From Financial to Federal: Three Hot Technologies Impacting Government IT
Want a good idea of “what’s coming next” in federal IT? Look no further than the financial services industry.
Consider the similarities between financial firms and government agencies. Both are highly regulated and striving for greater agility and efficiency and better control of their networks and data—not to mention both are highly regulated. Meanwhile, cybersecurity remains a core necessity for organizations in both industries.
Given these commonalities, it’s unsurprising that technologies that have become popular in the financial services industry are making hay in federal IT. Let’s focus on three of these—blockchain, software-defined networking (SDN) and containers—and explore what they mean for agencies’ network management and security initiatives.
A blockchain is a digital ledger of transactions and ordered records (“blocks”)—a distributed database that is easily verifiable, and a permanent ledger that can be used to keep records of all transactions that take place over a network.
While invented to record financial services for Bitcoin transactions, blockchain can be a powerful tool that can be used for better data security. For example, the Department of Homeland Security is using blockchain in border control efforts. There’s even a Congressional Blockchain Caucus dedicated to educating government officials on the benefits of blockchain.
Blockchain is quickly becoming yet another weapon in the fight for better cybersecurity, but it is far from the only solution that agencies should consider. Traditional network monitoring, which allows for automated threat detection across the network, and user device monitoring—the tracking of unauthorized devices as they attempt to gain access to the network—are still the bread and butter of network and data security.
SDN is another technology that many financial services firms and agencies have explored as a means of solidifying network security. SDN’s are more easily pliable and readily adaptable to respond to evolving threat vectors. They also provide network managers with central control of the entire network infrastructure, allowing them to respond more quickly to suspicious activity.
But a SDN is still only as good as its network management protocols, which must be equipped to adequately handle virtual networks. Managers must be able to monitor end-to-end network analytics and performance statistics across the network, which with SDN, are likely to be very abstract and distributed. Special care must be taken, and the appropriate tools deployed, to ensure that managers maintain the same amount of network visibility in a SDN as they would have with a traditional network.
For organizations seeking a more streamlined approach to application development, Linux® containers are like nirvana. Essentially extremely lightweight and highly portable application development environments, containers offer the promise of much shorter development times and substantial cost savings. Benefits like these are why banking giants like Goldman Sachs® and Bank of America® are using containers and behind growing federal government interest.
Still, there have been concerns around container security. There are many different container platforms available, making it tricky to design a standard security tool that works well with all of them. Containers are comprised of multiple stacks and layers, each of which must be secured individually. There’s also the inherent nature of containers, which, on its surface, appears to be staunchly anti-security—containers are ephemeral and transportable, which can be benefits when it comes to development but potentially hazardous in regards to security.
Federal developers who are considering using containers need to be aware of these security implications and risks. Although container security has gotten a lot better over the years (after all, would banks be using this technology if it was not ready for prime time?), agencies should still consider steps toward securing their containers or using enterprise-hardened container solutions that comply with federal guidelines and recommendations, such as those laid out in the NIST Application Container Security Guide.
There can no longer be any doubt that we are in the midst of a technological revolution. While financial services and other non-government industries have thus far been the primary torchbearers for this movement, the federal government is now ready to take their lead. With blockchain, SDN, and containers, federal IT professionals have three innovative technologies they can use—along with traditional network management practices—to strengthen security and innovation.
By Joe Kim, SVP and Global CTO, SolarWinds