Page 80 - FCW, November, December 2018
P. 80

 CYBERSECURITY & MODERNIZATION
Minimizing
cyber tool complexity
Chris Townsend
Vice President of Federal, Symantec
from on premises into the cloud. Likewise, security policies should follow the user, regardless of whether the user accesses data on a government-furnished device or a personal device. Instituting better identity management and tracking behavioral analytics on user actions in the cloud environment are critically important.
For chief information security officers, those changes require moving away from being technology experts and becoming more focused on business analysis so that they can quantify the risks associated with a particular asset and invest resources wisely to minimize those risks.
Industry and government should work together to standardize and consolidate cybersecurity technology
MOST CYBERSECURITY ENVIRONMENTS were built reactively. As new threats
emerged, agencies bought new tools. The result is tremendous complexity without any type of integration or standardization.
Agencies might be using best-of-breed tools to secure endpoints, networks, data and users, but those tools don’t adhere to a common protocol or language that would enable them to share information.
That complexity is the enemy of a strong cybersecurity posture, and it is an area
that is ripe for modernization. Reducing complexity through standardization can enhance protection at every level and support a more robust approach to risk management.
Indeed, the Office of Management and Budget recently issued a series
of recommendations for addressing cybersecurity shortcomings at agencies. One of those recommendations involves standardizing IT and cybersecurity capabilities to control costs and improve asset management.
Quantifying risks and
investing resources
We’ve seen standardization in almost every other segment of IT, including networking, storage, enterprise resource planning
and operating systems. That level of interoperability does not exist with security tools. Consequently, security professionals and threat analysts are being forced to correlate all that information, and we are essentially trying to achieve interoperability among tools using a human element. That approach is not scalable or agile enough to
respond to the state-sponsored threats and bad actors we face on a daily basis.
We need to mirror the integrated approach we’ve taken in other segments of IT because highly motivated attackers will always find ways into IT environments. To begin, agencies must shift from applying all their resources toward building a hard perimeter around their infrastructures and instead identify high-value assets and make investments to reduce the vulnerability of those assets.
In addition, as agencies move activities to the cloud, they should build a fully integrated security platform that extends
deepOV/RedlineVector/Shutterstock/GCN Staff
S-80 | SPONSORED CONTENT











































































   78   79   80   81   82