When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security architecture, federal agencies could connect to the internet however and wherever they wanted, resulting in hundreds of different connections for each agency.

With more than a hundred different agencies and federal executive branch departments, this created thousands of unique points of entry to the internet, making it nearly impossible to monitor and secure each connection.

Implementing TIC security required agencies to create specific ingress and egress points, thus providing the government with a methodology for securing those connections. TIC’s overall goal was to enhance agencies’ ability to monitor for malicious incoming network traffic—and it’s served that purpose well.

However, TIC security was designed for the traditional, on-premises data center. With so much data now in the cloud and more being added every day, agencies have less monitoring control. Why? Because, while it may initially pass through a TIC on its way, that data then resides in the cloud, meaning agencies lose the opportunity to monitor who is accessing and leveraging that data.

Furthermore, TIC security predates the federal government’s current “cloud-first” policy, which focuses on increasing cloud adoption—a major federal IT modernization goal. These competing priorities create a huge challenge for agencies. After all, while the goal of the TIC program is to limit the number of network Internet connections, cloud computing relies on leveraging numerous internet access points for efficiency and speed.

So, how can agencies translate TIC policies to ensure the best security for their cloud-first endeavors?

Replicate TIC Infrastructure

To start, federal agencies can work with cloud service providers to replicate a TIC infrastructure in the cloud. CSPs can implement monitoring services and data flow logs to track who is leveraging your data and applications and the endpoints from which they’re being accessed. This enables agencies to monitor for malicious traffic, just as a TIC traditionally would.

Keep in mind, you’ll need a CSP solution that is already FedRAMP-approved or is capable of passing the approval process to ensure its cloud service offering meets certain security requirements. FedRAMP was established to provide a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. This, in turn, ensures effective, repeatable cloud security for agencies. Given the vast amount of data in agencies’ care, incorporating this type of infrastructure provides agencies with an opportunity to inspect and protect that data as it enters and exits the cloud, replicating the on-premises security that agencies have in place today.

Start at Application Level

When it comes to securing network infrastructure for agencies, security is typically put in place to protect the infrastructure as a whole, including everything and everyone on the network, with TICs in place to monitor traffic. So far, this approach has worked just fine. But, as federal agencies shift deeper into cloud technologies and store more data and software off-premises, the limitations of such traditional security practices will become more apparent.

Instead, security should be written into these cloud environments and applications as they are developed, instead of retroactively implementing security measures which only rely on the networks on which these applications live, as has traditionally been the case. Not only will this help to better protect these applications and cloud environments, but it also creates defense in depth should any malicious actors breach the infrastructure security gate.

Secure the Data Itself

With so many agencies and organizations migrating to public cloud environments, it’s difficult to guarantee that other systems within that cloud are entirely secure, creating potential vulnerabilities for your data. Instead of focusing solely on securing the cloud environment as a whole, agencies should focus on securing the data itself.

Start by identifying where your data is stored and which data requires enhanced security. Once you’ve established a better understanding of your data, you can implement a data security strategy to protect the most sensitive information.

As cloud adoption continues, it’s critical that we make those environments—and the data stored within—as secure as possible. Although seemingly at odds with one another, it is possible to bring TIC and cloud-first policies together toward the common goal of protecting agencies’ sensitive federal data—not to mention the countless citizens those agencies serve.


This article was originally featured on Nextgov

Related Blog Posts

See All Blogs

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

A Bridge to the Cloud

For federal agencies, the move to the cloud can be a daunting task. CIOs face an array of challenges in making the transition — from worries about data security, to concerns for budget and resources, the task requires a concerted…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

TechTarget: IBM Business Partners Mull Benefits, Risks of Red Hat Acquisition

IBM business partners have begun recalibrating strategies in the wake of the vendor's announcement that it would acquire open source software vendor Red Hat. IBM, which plans to purchase Red Hat for $34 billion, sparked a wildfire of questions this…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

GCN: 3 Considerations Before Moving to the Cloud

Despite the urgency of IT modernization and the federal government's cloud-first mandate, many agencies unfortunately still find themselves lagging when it comes to cloud adoption. While cloud migration is a massive endeavor, it doesn’t have to be unmanageable, let alone…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

4 Cloud Collaboration Investments You Should be Making

Cloud migration is a top priority for federal agencies, making for a rising demand for As-a-Service offerings. Meanwhile, agencies are still trying to plan and budget for cloud strategies, often from scratch. This creates a unique challenge for federal IT teams:…

TechTarget: JEDI cloud contract looms large for customers, providers

Public sector IT and private sector IT can be very different animals, but a looming decision by the Department of Defense has the potential to send shock waves through both sides of the IT world. In this article from TechTarget,…

GCN: Building a Better Agency Through Software Orchestration

In federal IT, there is sometimes fear that software orchestration will render the technology professional’s role obsolete. This mindset, however, is misguided. In reality, the exact opposite is true: Orchestration has the potential to not only make federal IT workers’…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

GCN: How to Leverage Containers for Cloud Migration

With the passage of the Modernizing Government Technology Act in December, federal agencies find themselves with a unique opportunity to innovate and update their legacy IT infrastructure. A top priority in their modernization endeavors? Transitioning legacy applications to the cloud.…

Platform-as-a-Service and Application Development Key to IBM Transformation

With IT customers increasingly turning to Platform-as-a-Service offerings, major technology manufacturers are following suit — including IBM. In this article for TechTarget's SearchITChannel, Force 3's senior director of software sales engineering Charles Fullwood discusses IBM's evolution to include as-a-service platforms…

Best Practices for Thwarting Insider Threats

Testing the excerpt override field.

Dark Reading: 3 Tips to Keep Cybersecurity Front & Center

In today’s environment, a focus on cybersecurity isn’t a luxury. It’s a necessity, and making sure that focus is achieved starts with the company’s culture. For IT departments — especially in large organizations — daily operations are complex, multifaceted, and…

NextGov: Overcoming Cloud Adoption Obstacles

Federal agencies face many challenges when modernizing their technology infrastructure, particularly when transitioning to the cloud. But those challenges are hardly insurmountable, and the fear surrounding cloud is largely unwarranted. Whether it’s security, compliance or overall strategy, the first step…

IoT & The Intelligent Edge: Defending Outside The Firewall

The Internet of Things, though still evolving, has pushed its way into the workplace. The result? CSOs are working overtime to keep up. What’s the protocol for these connected devices, and how do they fit into the existing security infrastructure?…

GCN: The Hidden Challenges of Federal IT Modernization

In the next three years, an estimated $3 billion worth of federal IT equipment will reach end-of-life status, according to former U.S. Federal CIO Tony Scott. It’s an intimidating number, and one that indicates just how far-reaching the need is…

Stealthwatch vs. Insider Threats

In an evermore threatening cybersecurity landscape, how can organizations protect themselves from one of the greatest security risks of all: The Insider Threat. Did you know? 66% of cyber attacks in 2015 were carried out by insiders. 74% of organizations…

Cisco & Google Partnering on Hybrid Cloud

Cisco and Google Cloud executives took the stage at the 2017 Cisco Partner Summit to talk about the companies' collaboration on hybrid clouds, containers and Kubernetes. In this article for TechTarget's SearchITChannel, Force 3 Senior Vice President of Client Solutions…

Insider threats: 4 vulnerabilities you’re missing

Here are four insider threat vulnerabilities that are undervalued and what we can do about them.

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.