When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security architecture, federal agencies could connect to the internet however and wherever they wanted, resulting in hundreds of different connections for each agency.

With more than a hundred different agencies and federal executive branch departments, this created thousands of unique points of entry to the internet, making it nearly impossible to monitor and secure each connection.

Implementing TIC security required agencies to create specific ingress and egress points, thus providing the government with a methodology for securing those connections. TIC’s overall goal was to enhance agencies’ ability to monitor for malicious incoming network traffic—and it’s served that purpose well.

However, TIC security was designed for the traditional, on-premises data center. With so much data now in the cloud and more being added every day, agencies have less monitoring control. Why? Because, while it may initially pass through a TIC on its way, that data then resides in the cloud, meaning agencies lose the opportunity to monitor who is accessing and leveraging that data.

Furthermore, TIC security predates the federal government’s current “cloud-first” policy, which focuses on increasing cloud adoption—a major federal IT modernization goal. These competing priorities create a huge challenge for agencies. After all, while the goal of the TIC program is to limit the number of network Internet connections, cloud computing relies on leveraging numerous internet access points for efficiency and speed.

So, how can agencies translate TIC policies to ensure the best security for their cloud-first endeavors?

Replicate TIC Infrastructure

To start, federal agencies can work with cloud service providers to replicate a TIC infrastructure in the cloud. CSPs can implement monitoring services and data flow logs to track who is leveraging your data and applications and the endpoints from which they’re being accessed. This enables agencies to monitor for malicious traffic, just as a TIC traditionally would.

Keep in mind, you’ll need a CSP solution that is already FedRAMP-approved or is capable of passing the approval process to ensure its cloud service offering meets certain security requirements. FedRAMP was established to provide a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. This, in turn, ensures effective, repeatable cloud security for agencies. Given the vast amount of data in agencies’ care, incorporating this type of infrastructure provides agencies with an opportunity to inspect and protect that data as it enters and exits the cloud, replicating the on-premises security that agencies have in place today.

Start at Application Level

When it comes to securing network infrastructure for agencies, security is typically put in place to protect the infrastructure as a whole, including everything and everyone on the network, with TICs in place to monitor traffic. So far, this approach has worked just fine. But, as federal agencies shift deeper into cloud technologies and store more data and software off-premises, the limitations of such traditional security practices will become more apparent.

Instead, security should be written into these cloud environments and applications as they are developed, instead of retroactively implementing security measures which only rely on the networks on which these applications live, as has traditionally been the case. Not only will this help to better protect these applications and cloud environments, but it also creates defense in depth should any malicious actors breach the infrastructure security gate.

Secure the Data Itself

With so many agencies and organizations migrating to public cloud environments, it’s difficult to guarantee that other systems within that cloud are entirely secure, creating potential vulnerabilities for your data. Instead of focusing solely on securing the cloud environment as a whole, agencies should focus on securing the data itself.

Start by identifying where your data is stored and which data requires enhanced security. Once you’ve established a better understanding of your data, you can implement a data security strategy to protect the most sensitive information.

As cloud adoption continues, it’s critical that we make those environments—and the data stored within—as secure as possible. Although seemingly at odds with one another, it is possible to bring TIC and cloud-first policies together toward the common goal of protecting agencies’ sensitive federal data—not to mention the countless citizens those agencies serve.


This article was originally featured on Nextgov

Related Blog Posts

See All Blogs

4 Security Lessons Federal IT Pros Can Teach the Private Sector

Whether in the private or federal space, there's one thing all IT security teams must deal with: making the most of limited resources to protect sensitive information. And while budgets are slow to increase, threats develop fast. Anyone with an…

Protecting your Agency from Phishing

As we spend an increasingly large percentage of our time online, we’ve become aware of the malicious tactics used to trick us into downloading malware or betraying our credentials. Even as our built-in threat detection improves, we risk letting it…

NextGov: Security Doesn’t Have to Be a Sticking Point in Cloud Migration

Despite the innovations and efficiencies that come with cloud migration, only about 20 percent of federal agencies have migrated their applications and data to the cloud. Why such a low adoption rate? One reason is the challenge of securing data.…

Fifth Domain: How Agencies Can Protect Legacy IT As They Modernize

Cybersecurity threats grow more sophisticated every year. And while the federal government has pushed forward with efforts to modernize IT, some legacy systems pose unique challenges. Often, these systems remain static even as the landscape around them continues to change.…

What You Need to Know about Data Privacy

Data privacy is the crossroads of confidentiality and integrity. When data is shared, either voluntarily or involuntarily, there’s an expectation that the collected information will be kept confidential. In general, data privacy is really about identity—social security numbers, credit card…

Cyberattacks and the DHS Directive – It’s Time for your Agency to Improve Your Authentication Protocols

By now CIOs across the federal government have seen Emergency Directive 19-1 issued by the Department of Homeland Security, which was issued in response to cyberattacks on DNS infrastructure for several executive branch agency domains. In these attacks, outsiders compromised…

NextGov: Prioritizing for Migration to the Cloud

The Cloud Smart strategic framework for cloud migration has given federal agencies some reassurance that their transition to the cloud doesn’t have to be focused solely on a timeline that could disrupt current processes. If carefully planned, the transition will…

NextGov: The Boldest Predictions for Federal Technology in 2019

Everyone is talking about artificial intelligence right now—it’s the buzz of the industry. But not many people fully understand what AI and machine learning can do. Jason Parry, our VP of Client Solutions, shares his prediction on the impact artificial…

Covering Your Blind Spots

Visibility and security are paramount to a network because you can’t have one without the other. As technology develops, and our reliance on internet connectivity grows, new road blocks appear that make visibility harder to achieve. How can CSOs adapt…

GCN: Protecting Critical Internet Infrastructure From IoT Device Risks

As the infiltration of internet-connected devices into nearly every aspect of daily life continues to expand, so do the vulnerabilities and security risks they create for their operational networks. That includes the devices and networks used by federal agencies that…

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

A Bridge to the Cloud

For federal agencies, the move to the cloud can be a daunting task. CIOs face an array of challenges in making the transition — from worries about data security, to concerns for budget and resources, the task requires a concerted…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

TechTarget: IBM Business Partners Mull Benefits, Risks of Red Hat Acquisition

IBM business partners have begun recalibrating strategies in the wake of the vendor's announcement that it would acquire open source software vendor Red Hat. IBM, which plans to purchase Red Hat for $34 billion, sparked a wildfire of questions this…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

GCN: 3 Considerations Before Moving to the Cloud

Despite the urgency of IT modernization and the federal government's cloud-first mandate, many agencies unfortunately still find themselves lagging when it comes to cloud adoption. While cloud migration is a massive endeavor, it doesn’t have to be unmanageable, let alone…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

4 Cloud Collaboration Investments You Should be Making

Cloud migration is a top priority for federal agencies, making for a rising demand for As-a-Service offerings. Meanwhile, agencies are still trying to plan and budget for cloud strategies, often from scratch. This creates a unique challenge for federal IT teams:…

TechTarget: JEDI cloud contract looms large for customers, providers

Public sector IT and private sector IT can be very different animals, but a looming decision by the Department of Defense has the potential to send shock waves through both sides of the IT world. In this article from TechTarget,…

GCN: Building a Better Agency Through Software Orchestration

In federal IT, there is sometimes fear that software orchestration will render the technology professional’s role obsolete. This mindset, however, is misguided. In reality, the exact opposite is true: Orchestration has the potential to not only make federal IT workers’…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.