Stephen Kovac, vice president of global government and compliance at Zscaler (Nasdaq: ZS), has said agencies that aim to create secure cloud environments should merge controls under the Federal Risk and Authorization Management Program and the Trusted Internet Connections initiative.
“Users should be able to access the cloud via a trusted connection and seamlessly flow from one FedRAMP-approved app to another without having to be reauthenticated,” Kovac wrote.
“When FedRAMP and TIC work hand in hand, it can dramatically increase performance for users.”
He noted how shared services could help an agency impart lessons to other agencies when it comes to addressing security threats.
Kovac recommended that agencies establish a zero-trust environment to protect various devices on a network from vulnerabilities.
“This is done by creating inside-out connectivity so that applications are ‘dark’ to unauthorized users and never exposed to the internet,” he noted.