Operational complexity is the enemy of a strong cyber security posture. Unfortunately, many government agencies built their cyber environments reactively, buying new tools to deal with every emerging threat, without regard to how well they integrate with each other. The lack of standardization and interoperability has resulted in a tremendous amount of complexity.
Reducing complexity has become one of the major aims of government agencies, but how exactly should they proceed? Here are some suggestions to help drive agencies toward a more effective approach to cyber security:
Demand Standardization from Vendors
Standardization is the norm across almost every segment of IT, from networking to storage to ERP or operating systems. Those segments assume levels of interoperability that don’t exist in cyber security. Instead, agencies are deploying layers of security tools — network, endpoint, data protection, user identity management, cloud and so on — that don’t share common protocols or speak common languages. Each tool may be the best at solving individual security problems, but ultimately, they add layers of complexity to an agency’s cyber security operations, increasing costs and adding to the risk those tools are meant to mitigate. It’s time for agency leaders to step up and demand interoperability and standardization from their providers. Likewise, it’s time for cyber security vendors to drive approaches to integrated architectures.
Explore Ways to Increase Utilization
As new cyber threats emerge, it is likely that agencies already have access to the capabilities they need to protect their assets. Because they don’t realize all the capabilities of the tools they already use, they buy additional technology, creating a redundancy that adds unnecessary cost and complexity. In the drive to reduce complexity, agencies should strive to understand the full capability of their current environment, then make strategic decisions on how to reduce redundancy with a focus on an integrated cyber defense approach.
Be Clear-Eyed When Moving to the Cloud
Cloud platforms can help reduce costs and complexity, but moving to the cloud is not an overnight solution. The shift from on-premise infrastructure takes time and, frankly, it means absorbing additional costs in the short-term. Because agencies need to stand up a separate security system in the cloud before dismantling on-premise systems, there is a period of deliberate redundancy until the move is complete.
At the same time, agencies have to re-envision how their security tools work together. If an agency simply moves its current tools to the cloud, the same tools that don’t integrate with each other on-premise, then they won’t integrate with each other in the cloud either, making the layers of complexity are even greater.
Identify High-Value Assets
Agency leaders have come to realize that some focused attacks are going to breach their network environments. Instead of throwing every dollar and resource at building a hard perimeter, CISOs and other leaders are focusing more on business analysis, on understanding how to quantify the risk associated with a particular asset and how to invest resources in order to minimize the risk around their core assets.
They’re taking a risk-management approach to security, one that prioritizes protecting the agency’s highest-value assets. Knowing that breaches will happen in some form, they’re formulating plans for making their high-value assets a priority.
Secure the Data, Follow the User
Data no longer sits behind steel doors with biometric authentication. It sits on an endpoint, within the agency firewall and in the cloud, which requires agencies to evolve the ways they implement security around that data. It means developing security strategies that protects that data wherever it resides.
One outcome is that security policies have to follow users, no matter how they access the data, whether on a government or non-government issued device. Identity management has become critically important to make sure that user is who they say they are.
Robust behavioral analytics support that effort. For instance, if a user typically accesses data in a Microsoft Office 365 environment and suddenly, they’re accessing a different segment of the environment or pulling large amounts of data on a non-government owned device in a remote location, an integrated system can flag, report and block that behavior.
These tactics are a few ways that government agencies can limit the complexity of their security environments while providing enhanced security for their most critical information and assets.
Chris Townsend was recently interviewed by Federal News Radio as part of Carahsoft’s “Innovation in Government” series. Listen to the audio and learn more about reducing complexity and integrated cyber defenses. For more information about tools that can help manage cyber security operations, visit www.symantec.com/solutions/federal-gov.