Making IT Security Invisible to Public Sector Employees
According to a Google security expert, governments have reached a turning point in the way they manage their IT security.
Over the past two years, Zero Trust has gone from being a buzzword to a top priority for governments, said Bryce Buffaloe, chief product officer at Google Security, Privacy, and Compliance. He was addressing city leaders at the ITWC’s Technicity GTA conference.
“We’re starting to see public sector organizations emerging from this period in a stronger position,” Buffaloe said. “The change is to eliminate security for employees to a point where it can be invisible.”
Buffaloe sees a cultural shift happening where safety can act as a catalyst for employees. “This approach not only protects their agencies, but it avoids blocking experimentation, creativity and innovation for new talent pools who simply want to create great things for people who depend on government services,” he said. -he declares.
Why security is no longer an obstacle for Google employees
Google decided to adopt Zero Trust principles after a 2009 cyberattack called Aurora, Buffaloe explained. After a seven-year implementation period, the result “is unlike any other work environment I’ve seen before,” he said.
Buffaloe described the new approach, which relies on identity and access management. Everyone has a Titan Key for physical authentication, plus additional back-end controls. The system uses basic context awareness and verification of endpoints against application data to prevent data loss, credential theft, and phishing malware. “We treat the Internet as our new network perimeter, and we don’t trust anything. Since it’s been in place, there’s been a zero percent success rate for phishing attacks against Google personnel,” Buffaloe said.
For employees, this means no one ever has to change their password. “Security is no longer a barrier to developer innovation or speed,” Buffaloe said. “It became invisible to everyone, and people could just work in a safe place.”
Security for a changing public sector work environment
The sudden shift to remote working has been a nightmare for many public sector organizations because the traditional perimeter model no longer works in this case, Buffaloe said. Additionally, there was an explosion of cyberattacks at a time when many workers felt exhausted juggling work and childcare.
Now, employers are preparing for the new hybrid work environment, Buffaloe said. Workplace flexibility is a top priority for increasing job satisfaction and attracting top talent.
There has been tremendous work in the public sector to deal with these new realities, Buffaloe said. “It sets the stage for security to become an enabler, instead of a blocker,” he said. “Security can be invisible and employees can spend less time worrying and focus on creating the best services, products and experiences for end-user customers and constituents.”