Security Transformation Setting the Stage for Cloud Security in the Federal Market
May 28 2020

Setting the Stage for Cloud Security in the Federal Market

The world of cloud security is known for moving fast, turning on a dime, and evolving with ever-growing threat vectors.

The Federal sector, on the other hand, has highly regulated, rigorous standards when it comes to their security, and for very good reason. The data they’re protecting is about as sensitive as it gets, and any exposure is literally a matter of national security. For that reason, many of the same requirements for purchasing an F-22 fighter jet also apply to a VPN or DLP solution.

All of the rigorous vetting and due diligence they perform to make sure a security platform is as close to “bulletproof” as possible is necessary and important. Because of this, they have historically built up many carefully thought out and meticulously vetted security stacks to best fit their mission’s needs.

But at a time like the present, where work situations and security programs are evolving and transforming every week, these important, methodical processes can present some challenges when it comes to making quick changes, but I think I have figured out how this can drive change toward the cloud in the long run.

Setting the stage for change 

From my vantage point in the Federal market, I have a good sense of what many are equipped for, and I know this recent shift to remote working due to COVID-19 is causing some real challenges that require a very different set of solutions than what has been provided in the past.

It’s not that there aren’t agencies already making the shift to cloud though. FEDRamp authorizations are already in place for a reason, and they are the targets that companies like Netskope are striving to hit as we market ourselves and our solutions to these agencies.

But for those agencies who have been slower and more methodical to adapt to the changing security and network trends, they are finding that this increasingly remote working life is full of frustration and mission fatigue. This is particularly the case when it comes to severe latency, as traffic is hair pinned through on-prem solutions. 

Increased latency leads to poor user experience, which leads to these agencies re-evaluating services. And it will require a mindset change. Despite all of the frustrations, though these changes still won’t happen overnight, no matter how frustrating it seems. Past policy and legacy ATO’s actively stand in the way of that, unless top brass put their full weight behind it. 

The real wake up call here is going to be on the other side of this pandemic when agencies realize how much they’re spending relative to how much coverage, visibility, and friction they’re actually getting from their current security solutions. 

Where’s the future of Federal going?

The changes in working habits created from this pandemic will undoubtedly help accelerate shifting security stacks into the cloud, that literally speak the language of the cloud JSON and API. 

In many cases, these agencies already have users who are working in the cloud, using instances of Office 365 or Box. Being able to put controls around these apps, that aren’t siloed off and can communicate with each other, offers better visibility than the legacy solutions some in the Federal sector are still utilizing. And even despite their due diligence, they still offer blindspots for exposures.

Upgrading their stacks will help to better accommodate this “new normal” their users are experiencing. A security stack in the cloud offers all of the security functionality that agencies are looking for, at a cheaper cost, and without many of the latency issues that are likely plaguing their current user experience.

Like I said before, these changes won’t be immediate. They’ll be meticulously tested by the federal government’s rigorous, high standards as the world slowly comes back. But it’s clear that the tides are shifting as the working world becomes more remote and agencies become better educated about security while working in the cloud. In fact, Google recently announced a contract with the Department of Defense’s Defense Innovation Unit to secure and manage its multi-cloud environment with the help of Netskope’s cloud security. In due time, there will be a greater need for affordable security solutions with improved visibility and better communication. And people like me, surrounded by an amazing team, need to be ready to answer the call.