The Federal Communications Commission (FCC) has been on an ambitious modernization journey, taking not just a “Cloud First” approach, but also setting an “All Cloud” goal. Alongside the modernization process, the team recognized they needed to re-tool their cyber infrastructure to achieve the strongest levels of cloud security and keep data and systems secure.
Like many agencies, the FCC started down the cloud path with email. They successfully implemented cloud-based workflow applications with ServiceNow. And, they are moving mission and program specific applications–for example their auction solution–to the cloud as well. Given their modernization progress, cloud security is top priority.
Rationalizing the Security Stack
As more agencies move to the cloud, not only not only does the network need to be protected, but so does traffic in the cloud.
“The FCC moved its data center and was implementing more and more cloud-based software,” said Tony Summerlin, a consultant/special advisor to the FCC. “They needed a totally different approach to security.”
As the FCC implemented modern infrastructure and applications, they found they had too many security appliances that were too hard to govern and oversee, and they were not built to secure cloud-based traffic.
And, costs were rising quickly. “You can’t afford to deploy enough firewalls and other mechanisms to protect network traffic to the cloud,” said Summerlin.
Implementing a Secure Internet & Web Gateway
With these issues in mind, and the need to reduce application latency while improving user experiences, the FCC evaluated different solutions and ran a pilot with Zscaler, which as part of its product offerings provides a secure Internet and web gateway delivered “as a service” from the cloud.
Users are protected regardless of location, and the direct-internet connection to the security platform means less latency for a faster, improved user experience, and simplified network administration. Zscaler inspects all traffic in-line with multiple security techniques, including within hard-to-inspect Secure Sockets Layer traffic.
The FCC team first executed a limited pilot to identify any potential issues. “You can partially deploy Zscaler, which simplifies testing,” said Summerlin. “The FCC took a phased approach to deployment, due to multiple locations and a mix of technologies–zero client, thin client, full PCs, Virtual Desktop Infrastructure (VDI) and non-VDI clients, etc.”
The New Cloud Culture
As the FCC managed the deployment, they worked closely with their industry partner teams, and they found that their cloud industry partners often work very well together.
“The cooperation between Zscaler and ServiceNow to make sure the implementation was successful was tremendous,” says Summerlin. “This new ‘cloud culture’ is very positive.”
“Deploying a cloud solution is very different than an on-premises solution,” said Summerlin. “There are more unknowns, and the nomenclature and approaches can be challenging.”
“Solid change management and strong public-private partnership is key. You will fail without it,” Summerlin adds.
On the change management side, Summerlin recommends taking a hard look at legacy processes and systems in place before the deployment to identify what can be sun-setted, and what needs to be integrated. And, he recommends vendors take Zscaler’s approach–taking the time to educate the full team, share what they’ve learned from past deployments, and working hand in hand with their agency customers every step of the way.
Securing a Modern Infrastructure & Mobile Workforce
The FCC is seeing benefits–such as faster application performance, which means improved user experience regardless of location. They are also seeing reduced costs–which enables the team to redirect funds to other priority cyber needs.
“You can replace a significant number of security applications with Zscaler,” says Summerlin. “This means you save dollars and time, as the infrastructure is simpler to manage.”
The FCC is working to finish deployments with Cylance, Tanium and Splunk–rounding out their modern, cloud security and analytics capabilities. They will continue the modernization journey–more cloud, more shared services, and continued high priority on security.