Embracing the ‘New Normal’: How Zero Trust is Empowering Government Agencies

A year ago, only about 3.4% of the total U.S. workforce worked remotely. Although it’s too soon to accurately count the uptick in remote work, suffice to say the number has grown exponentially since all of our lives were upended by the coronavirus pandemic.

Federal, state, and local government agencies have faced immense pressure to continue providing citizen services while also keeping their employees safe. But with such a quick and massive shift in the workforce, many agencies scrambled to cobble together work-from-home solutions. From issuing devices to deciding on collaboration platforms, they had to move fast to keep fundamental services running.

Thankfully, many agencies were able to quickly adapt – even more so due to efforts in the last two years to modernize core IT infrastructure. If this crisis had hit six months or a year earlier, many organizations would not have been in as good of a position as they are now to keep the status quo while working remotely -- but that doesn’t mean it was an easy transition, and there’s still work to do to support agency workers’ on-going productivity in this ‘new normal’.

Looking ahead, implementing a Zero Trust security model can help agencies mitigate cybersecurity issues and challenges they face with telework, both immediately and in the long-term.

Top Distributed Work Collaboration Tools

The forced shift to remote work has entailed much more than just signing up for video conferencing: we need new processes and new styles of work. Now, approaches like asynchronous meetings and workflow tools are suddenly more critical. Some organizations had little problem adapting, like GitLab, where their thousands of global employees have never had any offices – this was always how they worked. For others, there are still questions as to how to best support internal as well as inter-agency and public-private collaboration in a remote world.

Agency leaders now need to not only enable access to tools they are already using (both in the cloud and on-premises), but also to determine what other tools are needed to allow employees to be as productive as they were in the office — if not more so. These new tools also require road testing by agencies and training for employees. Here are some tools we’re seeing on the rise as a result of the rapid shift to remote work from across Okta’s entire customer base:

chart depicting okta's fastest growing apps

Further, getting new tools and applications in the hands of government employees can be done quickly and efficiently when rolled out through a single sign-on (SSO) solution. An SSO solution provides a way for cloud applications and all of an agency’s different users to consolidate into one place.

Identity: The Foundation for Zero Trust

Zero trust security throws away the idea that we should have a “trusted” internal network and an “untrusted” external network. The adoption of mobile and cloud means that we can no longer have a network perimeter-centric view of security; instead, we need to securely enable access for the various users (employees, partners, contractors, etc.) regardless of their location, device or network -- a reality that’s felt even more significantly in today’s remote environment.

Guidance such as NIST 800-207 provides great insight for agencies looking to pursue a zero trust strategy. Starting with a strong foundation in identity and access management will not only help strengthen security for agency workers, contractors and partners, but also make it easier to get access to resources they need to fulfill their missions. By integrating with PIV/CAC, it also gives agencies the flexibility to use an authentication solution that works with the preferred factor for federal government, while also providing alternatives such as the FIPS 140-2 Validated Okta Verify.

zero trust maturity curve graphic

For those just getting started, examples from private organizations such as 21st Century Fox, which has a complex user population including employees, partners and contractors, as well as Personal Capital, a leader in fintech, show the positive impact of using identity as the foundation of their strategy.

Not Just How We Work, But What We Do

As we look ahead, agencies are also facing challenges around not just how they work in today’s distributed environment, but how today’s environment transforms the way they support citizens. As Amanda Crawford, executive director for Texas’s department of information resources, which handles the state’s IT needs, said in a recent Wall Street Journal piece: “We’re going to have to be able to meet the needs of Texans moving forward, and deliver [services] to them in a world where preferences and attitudes about telework, government offices and public health may be totally different.”

Cloud and mobile provide avenues for government agencies to not only continue working, but service citizens remotely, potentially even driving new service development or increasing efficiencies around current programs, such as processing applications. For agencies looking to deploy new solutions, identity can serve as the backbone here, too: helping agencies quickly launch new, digital services unify identity stores to deliver omnichannel experiences and build tailored, extensible, and secure access experiences.

Check out this recent conversation on delivering digital experiences for government agencies here for more details on this initiative.

Resources to Help Agencies in this New Normal

Telework has made a big impact in the last few months, and we’ve seen that with the right support, government work can get done remotely. And although many agency workers will likely head back into the office, working from home in some capacity will not be going away. That means it’s time to put in the building blocks of a Zero Trust security model for long-term success.

To learn more about enabling secure access for a remote workforce with a Zero Trust approach, check out the following resources: