HHS Can Use Cloud Web Isolation to Stop Cybersecurity Threats without Impacting Productivity.
The U.S. Department of Health and Human Services (HHS) has been on the front lines of the Covid-19 pandemic, working with other federal departments to coordinate national policy and responses to address the public health crisis. However, just as in enterprises around the world, HHS has had to deal with shelter-in-place orders and work-from-home policies that have scattered users out from behind the data security perimeter to home offices. The ability of employees to log in to critical systems in the middle of a global pandemic is mission critical and a national security priority, but the department’s systems and the data that powers them need to continue to be secured without impacting business continuity or the native user experience.
A Mission that Saves Lives
According to the Pandemic Response Accountability Committee, HHS’s mission during the pandemic is threefold. First, HHS needs to provide guidance and oversight on preventing disease spread and developing potential vaccines and treatments. Second, HHS is responsible for appropriating $251 billion for Covid-19 response—including Provider Relief Funds for hospitals and other health care providers on the front lines. Finally, HHS also needs to protect critical health infrastructures such as medical equipment, the national stockpile of PPE, and the computer systems that power operations. Executing on this mission requires reliable, consistent, and fast access to applications and data.
Unfortunately, national emergencies also bring out the worst in people. The massive amount of information that HHS creates, stores, and shares makes it an enticing target for cybercriminals. According to the fiscal year 2020 budget request, HHS is the repository for information on bio-defense, development of pharmaceuticals, and medical information for 100 million Americans, as well as other sensitive information. As a result, HHS is an attractive target for cybercriminals seeking economic gain, as well as nation-states that may seek to compromise the security of government information and gain economic, military, or political advantage.
The Covid-19 pandemic—as is the case with most national emergencies, unfortunately—has given malicious actors another avenue to play on people’s anxiety: stealing their personal information. In fact, according to Menlo Research, 50 percent of all phishing attacks impersonating financial services companies leveraged a Covid-19 topic—the majority of which tricked users into visiting false websites to steal personal information.
It is the responsibility of the Office of Information Security (OIS) to protect users from attacks originating from email or the web. But existing cybersecurity tools—including legacy secure web gateway (SWG) solutions that rely on a detect-and-respond approach—are ill-equipped to stop these increasingly sophisticated attacks. You can’t detect something you don’t know you’re looking for, nor can you scale local Internet breakouts to every remote user.
Cloud Web Isolation
The Menlo Security Cloud Platform, powered by an Isolation Core™, serves as a next-generation secure web gateway by isolating all web and email traffic in a remote browser in the cloud. All content—whether it is deemed malicious or not—is executed far from the end user’s device, and only safe content is rendered on the user’s browser. This isolation is especially critical as HHS employees continue to work from home during the Covid-19 global pandemic. According to the Pandemic Response Accountability Committee, remote access to classified data through increased telecommuting is setting the stage for ongoing assaults that put systems and personnel at risk.
With the Menlo Security Cloud Platform, security policies are delivered through the cloud and can scale infinitely, following HHS employees wherever they log in—whether it’s a home office, a satellite office, or public Wi-Fi. This Zero Trust approach delivers uncompromising security against malware, ransomware, and zero-day attacks, which constitute the vast majority of threats to essential federal systems and data. Most importantly, Menlo secures web browsing and email without impacting the native user experience. Employees of HHS would be able to access mission-critical tools and information from anywhere—and still be protected by the department’s strict security policies.
Other federal agencies trust Menlo Security’s cloud web isolation solution to protect users and highly sensitive government information from cyberattacks. The DISA Cloud Based Internet Isolation (CBII) was awarded to the By Light Professional IT Services LLC and Menlo Security Team which removes the browsing process from the desktop and moves it to the cloud—effectively creating an “air gap” between the Internet and enterprise networks. The successful implementation of this effort will directly enhance the ability of military and civilian personnel to defend the Department of Defense Information Network (DODIN).
HHS’s mission is too important to leave users and their data vulnerable to attacks. Download the new ebook "Reimagining Online Security for Federal Agencies" to learn more about how HHS can use cloud web isolation to safeguard our nation’s health information