cloud security

Cloud Smart strategy updates TIC policy

The finalized Cloud Smart strategy doesn't offer much new over the draft released for comment in September 2018, but the Office of Management and Budget wants to retool security to provide flexibility for cloud access.

One big push is to update the Trusted Internet Connection policy that governs outbound agency network traffic. For years the federal government has looked for ways to harmonize its seemingly contradictory TIC and cloud policies, seeking the organizational security benefits of limiting internet access points while also migrating IT infrastructure to the cloud, which leverages multiple access points.

The "once useful" TIC is now "inflexible and incompatible with many agencies' requirements," the cloud smart strategy says, and the maturity of the private cloud market as well as an expected increase in telework means the model originally laid out in 2007 will soon become obsolete to federal IT operations.

TIC has undergone a number of revisions, and officials at Department of Homeland Security who run the program have told Congress that setting security requirements and outcomes for cloud providers, rather than routing traffic through prescribed access points, is a better policy moving forward. According to the cloud smart strategy, DHS is piloting "newer, less rigid approaches" with a number of agencies that comply with this policy and could make it easier for programs like EINSTEIN to use the added computing power to detect and prevent intrusions.

An update to the policy, including alternative models to the TIC architecture, is due from DHS within six months.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected