IT TRANSFORMATION
Incorporating
 security into IT
transformation
An intelligence-driven and mission-focused security approach is critical to protecting a modern infrastructure
Steve Schmalz
Field Chief Technology Officer of Public Sector, RSA Security
good locks on our doors. We need to have security guards walking the halls of our networks as well.
Agencies should ensure that they have
a combination of tools that keep people
out of the network, tools that track who is allowed on the network and what rights and privileges they have, and tools that help them understand security risks through activities such as continuous monitoring.
Better insight into risks
As agencies modernize, it’s critical that they
THE MODERNIZING
Government Technology Act will
give agencies the opportunity to rethink their IT infrastructures. Because their existing tools might not have been developed for today’s ever-evolving cybersecurity landscape, agencies should take advantage of the opportunity to modernize their security while they’re modernizing their infrastructure.
Agencies should be adopting the same long-term mindset for security tools and strategies that they are using for their infrastructures, and they should develop a roadmap that incorporates both.
Identity, data and productivity
As one element of that transformation, agencies should implement a secure identity and access management system that will improve productivity by seamlessly granting employees the access they need to do their jobs. A good system does more than simply use the right two-factor authentication or other approved tool. It involves analyzing all the information we know about an individual to authenticate his or her identity to then provide that employee with the correct level of access. Agencies should
do all this in a robust, secure way that is transparent to the user.
Similarly, agencies have an opportunity to make data analysts more productive and effective by giving them access to data in a form that is usable and actionable. Regardless of the technology an agency uses, human beings will ultimately be looking at the data and trying to make difficult decisions. The goal is to make it easier for analysts to know what they’re
looking at and determine the most important, relevant information on which to base their decisions.
Fortunately, data aggregation and analysis tools are becoming increasingly powerful, aided by artificial intelligence, behavioral analytics and machine learning.
Even with strong security practices
and a modern infrastructure, breaches
will happen. Agencies need to focus on access control and back that up with active monitoring of essential services. It’s no longer enough to build high walls and put
                                 S-34 | SPONSORED CONTENT
ideyweb/Shutterstock/FCW Staff