Automation, agility, efficiency and cost play critical roles in accelerating public sector transformation through the cloud, according to an experienced cybersecurity-focused executive with an eye on the future.
They also are provide a smarter, more progressive approach to protecting data, said Rajiv Gupta, a senior vice president in the cloud security business unit at McAfee, during an Oct. 20 presentation at CyberTalks, the annual summit of government and private sector leaders presented by Scoop News Group.
The need to consider more modern security approaches has taken on new urgency since the COVID-19 pandemic impacted U.S. firms, forcing leaders to reconsider many of their operating assumptions.
“Not only have you seen, in the U.S., employees working from home but, in many cases, the employees accessing large public cloud services,” Gupta said during a keynote presentation. “What we’ve seen is that a threat landscape has changed, the threat vectors have changed, the threat velocity has changed. Some of the environments have changed, as well as the unmanaged device control.”
One solution, Gupta said during CyberTalks, is a new recognition of a zero-trust mentality, which includes the adoption of the technologies that can help security personnel implement those changes.
However, implementing zero-trust principles presents difficulties for many government leaders, he said. Having the right partners at the table — with experience developing the necessary processes — constitutes an important factor to deliver more meaningful outcomes and long-term benefits to the public, at scale.
For such government leaders, it is paramount to understand how risk mitigation techniques have evolved, particularly in the months since COVID-19 resulted in widespread remote work. Previously, security personnel relied on technology that granted access to sensitive data based on the location or portal through which a person utilized their device. The current setup, during a time when employees log in to professional systems from personal laptops or smartphones, results in security teams losing essential visibility, Gupta said.
“I’m thinking of a metaphor of a house with the doors on the front and the site, and at the back, as well,” he said. “It’s important — imperative — that we have zero-trust controls not just on the front door, but on the side and back door controls, as well.”
As an example, Gupta cited Microsoft Teams, popular software used for collaboration in both the government and in the private sector. Technology professionals must enact safeguards on how many users can access a conversation channel, who is allowed, what kind of data can be introduced into that channel and what kinds of information can be extracted.
“You need to make sure that you understand what’s going on on all of these side doors, get the visibility and get the controls on any data flowing in and out on the side doors as well as you do on the front doors,” he said.