Government Moving Quickly to Modernize TIC for Cloud Services

cloud computing

The Federal government is continuing its push to update the Trusted Internet Connections (TIC) initiative to provide “improved solutions for accessing cloud services while maintaining cybersecurity,” according to the latest progress updates to the President’s Management Agenda (PMA).

The Office of Management and Budget recently released the Q3 FY2018 update of its IT Modernization cross-agency priority (CAP) goal, relaying some notable strides to reform TIC–which has become a point of frustration in the Federal government due to its policy inflexibilities which prevent the rapid addition of new technologies.

TIC is an initiative run out of the Department of Homeland Security to “optimize and standardize the security of individual external network connections currently in use by Federal agencies, including connections to the internet.” But the current capabilities list under TIC has made it difficult to standardize emerging technologies like mobile access and cloud services to ensure they are compliant.

With the PMA update on IT Modernization released this month, OMB announced that agencies have completed two full-scale TIC pilots, and that “several smaller scale pilots” are still underway. In addition, there have been notable steps to reform the TIC reference architecture, and potentially expand use cases–which would allow better access to cloud services, the government’s expressed goal.

“DHS presented a draft updated TIC Strategy to the interagency TIC Modernization Working Group and is collecting feedback from agencies on revisions to the TIC Reference Architecture and Use Cases,” OMB said.

The need for TIC modernization was detailed in the Report to the President on IT Modernization released in December 2017, and has since been recognized as a primary hurdle to getting cloud services up and running smoothly in the Federal government.

But technology leaders in government are beginning to acknowledge that the positive steps outlined in the PMA update could be yielding real change shortly.

“There is forward progress,” Department of Energy CIO Max Everett said on Sept. 11 at an event organized by the Professional Services Council. “We need security, but we’ve got to be able to move forward with cloud, move forward with mobility, and so the model and the architecture needs to change.”

Everett said that DHS and OMB were “dead set” on making sure that changes to TIC are made.

On the same day, Department of Justice CIO Joseph Klimavicz said that DoJ has two cloud-optimized TIC stacks which offer robust security. He added that there are more limited security controls for trusted cloud providers “where we know the information is secure.”

He said that some discussions have centered on the possibility that agencies could “forward deploy those security controls to cloud service providers,” but said it could be more difficult for smaller CSPs to build the controls into their infrastructure.

“We’re already looking at the next steps of what we’re going to go through,” said Everett. “Some of those are going to be looking at some of the unique innovations that private sector folks are already bringing to how we secure cloud.”

In the PMA, the goal to “Update TIC structure to accommodate new cloud access options” has a completion deadline of Q4 FY2018, which comes at the end of the month.

“Everybody’s known it’s a challenge,” Everett said of TIC. “There’s a lot of reasons it hasn’t changed, but it’s going to. It has to.”

“We need a fundamental shift in the TIC’s architectural design and approach to take full advantage of cloud-based technologies,” said Stephen Kovac, vice president, Global Government and Compliance, Zscaler. “A modern TIC infrastructure means improved user experience and security regardless of location or device, with reduced costs, no bandwidth caps, increased visibility, and monitoring that natively peers with FedRAMP SaaS providers like Office 365, Okta, Salesforce, and others. At Zscaler, we believe the best approach to get there is to move the TIC to a cloud-based, FedRAMP-certified, SaaS-defined gateway–one that is born and built in the cloud, also known as TIC-in-the-Cloud. Lastly, we need to take advantage of zero-trust solutions where appropriate so that users can be securely connected to applications without having to be routed through a TIC.”

Recent