TIC for today's cloud environment
As agencies move to adopt cloud services, the Trusted Internet Connection is becoming increasingly problematic.
Originally designed as central and secure gateways that give agencies access to the public internet for sending email and visiting websites, the TIC architecture has challenges with the hybrid environments that many agencies operate today, acting federal CIO Margie Graves said.
Part of the Department of Homeland Security's modernization effort involved moving systems into the Amazon Web Services cloud, Graves said by way of example. To make the migration work, she explained said, "required that we place a server at AWS to run our TIC architecture -- and then we found that we had latency issues associated with that."
Graves said her office and others are working closely with the Office of American Innovation on a wide range of IT-related reforms with an overarching goal to "modify those things that no longer work or are sending people in the wrong direction. And one of the first things we’re tackling is our TIC policy. You’ll see something different coming out ... in how we might deliver TICs in a different kind of way."
Encryption is "not a panacea," Graves told attendees at BMC's June 7 event on digital enterprise management, but agencies need to start thinking about security at the data layer, rather than perimeter defense and network-based security. "A stateless architecture," she said, is "the only way we're going to be able to fully adopt cloud services, and mobility, and internet of things, and all the technologies that are out there."
Graves also stressed to feds in the audience that "the alternative architectures that we’re exploring for delivering the TIC capabilities do not negate the necessity to maintain your cyber posture."
AWS' Mark Ryland, director of solutions architecture and chief architect of the worldwide public sector team, agreed with Graves. "Everyone recognizes that [TIC] is not well suited for cloud-based architectures because the network data flows out through a private connection, runs through a private enclave of the cloud, and if it needs to reach the internet, it can’t leap through the cloud -- it has to go through the government systems to reach the end user," Ryland, told GCN at the AWS Summit. "We are working proactively with OMB to achieve the goals to TIC to make sure traffic is secure and achieves the goals of fighting malware."
Understanding the level at which an agency's data must be protected, making that data auditable and the various TIC protections "are all important things," Graves said. "But they don’t necessarily have to be done with the architectures we have today."
Editor's note: This article was changed June 14 to add comments from AWS' Mark Ryland.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.