Cybersecurity

8 Building Blocks for a Resilient Agency


resilient agencyWhat does it mean to be a resilient agency? In today’s cyber landscape we’ve found that resistance is futile; it’s inevitable bad actors will get into your system. However, building a resilient cybersecurity network can help to develop proactive defense. Resilient agencies are those who proactively plan for what will happen once threats are identified in their network. But how do agencies become resilient? Check out these eight building blocks to resiliency:

  1. Strong Authentication

After the OPM breach, the authentication practices of agencies have come under intense scrutiny. Agencies’ cybersecurity leaders are expected to be able to answer a long list of questions, including who has access to the agency system and what insiders are doing once they’re admitted. Huge steps have been made to answer these questions via last summer’s Cyber Sprint, but in order to build a resilient agency a deeper partnership needs to be forged between agencies and their cyber contractors. This relationship will ensure the latest threats are being addressed in the technology and strategy developed and deployed by industry.

  1. Continuity

Over the last decade, identity management was used primarily for insider security and regarded as a necessary cost. However, modernization in identity management IT has empowered government agencies to securely deliver digital services and more to millions of citizens. ForgeRock’s Identity Platform is the first identity management platform to fully implement User-Managed Access (UMA) standard, which makes it possible for organizations to address growing privacy regulations and establish trusted digital relationships.

  1. Risk Acceptance

Many organizations need to deploy applications on servers in locations deemed hostile or untrusted; yet many find it difficult or impossible to assemble a solution that satisfies their security and operational requirements. For these situations, platforms like SkySecure from Skyport Systems can be deployed to mitigate this risk. Another option is server hardening with a zero-trust architecture that tightly integrates server hardware, security, virtualization, and policy management.

  1. Back-Up and Recovery

Becoming resilient means being able to get back online and working quickly after a breach or infiltration. Perhaps no technology is more critical than back-up and recovery solutions. These tools are able to bridge physical and virtual environments and restore data to any type of device in any location. With Veritas’ Backup Exec 15, users get powerful, flexible, and easy-to-use backup and recovery of data and systems at every level through a user-friendly system that requires little management.

  1. Patching

75% of cyber-attacks target vulnerabilities in commercial software could have been avoided with the right patch. While operating systems are patched regularly through manufacturer updates, agencies face a growing number of vulnerabilities coming from applications not part of the standard operating system. Therefore, patch management is not a “solved” problem. Shavlik’s Patch Management maximizes your organizations investment in software and reduces security risks from unpatched third-party applications.

  1. Integrate the Internet of Things (IoT)

With more and more devices connecting to the network, tight integration with IoT device security is critical to building a resilient agency. Organizations need real-time IoT solutions to provide intelligence, contextual awareness, and effectiveness regarding both operations and end-user experiences. With flowthings.io’s cloud-based platform for IoT, data and security specialists can perform real-time processing with the confidence their information and endpoint devices are secure.

  1. Mission-Ready Clouds

The argument against cloud has long been focused on security concerns, but the cloud actually allows users, through abstraction on the server layer via virtualization, to provide a more secure environment. For example, in the event of a cyber threat, the attack may not be targeting an actual machine, but rather a virtual machine (VM). The VM is self-contained and abstracted from the hardware platforms, adding another layer of security to the cloud environment. With virtualization from VMware, agencies can create efficient, secure, and reliable cloud infrastructures.

  1. Standards

From FISMA to FedRAMP there is a great deal of guidance on how security products should work in a federal system; the trouble is getting organizations ramped up enough to meet these protocols. Qmulos’ FISMA compliance application automates a significant portion of NIST compliance requirements and FedRAMP-certified cloud products offer agencies peace of mind in cloud security.

Building an agency resilient to cyber threats and attacks requires an organization-wide effort and can be enhanced with the right tools. To learn more about how we’re helping agencies with proactive defense, click here.

Related Articles