Two and a half years ago, the government digital service put on their blog that the “Internet is Ok“.
What does that do to the Public Services Network? What security model, and WAN model are we going to see in the near future?
None of us actually know the answers to those questions yet, including GDS, but they’ve already started work to define what the future Public Services Network will look like, through their initiative called The Future Network for Governments (FN4G).
The FN4G consultation is supporting the initial blog that the Government and Public Sector should abandon Wide Area Networks and adopt the Internet for its connectivity. To facilitate this, a Zero Trust model is proposed where irrespective of the connection, all connections and transactions should be treated equally as untrusted.
To draw a parallel in the physical world, we are used to guards and checkpoints on the entrance to our buildings. This removes a lot of the threats of outsiders being present in the building.However, we also ask all the people inside to wear identity badges and carry swipe cards for access, thus ensuring that if the first line of defence is breached, the second layer will catch the bad guys.
Similarly, in the IT world, just because someone is on a network, it does not mean we should trust them. This is where Zero Trust comes in. The most popular manifestation of Zero Trust is the Software Defined Perimeter. This allows the data owner to set the perimeter of what and where they find acceptable trust for users.
The ‘Zero Trust’ concept has been around for some time, however it was just a concept until Google decided to provide BeyondCorp for its own internal Network. This relied on near real time knowledge of all users, their devices and location to define what resources can be consumed for that session.
A white paper on Zero Trust Networking is available here
Of course, organisations don’t use networks just for security, as explored in the podcast ‘Why buy a WAN?“, there are other issues such as Availability, Accountability, SLA;s, Latency and more. However, the adoption of a Zero Trust Security model across Government provides greater flexibility and combined with Software Defied Networking, should provide greater productivity for all workers.
PSN was developed to address a problem in the Public Sector where organisations were not able to interoperate and collaborate. When Zero Trust offerings are able to federate and common open standards are created, we can see this as being a de facto standard for the UK Government, Public Sector and Private Sector to adopt.