Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
FEDERAL DIVISION

Michael FriedrichFebruary 25, 2022

Why Does TIC 3.0 Overlook Zero Trust Network Access?

The U.S. federal government represents the single largest IT cyber target in the world with more users, systems, locations, workloads and devices than any other. This sheer size and complexity begs the question: why doesn’t the federal government TIC 3.0 initiative call for Zero Trust Network Access integration?

Share

For many years, each federal agency had their own points of presence on the internet and an array of security stacks around them resulting in chaos and lots of costs. Then, in 2007, the trusted internet connection (TIC) was introduced by the Bush administration. The TIC was intended to reduce the number of internet touch points to 50 from a collective estimate at the time of 8,000—and standardize security stacks to create better economies of cost, reliability and trust at a time when public and private cloud adoption was a new concept for the federal government.

The answer to whether it worked came quickly and the kindest definition was, “Sort of.” While it is true TIC 1.0 reduced the number of touch points to the outside world, it did not really have the advanced cyber tools needed for detection and remediation. Further, it did not scale. Congestion and complaints were almost immediate from the agencies’ user communities.

Then came TIC 2.0, released in 2012 and declared complete in 2016. This involved more industry partners to create more scalable and integrated touch points, hence the term managed trust internet point services (MTIPS). MTIPS allowed for trusted industry partners to bid on providing TIC services to agencies if the telemetry still went back to the Department of Homeland Security (DHS).

But, like all ideas that need to evolve, TIC 3.0 was introduced in 2019. In TIC 3.0, the TIC locations and security stack were updated again. While each agency is supposed to still limit their individual TIC footprint, it allows for the distribution and virtualization of the TIC stack. With the push toward a cloud-first strategy, this makes perfect sense … get the ingress and egress points of presence of U.S. federal government agencies closer to the workloads, e.g., the work the Department of Defense (DoD) has done with cloud native access point (CNAP).

What does not make sense is the lack of a call for Zero Trust Network Access (ZTNA) to be put into the TIC 3.0 design. The May 2021 Executive Order mandating all agencies and departments come up with a Zero Trust security strategy tragically leaves out direction on the TIC. Zero Trust security is an architectural framework accounting for the entire OSI stack. Agencies need to be thinking what tools they use to gain front end access, but also what tools they use to decide what access inside the environment.

There is a growing trend in commercial companies called café networks. A café network treats everyone like a visitor and allows no one to be directly landed on the workload hosting network(s). In other words, every person and their device are a guest and therefore transitory.

The U.S. federal government needs to add ZTNA guidelines to the OMB immediately. When you combine this with efforts like CLAW from the DHS, you can accomplish a few quick goals:

  1. Get everyone and everything off the network(s)
  2. Gain deeper visibility and control of users and devices with a tool like Appgate SDP
  3. Replace VPNs which still front end much of the TIC access points and create high risk for breaches
  4. Allow the government to have an aggregated data lake to react, create and direct access policies from

By adding tools like Appgate SDP, which can react in near real time with CLAW, you can create a TIC architecture that is distributed, secure and responsive. For the OMB memo to succeed, we must move to Zero Trust Network Access tools like Appgate SDP that allow for constant vigilance and near real time reactions to threats. It is long past the time to adopt the manta, defense wins championships (or in the case, a strong and integrated end to end defense keeps us safer).

For more on how our Appgate Federal Division assists agencies on their Zero Trust security journey, visit www.appgate.com/federal-division.

Additional ZTNA resources:

Blog: 2022 Federal Predictions: Zero Trust Security
On-demand webinar: Zero Trust for Critical Infrastructure
Podcast: Crawl, Walk, Run: Zero Trust for Cloud

Receive News and Updates From Appgate