Across all levels of government, traditional practices have required staff to travel to an office to complete their daily work tasks. With most starting and ending at the same time, peak-hour crushes in lifts and on public transport are a normal feature of the workday.
Fast forward just a couple of months and the world has changed dramatically. The vast majority of public-sector staff are continuing to work from home with only frontline and customer service teams reverting to office life. Even when current lockdown rules are relaxed, many staff will continue to remain at home.
This seismic shift in work practices poses significant challenges when it comes to IT security. Staff still need to access core applications and data stores but, rather than using the office network they must do so remotely over the public internet.
In the pre-COVID workplace, IT security was typically provided through the deployment of a firewall and other security technologies. Everything within this digital perimeter was then deemed to be
secure and staff could freely access the resources they required.
Now, things are very different. A staff member is just as likely to be working from a home office, potentially using a private personal computer or mobile device. Access will often be via an in-home Wi-Fi network and a retail internet connection.
When only a relatively small proportion of department or agency staff were working remotely, this challenge was overcome through the use of virtual private networks (VPNs). VPNs create a secure and encrypted link from the user’s home-based device into the department’s data centre and network. The worker can then be treated in the same way as they would be when based in the office.
However, traditional VPNs have numerous limitations which are exacerbated when remote worker numbers explode. Departments are forced to increase VPN capacity in their data centres or find an alternative approach. In order to facilitate the significant increase in numbers some have turned to VPN concentrators located in disaster recovery facilities. While these were supposed to be kept in reserve for when disruption hit the main data centre, they’re now being put to work to support home-based staff.
Other departments have rushed to purchase and deploy new VPN concentrators. While this can be done, it requires additional capital expenditure . The hardware typically takes months to ship, requires sometimes weeks to set up, is constrained by capacity limits and creates a poor experience that impacts user productivity. VPNs force traffic to be backhauled through a datacentre just to get access to the Internet, SaaS applications or public cloud applications, leading to unwanted latency. Not to mention, this forces IT to invest in expensive, short-term, fixes that lead to purchasing outdated infrastructure that may never result in a return on investment once COVID-19 is over.
The challenge becomes even more acute when staff are expected to use cloud-based resources such as Microsoft Office 365 and Teams. With VPN security in place, traffic from a home office must be transmitted firstly to the central data centre and then out to the Microsoft cloud. Returning data must come back via a similar path.
The result is often significant decreases in performance when compared with the usual in-office experience. Slow response times and issues with availability have a big impact on productivity which leads to rises in user frustration.
The benefits of a ‘zero trust’ approach
A better approach for government departments and agencies is to adopt a security strategy dubbed ‘zero trust’. The zero trust architecture shifts security functions to focus on protecting the user/device in any location, rather than securing a network perimeter that is eroding away. This ensures that users get secure, fast, and optimized connections, no matter where they are connecting from or device they are using.
Once all the components of an IT infrastructure have been secured, the perimeter becomes meaningless. Users can access cloud services directly and enjoy the same high levels of performance from data centre-based applications and stores.
Unfortunately, industry research shows that less than 10 per cent of public-sector departments and agencies have so far embraced zero trust. However, with working patterns now irrevocably changed, this number is expected to increase quickly.
Taking the time today to investigate this strategy and how it can add value to workers in your department or agency will pay big dividends in the future. It’s time to begin your journey to zero trust now.