Ensuring Remote Employees Can Access Classified Networks Securely
Telework has steadily been on the rise for enterprise and government employees alike, but it has been launched to new levels as of late in the wake of unprecedented current events. Much of the world’s workforce is now required to work remotely, and many of those employees must access multiple sensitive networks to perform their jobs. Classified organizations need to enable this access to ensure continuity of operations, but they also must ensure data is not compromised or lost in the process.
As part of our content series on cybersecurity best practices for remote work enablement, here we present several pointers for CIOs and CISOs to consider in a solution that rapidly allows remote access to classified networks:
1) Allow convenient data center access to virtual desktops and applications from mobile endpoints.
Employees should be able to work from their standard government provisioned laptops. It is important that all services and applications are tightly controlled, and hardware is locked down, including access to internal or external hard drives, optical drives, other USB or SATA ports, and interfaces.
2) Be installed directly on the host machine.
Installing the solution directly on the host machine allows for the efficient use of all capabilities inherent in the hardware, such as multiple monitor support, audio, webcams, and smart cards. Ideally, the solution will also be able to activate additional features and install appropriate licenses.
3) Support dual-tunnel access.
Far too often, a remote user that needs access to three different network domains is forced to rely on three endpoint devices and three encryptors. Dual-tunnel access eliminates the need for hardware encryptors, providing workers with access to multiple sensitive networks, applications, and data.
4) Leave no evidence or trace of data on the laptop.
All data and work products should be saved on the appropriate network at the agency’s data center—not on the endpoint device. If the device is lost or stolen, there should be no evidence of user’s application data.
5) Adhere to the CSfC Program.
The National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Program was established so commercial products could be used in layered solutions, as we are discussing now. Any commercial-off-the-shelf (COTS) components should be validated by the CSfC program and they should support mobile access capability packages (MACP), which protect classified data in everything from domestic cellular networks to private government ones. That means mobile data, including voice and video, should use approved cryptographic algorithms.
Forcepoint’s Trusted Thin Client Remote can offer single-level remote access within days and the product can easily transition to multi-level support. Trusted Thin Client (TTC) was created to help protect employees and critical data for everyone from federal agents in the field to employees working from home. From the data center, workers can gain access to all authorized networks required to do their jobs, meaning that they stay home without sacrificing productivity or security.
Government telework is not merely a short-term solution for the current crisis. It was already gaining momentum for myriad reasons and the situation will likely remain the norm for the foreseeable future. Organizations must be diligent in tackling the challenges that accompany it, for the sake of now and years to come.