Vanguard Magazine

Vanguard December2021/January2022

Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR

Issue link:

Contents of this Issue


Page 23 of 43

24 DECEMBER 2021/JANUARY 2022 PERSPECTIVE Sponsored Content whether that's data analytics, AI, machine learning, or even the next generation of security protections," explained Jeanette Manfra, Senior Director for Risk and Compliance at Google Cloud, in a recent conversation on public sector compliance with Chris Johnson, Google Cloud Glob- al Compliance Product Lead. 1 "Cloud environments built like this are isolated fortresses. It's rigid. It's not optimized for constant modernization," said Manfra. This fortress method no longer provides the security it once did, nor does it pro- vide the modern agility that government departments need. A Better Way: The Zero Trust Approach More than 10 years ago, Google made zero trust the standard for the entire company with our BeyondCorp single sign-on solution. 2 BeyondCorp allows for single sign-on, access control policies, ac- cess proxy, and user- and device-based au- thentication and authorization. The goal with BeyondCorp was simple but vast: every single employee should have the ca- pability to work securely, no matter their location or network. To achieve this, we designed security systems where the loca- tion of the network no longer has any ad- ditional value as a defence. 3 A ccess to modern technology is essential to departments responsible for protecting Canadians and defending national interests. How- ever, the current digital policies Canadian government departments use to enforce compliance standards have resulted in the building of "digital fortresses." Also known as "government clouds," these "fortresses" allow only data, applications, and devices within a specific network perimeter to be protected and monitored. Unfortunately, as department leaders have sent their employ- ees home to work because of COVID-19, there is no longer a firm perimeter inside which all activity can occur. In addition, this approach doesn't fully address the risks that frequently exist inside the network. Traditional security practices have led to security protocols that mimic these fortress walls. The walls may meet compliance standards but they don't nec- essarily achieve better security, nor do they allow agencies to gain the maximum ben- efit of modern, cloud-based tools. The promise of government clouds is that they could offer more security; but they are often run in specialized data cen- ters that lag behind the latest developments in cybersecurity. "This impacts the govern- ment's access to critical new technologies, MEETING CANADIAN PUBLIC SECTOR COMPLIANCE STANDARDS WITHOUT COMPROMISING ON THE BEST PARTS OF THE CLOUD BY FRANK CURRIE At the core of a zero trust approach is the idea that implicit trust in any single component of a complex, interconnected system can create significant security risks. Instead, trust needs to be established via multiple mechanisms and continuously verified. Zero trust effectively removes the requirement of a security perimeter because it doesn't automatically assume those who are able to gain access to the inside are trusted. By checking every connection and device every time, we're able to be more flexible while avoiding insider threats. For government depart- ments, this is a tremendous benefit: in- sider threats can be more damaging than outside attacks. 4 Compliance without Compromise "For most major cloud providers, the only option to offer services that are compliant with government [compliance] standards is to create a separate government cloud for any government contact," says Manfra. This means there are few data centers and many of these have administrative access issues and support problems. At Google Cloud, and for Canada in particular, we're able to work with stringent public sector compliance requirements without compromising on the best parts of the

Articles in this issue

Links on this page

view archives of Vanguard Magazine - Vanguard December2021/January2022