CYBERSECURITY & MODERNIZATION
Resisting the urge
to complicate security
As agencies’ IT infrastructures become more complex, their security tools don’t have to follow suit
Rick Howard
Chief Security Officer, Palo Alto Networks
for example, gives agencies the chance to design and deploy their security systems in a better, more streamlined way.
Legacy systems and the cloud
Many government agencies already have hundreds of security tools, but their
IT teams have not grown accordingly. That’s where automation can play a key role. Through DevOps and DevSecOps, agencies can automate services and even the infrastructure that makes everything run, including security. Instead of having teams of people read alerts from all the devices deployed on government networks, the review and analysis can be done faster and more efficiently by machines.
To further streamline the process, the security products agencies currently use on-premises can also work in their cloud deployments. At the push of a button, an agency could deploy its existing security infrastructure to a cloud environment.
Yet even as agencies increasingly turn
to cloud technology, they will still need to maintain some legacy systems, and securing them should be part of any comprehensive cybersecurity strategy. When an aging computer is hacked, it means the entire security posture has been hacked because those systems are just one piece of the attack chain that adversaries must negotiate.
The goal is to put detection and prevention controls at every stage so that any adversary who succeeds in one phase will run into a major block in the next.
Data islands and zero trust
Furthermore, an agency’s security strategy must be deployed everywhere that data
CYBERTHREATS COME at us from a different angle, but they are no different from other risks to an
organization. Government leaders deal with risk all the time, and our job as network defenders is to convey technical and security concerns in terms a government leader can understand.
Rather than talking about all the bad things that bad actors do, we need to explain the odds that our organization is going to be materially affected by a specific threat, and we have to offer solutions.
Modernization presents unique opportunities for solving cybersecurity problems. Moving activities to the cloud,
davooda/Shutterstock/GCN Staff
S-82 | SPONSORED CONTENT