Governments have reached a turning point in how they manage their IT security, according to a Google security expert.
In the past two years, Zero Trust has evolved from being a buzzword to the top priority of governments, said Bryce Buffaloe, product manager with Google Security, Privacy, and Compliance. He was speaking to municipal leaders at ITWC’s Technicity GTA conference.
“We’re starting to see public sector organizations come out of this period in a stronger position,” said Buffaloe. “The shift is toward getting security out of the way for employees to a point where it can be invisible.”
Buffaloe sees a cultural change happening where security can act as an enabler for employees. “This approach not only protects their agencies, but it avoids blocking experimentation, creativity and innovation for the new talent pools who just want to build great things for people who rely upon government services,” he said.
Why security is no longer an obstacle for Google employees
Google decided to adopt Zero Trust principles after a 2009 cyber attack called Aurora, explained Buffaloe. After a seven-year implementation period, the result, is “unlike any other work environment that I’ve ever seen before,” he said.
Buffaloe described the new approach, which relies on identity and access management at its core. Everyone has a Titan key for physical authentication, along with additional back-end checks. The system uses core context awareness and endpoint verification against application data to prevent data loss, credential theft, and phishing malware. “We treat the Internet as our new network perimeter, and we trust in nothing. Since it’s been in place, there’s been a zero per cent success rate for phishing attacks against Google staff,” said Buffaloe.
For employees, it means that no one ever has to change their passwords. “Security is no longer an obstacle for innovation or the velocity of the developers,” Buffaloe said. “It became invisible to everybody, and people were just able to work in a safe place.”
Security for a changing public sector work environment
The sudden shift to remote work was a nightmare for many public sector organizations because the traditional perimeter model no longer works in this case, said Buffaloe. What’s more, there was an explosion of cyber attacks at a time when many workers were feeling burnt-out while juggling jobs and childcare.
Now, employers are preparing for the new hybrid work environment, Buffaloe said. Workplace flexibility is a high priority for increasing job satisfaction and attracting top talent.
There’s been a tremendous amount of work in the public sector to address these new realities, said Buffaloe. “It sets the stage for security to become an enabler, instead of a blocker,” he said. “Security can be invisible and employees can spend less time worrying and focus on building the best services, products and experiences for the end user customers and constituents.”