Reimagining the TIC for a cloud environment
Connecting state and local government leaders
As agencies move to adopt cloud services, the Trusted Internet Connections architecture is becoming increasingly problematic.
For nearly 10 years, Trusted Internet Connections have connected agencies to the public internet for sending email and visiting websites through central and secure gateways. As agencies move to adopt cloud services, however, the TIC is becoming increasingly problematic.
The hybrid environments that many agencies operate are creating “challenges with the TIC architecture," acting federal CIO Margie Graves said. When she was at the Department of Homeland Security, she said, a modernization effort involved moving systems into the Amazon Web Services cloud. To make the migration work, Graves said, "required that we place a server at AWS to run our TIC architecture -- and then we found that we had latency issues associated with that."
Graves said her office and others are working closely with the Office of American Innovation on a wide range of IT-related reforms with an overarching goal to "modify those things that no longer work or are sending people in the wrong direction. And one of the first things we’re tackling is our TIC policy. You’ll see something different coming out ... in how we might deliver TICs in a different kind of way."
Encryption is "not a panacea," Graves told attendees at BMC's June 7 event on digital enterprise management, but agencies need to start thinking about security at the data layer, rather than perimeter defense and network-based security. "A stateless architecture," she said, is "the only way we're going to be able to fully adopt cloud services, and mobility, and Internet of Things, and all the technologies that are out there."
Graves also stressed to feds in the audience that "the alternative architectures that we’re exploring for delivering the TIC capabilities do not negate the necessity to maintain your cyber posture."
Understanding the level at which an agency's data must be protected, making that data auditable and the various TIC protections "are all important things," she said. "But they don’t necessarily have to be done with the architectures we have today."