Zero Trust for federal agencies

Internet Isolation Enables a Zero Trust Approach That Protects Remote Users from Cybersecurity Threats without Impacting the User Experience.

Federal agencies are being forced to rethink the way they empower public servants with the tools and information they need to make government work. Even before the Covid-19 global pandemic, agencies were undergoing digital transformation in an effort to create efficiencies and be more responsive to citizens. Then, as government employees and contractors moved from their office cubicle to their dining room table—literally overnight—federal IT organizations had to scramble to enable application access to a nearly 100 percent remote workforce.

Now, with recovery still months—if not years—in the future and the increasing likelihood of never returning to work in the way it used to be, federal agencies are under pressure to build new network infrastructure that provides a quality application experience for remote users without exposing sensitive government information.

The security vs. experience dilemma

Traditional cybersecurity architecture relies on antiquated solutions such as sandboxing, whitelists, and URL filtering to detect malware, ransomware, watering holes, drive-bys, and other web- and email-based attacks. This architecture requires routing all traffic through a global web proxy at the perimeter of the network, where security professionals could monitor workloads and apply the appropriate security policies.

Now that users, applications, and data largely sit outside the data center, routing all traffic back to the data center is no longer feasible. VPNs and split tunneling cause security, performance, and scalability problems as well—leaving federal cybersecurity professionals with a dilemma. Do they open up the Internet in the service of the user experience, or do they lock everything down to protect sensitive information but make many web-based tools unusable for remote users?

A third option: Zero Trust Powered by Isolation

The core tenet of Zero Trust is that no traffic should be trusted, even packets that originate from inside an organization. This includes the idea that all browser-based Internet traffic should be treated as malicious and should be isolated from endpoint devices—preventing threat actors from accessing users’ devices, where they can then spread malware to other devices and the rest of the network.

Isolation enables the Zero Trust approach by routing all web-based traffic through a next-generation secure web gateway, where it is executed in a cloud-based remote browser and prevents any traffic from executing on end users’ devices. Delivered through the cloud, security policies can scale infinitely and follow federal employees wherever they log in—whether it’s a home office, a satellite office, or public Wi-Fi—ensuring that users are still protected by the department’s strict security policies without impacting the native experience.

Security without compromise

It’s likely that the New Normal is here to stay. Federal employees may not work exclusively at home forever, but many will still need to log in and access on-premises systems, cloud apps, and Software as a Service (SaaS) platforms from outside the network perimeter. IT organizations throughout the government need to rethink how they empower these newly remote users without impacting application availability and user experience, and without putting sensitive information at risk from web- and email-based attacks. Zero Trust powered by Internet isolation allows federal agencies to extend data center security policies and user experience to remote workers in a cost-effective, scalable manner.

Learn more about Menlo Security’s Zero Trust approach.