Working from Home (WFH) in Government - Key Takeaways from Former CTOs of the DIA and CIA

Author: Michael Hylton, Senior Director, Federal Sales at OPSWAT

On May 13th OPSWAT and Carahsoft hosted a live webinar where I moderated a panel of former CTOs from the US Intelligence Agencies - Bob Flores, former CTO of the CIA, and Bob Gourley, former CTO of the DIA. We discussed cybersecurity threats that could threaten sensitive data and negatively impact productivity, as well as the potential benefits of deploying secure work from home technologies, such as Software Defined Perimeter (SDP) and Secure Access.

Some of the key takeaways include:

1) How BYOD devices could be leveraged in certain circumstances if an organization’s computing policies can be validated or enforced through self-guided remediation procedures. This could be accomplished with technical controls that would prevent storage connected via USB to interact with the operating system or preventing keystroke loggers from hijacking keystrokes that could lead to stolen passwords, OTPs, or 2FA entries, or that the local volume is encrypted. During the webinar, we demonstrated how OPSWAT’s Secure Access/SDP solution MetaAccess would address this process

2) There was also a discussion on the importance of not only having the right fit of technical enforcement but also the ability to deploy rapidly with a lightweight presence on the end-point. The flexibility of customizing the solution to fit your needs is paramount when it comes to deploying to both government-managed devices and unmanaged devices such as BYOD. Perhaps you need a persistent client on the government-furnished equipment while opting for a run-once dissolvable client that is part of the authentication to a virtual desktop interface like VMware Horizon or logging into a cloud email system via BYOD?

3) Also, while SDP may have been around for some time, it was often overlooked as something too simple. However, it's becoming more apparent with the endeavors of the Cloud Security Alliance and Defense Information Systems Agency’s (DISA) approach of a black core that access to network resources from teleworkers significantly reduces risk by only allowing for network services for which the end client is authorized for, only when necessary, and only after the posture of the machine is validated.

I highly encourage anyone that missed this live webinar to watch the recording and hear some of the insight that was discussed from these exceptional leaders and experts. We took questions from the audience consisting of federal technical SMEs as well as showed a demo of the solution at the end. If you have any questions, please feel free to reach out for more information. 

Panelist Profiles

Bob Flores spent 31 years in the CIA, he is currently the co-chair of the Software Defined Perimeter (SDP) Working Group at the Cloud Security Alliance (CSA), which defined the SDP framework— to control access to resources based on identity—with the DISA under the Global Information Grid (GIG) “Black Core” Network initiative around 2007.

Michael Hylton has a background of over 20 years in federal technology consulting with the Pentagon and other federal agencies. In addition, Michael also has leadership experience in international business, cyber management experience at Booz Allen Hamilton as well as with cybersecurity startups. He is a Certified Ethical Hacker and earned an MBA focused in National Security from GMU.

Bob Gourley is an experienced CTO and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. Bob has served as the CTO for the Defense Intelligence Agency and is recognized by InfoWorld as one of the top 25 CTO and Washingtonian Magazine's "DC Tech Titan" list.

View webinar: https://www.carahsoft.com/learn/event/23498

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.