cloud security

Cloud Smart strategy updates TIC policy

The finalized Cloud Smart strategy doesn't offer much new over the draft released for comment in September 2018, but the Office of Management and Budget wants to retool security to provide flexibility for cloud access.

One big push is to update the Trusted Internet Connection policy that governs outbound agency network traffic. For years the federal government has looked for ways to harmonize its seemingly contradictory TIC and cloud policies, seeking the organizational security benefits of limiting internet access points while also migrating IT infrastructure to the cloud, which leverages multiple access points.

The "once useful" TIC is now "inflexible and incompatible with many agencies' requirements," the cloud smart strategy says, and the maturity of the private cloud market as well as an expected increase in telework means the model originally laid out in 2007 will soon become obsolete to federal IT operations.

TIC has undergone a number of revisions, and officials at Department of Homeland Security who run the program have told Congress that setting security requirements and outcomes for cloud providers, rather than routing traffic through prescribed access points, is a better policy moving forward. According to the cloud smart strategy, DHS is piloting "newer, less rigid approaches" with a number of agencies that comply with this policy and could make it easier for programs like EINSTEIN to use the added computing power to detect and prevent intrusions.

An update to the policy, including alternative models to the TIC architecture, is due from DHS within six months.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.