Making IT security invisible for public sector employees

Governments have reached a turning point in how they manage their IT security, according to a Google security expert.

In the past two years, Zero Trust has evolved from being a buzzword to the top priority of governments, said Bryce Buffaloe, product manager with Google Security, Privacy, and Compliance. He was speaking to municipal leaders at ITWC’s Technicity GTA conference.

“We’re starting to see public sector organizations come out of this period in a stronger position,” said Buffaloe. “The shift is toward getting security out of the way for employees to a point where it can be invisible.”

Buffaloe sees a cultural change happening where security can act as an enabler for employees. “This approach not only protects their agencies, but it avoids blocking experimentation, creativity and innovation for the new talent pools who just want to build great things for people who rely upon government services,” he said.

Why security is no longer an obstacle for Google employees

Google decided to adopt Zero Trust principles after a 2009 cyber attack called Aurora, explained Buffaloe. After a seven-year implementation period, the result, is “unlike any other work environment that I’ve ever seen before,” he said.

Buffaloe described the new approach, which relies on identity and access management at its core. Everyone has a Titan key for physical authentication, along with additional back-end checks. The system uses core context awareness and endpoint verification against application data to prevent data loss, credential theft, and phishing malware.  “We treat the Internet as our new network perimeter, and we trust in nothing. Since it’s been in place, there’s been a zero per cent success rate for phishing attacks against Google staff,” said Buffaloe.

For employees, it means that no one ever has to change their passwords. “Security is no longer an obstacle for innovation or the velocity of the developers,” Buffaloe said. “It became invisible to everybody, and people were just able to work in a safe place.”

Security for a changing public sector work environment

The sudden shift to remote work was a nightmare for many public sector organizations because the traditional perimeter model no longer works in this case, said Buffaloe.  What’s more, there was an explosion of cyber attacks at a time when many workers were feeling burnt-out while juggling jobs and childcare.

Now, employers are preparing for the new hybrid work environment, Buffaloe said. Workplace flexibility is a high priority for increasing job satisfaction and attracting top talent.

There’s been a tremendous amount of work in the public sector to address these new realities, said Buffaloe. “It sets the stage for security to become an enabler, instead of a blocker,” he said. “Security can be invisible and employees can spend less time worrying and focus on building the best services, products and experiences for the end user customers and constituents.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now