CYBERSECURITY
RETHINK THE PERIMETER
Agencies need to shift their focus from securing boundaries to protecting critical data.
SPONSORED CONTENT
  CHRIS TOWNSEND
VICE PRESIDENT OF FEDERAL, SYMANTEC
THE CYBER SECURITY CHALLENGES government agencies face are remarkably similar across all
sectors. That’s because most security environments were built in a reactive manner. As new threats crop up, we would address it with new technology. That bolted-on approach to cyber security (which was the only approach we had at the time) has led
to complex, cumbersome and operationally ine cient environments not agile enough to respond to today’s threats.
Agency leaders are dealing with multiple tools with duplicate or overlapping capabilities. Human intervention is necessary to integrate all those systems, process all that data and take action against malicious actors, who are more sophisticated than ever.
Bad actors only have to be right once, but cyber security professionals have to be right every time. Therefore, agencies need systems that are standards-based, integrated and able to take automated action against cyber threats in real-time.
Signs of Progress
We need to stop thinking about a hard perimeter. We must build an extensible platform that provides a standardized approach to security both on-premises and in the cloud by securing the data itself. We need to tie security policy to individual employees, no matter where they are or what device they are using.
Obviously, we know the intelligence community and Defense Department both house critical data. We found out the hard way that the O ce of Personnel Management has some incredibly important data as well. And
a lot of intellectual property from industry resides with government agencies, such as the Food and Drug Administration. Agencies need to ensure they are prioritizing their security investments around their most critical data.
Fortunately, the federal government is moving in the right direction. The cyber security sprint in 2015 improved visibility into agencies’ security postures. The Continuous Diagnostics and Mitigation program has helped government deploy security capabilities more e ectively. In addition, President
Donald Trump’s recent executive order on cyber security has made agency executives accountable for ensuring critical data is secured properly and investments in security infrastructure align with that data.
The order also promotes standardization
in the form of the National Institute of Standards and Technology’s Cyber Security Framework and addresses the crucial need for IT modernization. Legacy systems are costly to maintain. It would be more e cient and cost-e ective to update those systems when necessary and shift some of them to cloud- based or shared-services models. However, funding is always an issue, which is why passage of the Modernizing Government Technology Act is so important.
The Need For a Plan
Security is more of an enabling technology than it’s ever been before, but a lot of agencies and even private sector organizations don’t have a cyber security reference architecture that maps technology requirements to mission objectives. A cyber security plan can help agencies avoid building complexity into their cyber security environments, which is the
No. 1 barrier to a sound security posture.
Agencies can’t secure everything. Instead, they need to create risk mitigation strategies that align scarce cyber security resources— whether those are dollars, tools or people— against their most critical data.
Chris Townsend is vice president of federal at Symantec.
 S-14