With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
The last year has brought about incredible change in the federal workforce, and it shows no sign of stopping. With a new Director for the Office of Personnel and Management (OPM) confirmed, the next several months will bring new energy and activity to formalizing and standardizing workplace policies, processes, and approaches for the "new normal" of a digital-first government.
The move to telework changed how many people view and even perform their jobs. Before the pandemic, telework was sporadically used throughout government and viewed pretty skeptically. Now that the genie is out of the bottle, it's clear that government can continue to function without people in office buildings from 9am-5pm. As in-person work starts to come back around, the new shift will be in defining and managing a hybrid workforce.
In regards to remote working, the general consensus seems to be, "you can't put the genie back in the bottle."
A good portion of the government workforce has been working from home for the past year, and the world has continued turning. In fact, some agencies report productivity is up since teleworking became the norm. While people will return to the office, it will look different with many alternating office days with days they work from home. The past year has shown us that working arrangements do not necessarily need to be confined to an office. And, when we also remove the stress of students learning from home, caring for homebound elderly parents, and a pandemic in general, employees may realize a new level of balance and job satisfaction.
To support the continued success of remote work, agencies need to shore up the IT that was put in place to simply keep the trains running on time. Some technology was implemented quickly to meet the immediate need, and now is the time to take a hard look at all of those solutions to see if they will scale to meet the long-term reality of a dispersed workforce.
With telework expected to stay long after the pandemic ebbs, government agencies are looking to shore up the remote work solutions they put in place to ensure on premise security measures extend to the dispersed workforce. Multi-cloud environments are the reality for almost every agency. The many applications needed for the diverse functions of an organization require multiple cloud solutions to provide the specific support needed.
A report from Meritalk, Multi-Cloud Defense: Redefining the Cyber Playbook, found that 83 percent of respondents are increasing multi-cloud adoption to support telework and mission needs related to COVID-19. However, 42 percent said their cyber strategies cannot keep up. One part of the challenge is creating a solution that can be applied to the wide variety of endpoint devices and meeting enterprise security requirements.
More than finding cost efficiencies with cloud, government has realized its adoption is critical to business continuity. With mandatory telework as a result of COVID-19, organizations that have been proactive in their move to cloud found themselves able to quickly adapt and continue business as usual in very unusual times. Organizations that did not prioritize cloud found themselves scrambling to give employees access to the technology they needed to do their work.
Luckily, policies including the Cloud Smart mandate helped put more people in the first category than the second. A study completed in March (before pandemic telework began) found that 71% of federal respondents agreed that Cloud Smart was driving cloud adoption. In addition to Cloud Smart, the FedRAMP program also helped drive cloud adoption leading up to and during the pandemic. In 2020 alone FedRAMP added 200 authorized products and are on track to authorize over 60 cloud service offerings. The program has also achieved over 1,850 reuses of cloud products.