CYBERSECURITY & MODERNIZATION
      EXECUTIVE VIEWPOINT
A Conversation with
SYED AZEEM
  SYED AZEEM
Senior IT Project Manager, General Services Administration
The senior project manager at GSA’s Federal Systems Integration and Management Center talks about
balancing cybersecurity and modernization
How can IT managers balance the need to secure legacy systems while modernizing their IT infrastructure? One thing agencies need to do is rationalize their overall IT portfolios and consolidate the functionality around a select group of key systems or applications that can be based on a common mission area or on common user or stakeholder groups. This will not only reduce the overall attack surface that adversaries could potentially exploit, but it will also enable a renewed focus on ensuring that the right level of security investment and attention is being paid to the critical data that’s housed in these systems.
A second strategy would be leveraging the greater economies of scale and potentially enhance security with cloud-based solutions. Certainly, cloud service providers are able to funnel the right kind of resources into security and spread those across numerous customers, and they’re able to do that much better than the government can.
Last but not least, another strategy for small agencies might be to take advantage of security-as-a-service solutions wherever it makes sense.
At the end of the day, agencies should prioritize enterprise, rather than one-off, solutions as much as possible and try to cover the largest swath of users and use cases.
How can modernization
enhance security?
IT modernization and cybersecurity
really ought to go hand-in-hand. When modernization planning is done thoughtfully, the overall security posture for the organization improves dramatically.
When agencies are analyzing and comparing different products and
technologies, what IT managers should keep in mind or pay close attention to are what built-in security features and solutions are available and also the compatibility of bolting on third-party solutions for current and future needs.
What security opportunities might agencies be overlooking in the rush
to modernize?
When we’re trying to achieve modernization and also better security, we need to adhere to fundamental cyber hygiene principles. If you look closely at the source of most of the recent federal data breaches — the successful attacks that have happened — almost always there’s an element of good cyber hygiene missing.
For example, great strides have been made with privileged-user management in the recent past, and the federal government as a whole has been strengthening that
in terms of stronger authentication, but strengthening authentication is only the first step. An opportunity could be, for example, where we apply advanced analytics, artificial intelligence-enabled behavior detection
and also machine learning algorithms, so if there’s any potentially anomalous activity that’s going on outside the norm, that AI or those machine learning algorithms are able to detect it.
What tools and strategies could help agencies better manage the cyberse- curity aspects of modernization? While modernizing, agencies really need
to take a closer look to see what pieces of the puzzle they can borrow without starting from scratch. For example, GSA offers a very robust shared identity management and authentication service for public-facing
 S-94 | SPONSORED CONTENT