A Zero Trust Security Approach for Government: Increasing Security but also Improving IT Decision Making

Public sector organisations are in the middle of a massive digital transformation. Technology advances like cloud, mobile, microservices and more are transforming the public sector to help them deliver services as efficiently as commercial businesses, meet growing mission-critical demands, and keep up with market expectations and be more agile.

This allows public sector employees and constituents to work remotely and have access to their organisation’s applications and services, from anywhere at any time using any device. While digital transformation and cloud migration can help departments reap many benefits such as efficiencies, agility, and happy citizens, it moves precious data out of the perceived safety of on-premises systems. This has subsequently led to the dissolution of the traditional enterprise perimeter.

This transformation also opens new avenues for cyberthreats and expands the attack surface. Fears tied to these threats and the perceived challenges of moving to the cloud have slowed down the government’s migration and adoption of modern tools and is perhaps one of the main reasons many legacy systems still dominate in the UK government.

Governments across the world should assume they’ve already been compromised and take the necessary steps to protect themselves. With this mindset, every user, device, and service that requires access is considered hostile, even if it is a known and approved entity.

The traditional approach is to collect data at the rapidly eroding perimeter, subsequently ignoring users as they continue into the network. Zero-trust architectures require government departments to continuously monitor, detect, evaluate, and enforce policy as users move about the network.

By definition, a successful zero trust security program must:

• Assume the network is always hostile.
• Accept that external and internal threats are always on the network.
• Know that the location of a network locality is not enough to decide to trust in a network.
• Authenticate and authorise every device, user, and network flow.
• Implement policies that are dynamic and calculated from as many data sources as possible.
• Log/audit every device, user and object action, and network flow.

Our approach is to offer a continuous monitoring and analytics solution for chief information security officers (CISOs) and security professionals who need to ensure secure access to their data and applications in the modern, perimeter-less enterprise. This helps drive confidence and ongoing trust in access decisions while ensuring component performance, policy adherence and availability across the zero-trust ecosystem. It is important to be able to ingest data from any source, monitor its infrastructure end-to-end, to optimise and increase effectiveness of the zero-trust ecosystem.

By deploying these tools, you can increase confidence and trust in access decisions to enterprise resources by continuously monitoring and delivering visibility and context across users, assets, and services. Through delivering full-stack visibility into service health, component relationships and infrastructure, ensuring performance and availability, and predicting issues before they happen with machine learning, it will help reduce manual effort, analyst fatigue and costs by enforcing zero trust policies through task automation and workflow orchestration.

This design allows departments to collect enormous amounts of data that can be used to build patterns, trends and analysis that has value far beyond security. Such data can be also used to determine application load demands, maintenance timing, needs for network or system upgrades and much more.

Implementing zero-trust architectures is an opportunity for UK Government Departments to both significantly augment department security postures while also increasing the amount of data that can be leveraged to improve decision making across their IT infrastructure.

For further information please see the following links:

• The essential guide to Zero Trust: https://www.splunk.com/en_us/form/the-essential-guide-to-zero-trust.html
• How zero trust helped insulate Splunk from supply chain attack: https://www.cyberscoop.com/radio/zero-trust-help-insulate-from-supply-chain-attack/
• A guide to embracing a zero trust security model in government: https://www.splunk.com/en_us/pdfs/resources/e-book/zero-trust-security-model-in-government.pdf

To make contact with a Splunk expert please email pubsec_uk@splunk.com.