MileMarker10 CEO Susan Sharer recently had the opportunity to connect with Dave Reese, DOD Regional Sales Manager and Federal Health IT Cybersecurity expert at Menlo Security, and Gary Johnson, a Cybersecurity Strategist and Technical Sales Leader with the firm, to discuss its approach to Cloud-Based Internet Isolation and how the approach could support Federal health agencies.
The Risk Burden of Remote Work
Risks that CISOs need to be concerned with are always present and growing. Federal agencies that were ahead of the curve and had already pivoted to cloud-enabled security ahead of COVID-19 found confidence in the measures they had in place and were able to focus on other challenges the pandemic created with respect to how they operated. Those who had not were faced with finding short-term solutions quickly.
IT Modernization Creating Added Risk
As agencies are undergoing IT modernization, adding CRMs, SaaS, file sharing and so on, there are complex considerations related to the tool, the access that is required. Agencies need balanced policy that accommodates these applications but that is backed by policy that reduces risk.
When we think of all of the tools available, of teams using SalesForce or Box or whatever they may be inclined toward, there must be flexibility of the technology to accommodate all of the different users. No one underlying application can address it all.
The Federal Health Risk
We know that Federal health agencies have a responsibility to protect patient data, to maintain the security of the electronic health record. We also know that 70 percent of workers’ web traffic and usage during the day is non work-related searching and may involve hitting websites that are unsafe.
Using isolation technology, we build in the ability to add a prevention layer with a virtual air gap to separate potential vulnerabilities from the users browsing the Internet. Creating a gap between the Internet traffic and the endpoint and its critical applications, eliminates the risk of an adversary getting into the end user’s environment.
Not only does isolation protect users, it also creates savings in bandwidth.
We know that over 90 percent of breaches start from the web or email so by eliminating those two factors, removing the connection between those two components from the endpoint, we preserve and safeguard critical patient and health data.
The concept of creating this gap flips the way people are currently managing security. This is not about protecting the endpoint, it is about getting users Internet traffic away from the endpoint – period.
Another difference is the idea of complete zero trust. Instead of trusting something until we know it is bad and then having to react fast, this premise treats everything as bad, providing a protection layer for everything. The air gap doesn’t change the user experience and provides superior risk management.
A lot of the way cybersecurity has been managed until now has been the equivalent of putting bandaids over bullet wounds. There are a number of solutions that provide network fixes, endpoint fixes but they aren’t a complete solution. Instead of thinking of different solutions to approach the same way of thinking, we need to rethink prevention, to go from endpoint security to cloud security.
A lot of the work in cybersecurity is chasing after smaller attacks, putting out the little fires. The attention spent on those little fires keeps people busier than they should be, can impact morale and overall performance. Instead of making people work harder, eliminating the surface attacks through isolation allows them to work smarter, to focus on bigger picture issues. The agency benefits from both improved security and from employees who are more satisfied in their work.
About Dave Reese
Dave leads Menlo Federal with his Federal Engineer of 20 years. During his first year at Menlo he won contracts that helped take federal growth from $0 to $199 million in the Department of Defense. Mr.Reese is also responsible for providing guidance on Fedramp and other certifications needed to do business in the Federal Government. Dave also leads marketing and channel development strategies by helping create ideas around demand generation.
About Gary Johnson
Gary Johnson is a passionate Cyber Security professional and technology leader with over 22 years of experience that spans the public and private sectors. He is currently a Presales Engineer with Menlo Security. Prior to Menlo, Gary held positions with ISM, Symantec, and McAfee serving the Federal, State and Local governments, Higher Education, and Mid-Atlantic customers. While at ISM, Gary also served as a Cyber Security Strategist providing solution design, risk assessments, cyber program design and assessments, and strategic advisory to Directors, C-Level executives, and other technology leadership roles.
About Menlo Security
Menlo Security, Inc. delivers security without compromise and helps enterprises achieve digital transformation to leverage the full benefits of the cloud. Its solutions are built on the world’s first and only Isolation Core™ and delivers 100 percent protection against web and email threats. Headquartered in Mountain View, CA, Menlo Security is trusted by eight of the ten largest banks in the world, critical infrastructure, and large government agencies. It is backed by General Catalyst, Sutter Hill Ventures, Engineering Capital, Osage University Partners, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. For more information, visit https://www.menlosecurity.com or firstname.lastname@example.org