With sophisticated cyberattacks persistently aimed at both public and private sectors, Federal IT teams have a growing cybersecurity challenge. Smooth operations of the Federal government depend on a mix of on-premises resources and cloud services. Telework is an ongoing necessity for many staff as the pandemic continues. Mobile devices are essential everywhere, and increasingly sensors and other IoT devices are instrumental in both administrative and mission operations.
As nation-states step up efforts to disrupt our government and threaten the American way of life, Federal IT leaders are taking decisive action to modernize cybersecurity. The Biden Administration’s 2021 Executive Order on Improving the Nation’s Cybersecurity calls for bold changes as the Federal government improves efforts to identify, deter, protect against, and respond to malicious actors amid the continuously changing threat environment.
The Executive Order calls out specific cyber strategies, including a Zero Trust framework, to defend American institutions and people. A Zero Trust framework trusts no one and nothing, whether inside or outside an organization’s network. All users, devices, servers, and network segments are assumed to be inherently insecure and containing a threat. These risks can be mitigated by applying rigorous best practices and controls to previously trusted network resources.
6 Reasons to Add SASE to a Zero Trust Strategy
Secure Access Service Edge, or SASE, is increasingly considered to be an important element in a Zero Trust approach.
SASE can ensure complete visibility from client to cloud, with policy-based access authorization and continuous validation of all users and devices as well as attack detection and response. As an architecture, SASE combines branch WAN edge functions, including SD-WAN, network segmentation, zone-based firewalls, and WAN optimization capabilities with comprehensive cloud-delivered security services.
Including SASE as part of a Zero Trust approach can help Federal IT:
- Strengthen network security from client to cloud. SASE allows Federal IT leaders to improve network security to protect personnel in working offices, homes and other locations—all the way to government cloud and private data center resources. Importantly, SASE can also improve the user experience. With SASE, SD-WAN edge functions enable IT to provide their agency staff with direct, secure access to applications and services, regardless of where those resources are hosted and where users and devices are located. In a traditional WAN, application traffic that is ultimately destined for the internet or cloud must first travel from the remote site to the data center for security inspection or other network functions. In today’s hybrid, multicloud world, this approach is not efficient. The legacy architecture places a heavy load on data center firewalls to inspect all traffic and the additional latency impacts the user experience and makes scaling more difficult.
- Continuously enforce security controls over IT and OT devices. When SASE is integrated into a Zero Trust approach, IT has clear visibility into what devices are connected to their networks, whether IT or IoT. Access to the network is controlled based on factors such as user identity, device identity, role, application, time of day, and location. Access privileges are continuously validated against security policies and may be dynamically changed based on real-time threat data. The endpoint is a common attack vector, providing an entry point into the trusted network. Protecting and securing mobile devices, servers and other IT systems is critical, as is the operational technology and IoT devices that ensures safety and guides operations.
- Leverage more connectivity options. SASE’s SD-WAN capabilities give agencies greater flexibility to connect administrative offices, faraway sites and teleworkers’ homes. With an SD-WAN, IT can choose the ideal combination of connectivity types, including MPLS, 4G/5G/mobile, satellite, and broadband internet, based on mission requirements, service availability, and cost. With built-in intelligent traffic management, an SD-WAN can monitor for service interruptions from end to end and automatically reroute traffic to ensure that mission operations are uninterrupted.
- Simplify network segmentation. With an advanced SD-WAN that supports granular segmentation, different departments or agencies can securely share the same network infrastructure, with logical separation to maintain privacy and service levels. IT can move way from complex and cumbersome VLAN traffic segmentation. And, a SASE framework ensures that the same controls applied to campus and branch networks are applied to teleworkers and other remote locations. Stringent identity and role-based access controls are enforced from the edge to the cloud.
- Easily integrate new security controls into your ecosystem. As Federal IT leaders protect cyberspace in a dynamic threat environment, it is critical to apply new security controls within the existing environment. A best-of-breed approach to Zero Trust and SASE allows agencies to choose the network and security services that best fit each mission objective.
- Deploy network and security services on-premises or in the cloud. Flexible deployment options for Zero Trust and SASE services are critical for Federal IT, permitting agencies to choose the best approach for deploying network and security services on-premises, at the edge, or in the cloud, or any combination thereof. Although the Federal objective is cloud-first, there are many use cases where data must be maintained on-premises.
Aruba is Committed to Secure Networking
Biden’s Executive Order calls on the Federal government to lead by example by modernizing cybersecurity, removing barriers to sharing threat information, and enhancing software supply chain security.
Aruba has long been a leader in delivering secure networking to Federal, both military and civilian. We continue our commitment to secure mobility with Aruba ESP (Edge Services Platform).
Aruba ESP, which enables both Zero Trust and SASE security frameworks, increases protection levels while simplifying operations. Federal IT can extend network security from edge to cloud, with full visibility, control and enforcement, while improving the application experience for users and devices. Aruba has long maintained a broad ecosystem of network and security partners, and IT can pair Aruba’s SD-WAN and identity-based network access control solutions with leading cloud security providers like Zscaler, Netskope, Check Point, and Palo Alto Networks.