Andrew Fritz
Guest Author:
Andrew Fritz
Leader, Systems Engineering at Cisco

For public sector leaders tasked with IT modernization, a key focus is how to securely and efficiently deliver critical digital services to their core users and constituents. With the rise in low cost commodity broadband and cloud services that are easy to consume, you now have a unique opportunity to take some positive steps in that area. But first, you need to understand what’s really driving the next generation of public sector cloud architectures. And also ask, is there one approach that rises above the others in speeding and securing how you deliver workloads in the cloud?

Which way to public sector cloud?

As the barriers to affordable and efficient cloud services shrink, you’re faced with a decision: keep your applications, data, and workloads on premise in your own data centers—or move them to the cloud, leveraging a mix of software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) options as you do.

If you’re like most public sector IT leaders, then you’re tasked to deliver specific services in a secure, reliable manner. If you can do so via SaaS with a single sign-on (SSO) on the front end, that’s great. You simply need to provide some means of Internet access to your users, with a simple firewall, and let SSO handle the rest.

Unfortunately, in public sector IT, roadblocks appear often and unexpectedly. Legacy applications that were originally written and maintained in-house are a good example. They can require special expertise to update and/or integrate with any new architecture. So, how can you make it all work?

Using a SASE approach for public sector cloud

Secure access service edge (SASE) is a collection of network and security architectures that let IT teams securely and efficiently connect users to the resources they need, using the best possible means. A SASE approach can include solutions for SD-WAN, multi-factor authentication (MFA), and end-point visibility that help your users overcome a variety of common issues, including capabilities to:

  • Give branch users secure access to workloads in the data center (DC) by traversing a software-defined wide area network (SD-WAN) tunnel with minimal security controls.
  • Provide users secure access to a cloud IaaS resource where the SD-WAN Fabric is extended to trusted resources like Amazon Web Services (AWS) or Microsoft Azure.
  • Offer users at a branch location secure local breakout to the Internet to securely access popular SaaS apps like Microsoft Office 365 (O365) and Salesforce.com (SFDC).

If they need access to traditional web resources, you can send them through a web security stack to make sure they get what they need—securely and reliably.

Leveraging Meraki SD-WAN Connector

Fortunately for your already stressed IT team, this capability can be delivered in a simple, powerful manner, starting with Meraki SD-WAN. This solution, powered by Cisco MX Security appliances and AutoVPN, creates a dynamic fabric for site connectivity. And it does so in a way that is independent of the underlying transport. This lets you integrate broadband, cellular—even MPLS—and build a fabric over it. It’s even been extended into major public clouds like AWS and Azure with vMX, giving customers the flexibility to host their services in these robust, resilient data centers while enjoying easy and secure access.

In addition, as your users and the resources they rely upon move closer to the action thanks to cloud, and further from data centers, one approach can keep them secure: implementing consistent policy across the WAN and intelligently delivering security services where needed.

With Meraki SD-WAN Connector, you can define policy for trusted resources with direct access (like O365 and SFDC). Plus, you can reroute traffic that’s going to an untrusted resource through the cloud to a robust security stack (Web Filter, DNS Security, CASB). This capability can be delivered through Cisco Umbrella Secure Internet Gateway. Connector provides a secure connection into Umbrella where you can leverage various security services based on policy you define.

Next steps


Peter Romness

Cybersecurity Principal, US Public Sector CTO Office