The global pandemic further accelerated a trend toward remote work that was already underway, even in federal, state, and local agencies that previously resisted it. But as agencies continue to offer telework options to employees, they must also rethink their security stack to better mitigate the cybersecurity risks that remote work catalyzes.
Traditional, perimeter-based approaches to security will no longer work in a cloud-first environment where data can, and is, accessed from just about anywhere. And agencies without a plan for applying zero trust principles to every interaction with that data will increasingly find more blind spots in their overall security posture.
In a recent survey of 230 federal, state, and local government employees, Netskope and GovLoop found that employees have readily adopted the flexibility and other benefits that come from remote work, but that traditional technologies such as virtual private networks (VPN) that are used to support secure connectivity from remote locations have struggled to keep up, either in security, or network performance, or both. Over 90% of survey respondents said VPN use among their agencies went up by at least 25% during the past year, but more than 75% report VPN performance problems.
This seismic shift in work habits and access locations is a good opportunity to rethink technology priorities in support of secure access service edge (SASE), an emerging framework for converging formerly separate security and networking functions into a single, flexible, fully integrated architecture. VPN is just one example of a formerly dominant technology struggling to keep up with today’s cloud security and network performance demands; modern architecture needs to combine cloud access security broker (CASB), Next Generation Secure Web Gateway (NG-SWG), and Zero Trust Network Access (ZTNA) capabilities as foundational for SASE and, in the case of public sector agencies, to effectively follow the Department of Defense’s Zero Trust Reference Architecture and the National Security Agency’s Cybersecurity Information Sheet.
These models reward a gradual transition, understanding that long-in-place tools, such as VPN, can’t just retire overnight. But the shift toward cloud resources in the public sector is inevitable, and still speeding up—more than one-third of agencies surveyed by Netskope and GovLoop increased the use of cloud solutions by 50% or higher, and cloud security as a whole is now viewed as a strategic priority.
Get the full research brief from Netskope and GovLoop, “Putting Security Front and Center in the New World of Hybrid Work,” for practical advice and next steps for public sector IT leaders.