).
- By 2025, Millennials are expected to comprise up to 75% of the workforce. These workers are considered digital natives — people who have been born and raised in the age of digital technologies.
Government agencies and programs are under increasing pressure to provide a fully digital workspace featuring a consumer-like computing experience, combined with greater freedom and autonomy. Industry analyst firm Gartner calls this strategy “digital dexterity.”
At the same time, governments face greater scrutiny from regulators, the media and the public about the strength and reliability of their security posture.
That is why it’s so important to provide a secure digital workspace.
This workspace model has three important attributes:
- Unified: provides a single pane of glass through which IT can configure, monitor and manage the organization’s entire technology infrastructure.
- Contextual: uses machine learning and AI to adapt to each worker’s patterns and exceptions, delivering a personalized experience that reflects the work situation (device, location and network connection).
- Secure: features a software-defined perimeter that grants safe access and full visibility across the network and user ecosystem.
Let’s discuss this new security perimeter in more detail.
The New Software-defined Perimeter
Today’s IT security perimeter must accommodate data and applications that are no longer confined to the government datacenter. Instead, they are being hosted in the cloud and delivered as a service over the network, or downloaded by employees in the field onto their smart devices.
This new workspace is giving rise to a new type of security perimeter – defined by software and continuously adapted through the use of powerful analytics.
Deploying an intelligent, software-defined perimeter means you can secure your organization’s infrastructure, empower citizens and employees, and give IT flexible control.
As described at our 2017 customer conference, Citrix Synergy, Citrix envisions a workspace with security measures based on user behavior (actions and profile) that is analyzed in real time. For example, our new cloud-first solution, Citrix Workspace, relies on a software-defined perimeter based on users and their identity, not just their location or device. This approach extends protection beyond datacenter tools to ensure enforcement for distributed control points, such as mobile devices.
The latest release of Citrix NetScaler, our industry-leading application delivery controller (ADC), is key to the software-defined perimeter. Following are the top enhancements to NetScaler version 12:
- NetScaler Secure Web Gateway protects against malware
- User behavior analytics identify insider threats
- New and stronger ciphers for SSL security keep up with more-stringent compliance and security requirements.
These new features complement existing NetScaler security components, including the WebApp Firewall and NetScaler SD-WAN to secure data across the network and into the cloud.
Balancing Security and Access
Adopting digital technologies in government organizations requires a thoughtful strategy that balances data security with ease of access, and maintains control while optimizing user flexibility.
This is not easy, but Citrix solutions can help. Our virtualization technologies have been chosen by many government entities to deliver better security than traditional distributed computing by enabling apps and data to run in the datacenter instead of being exposed on the device. Our networking technologies reinforce this security posture by protecting against attacks.
Securing the Internet of Things
The explosion of new connected devices, each generating volumes of data that need to be stored, managed, analyzed and secured, requires a technology-agnostic approach to unifying security. All these devices present a wider and more diverse attack surface that is harder to monitor and protect. Software-defined perimeters featuring AI promise to play a major role in authenticating IoT devices, preventing malicious intrusions and making corrections to prevent a recurrence. For more insights, read “Evolving options for securing IoT in the enterprise.”
As digital transformation in government becomes more pervasive, new Citrix technologies offer access controls, real-time analytics and threat prevention tools that are perfectly matched to the way people work today. These solutions meet the demands of digital natives for intuitive, flexible technology tools that meet – and even anticipate – their needs. At the same time, they protect sensitive government data and critical infrastructure from current and evolving threats.
Tackling Today’s Security Threats
Government organizations are in the public spotlight regarding data security. Citizens want reassurance that their personal data is being protected. At the same time, they – and the employees who serve them – demand the freedom to use their preferred devices and connections to access government resources.
Resolving the dilemma of security vs. flexibility requires advanced technology, including machine learning, artificial intelligence and software-defined networking that adapt on the fly to different scenarios. Adopting a secure digital workspace solution featuring these capabilities can empower government agencies to strike an ideal balance between data protection and user productivity.