Tag Archives: McAfee

Best of What’s New in Cloud Computing

Posted on by
Reply

This may be a make-or-break moment for jurisdictions newly converted to the cloud. As state and local governments scrambled to respond to new COVID-driven requirements, cloud-based contact center platforms, chatbots and web portals helped multiple states and localities quickly scale capacity for unemployment insurance and social services programs. In addition, cloud-hosted video collaboration platforms helped agencies shift employees to remote work on the fly and virtualize public meetings. IT leaders must now evaluate and rationalize the multiple cloud solutions they adopted so quickly. Now is also the time to look at cost optimization for cloud solutions. The COVID response has showcased real-world benefits of the cloud — and that experience is likely to accelerate a trend that was already underway as governments focus more attention on modernizing old systems and applications in the wake of the pandemic. Read the latest insights from industry thought leaders in cloud in Carahsoft’s Innovation in Government® report.

 

Cloud Migration as a Path to Modernization

“While there may be an increase in initial costs associated with modernizing legacy technology, the economics strongly indicate that maintaining dated infrastructure is more expensive in the long term. The biggest hurdle organizations face when migrating to the cloud is unpredictable costs. The cloud offers tools and resources to optimize investments and plan for the costs associated with migration. In addition, properly planning your move to the cloud helps agencies accurately budget for such a transition. When they do this correctly with the guidance of a strong partner, state and local governments see significant cost savings.”

Read more insights from the Partner Development Manager for Carahsoft’s AWS Team, Sehar Wahla, and the Sales Director for Carahsoft’s AWS Team, Tina Chiao.

 

How Does Evolving Cloud Adoption Impact Security?

“One approach is to standardize processes — think NIST or MITRE — so you have a common framework and language for measuring things like risk and attacks. That helps normalize the differences between cloud and traditional security so security teams can better understand what a risk actually means in a cloud environment. On the technology side, traditional threat profiling needs to move beyond the viruses and ransomware conversation and move toward user and entity behavior management, which looks at how users normally access and use an application. Organizations also need to articulate how separate applications securely exchange data for things like enterprise analytics. This is a nascent use case, but it has implications for critical systems where data integrity is important.”

Read more insights from McAfee’s Chief Technology Strategist, Sumit Sehgal.

 

IIG GovTech Dec. Embedded Image

“The biggest challenges include security, cost, having the technical expertise to successfully migrate into these hybrid environments and understanding which applications are best suited to run there. Organizations often spend a lot of time and money and introduce security vulnerabilities because they try to move applications that are not designed to run in a cloud environment. With the pandemic, organizations are under pressure to rapidly move their workforce into cloud environments. There can be a tendency to cut corners to save time, but these sacrifices can also create vulnerabilities.”

Read more insights from SAP NS2’s EVP of Software Development, Bryce Petty.

 

Paving the Way with Open Source

“There’s a realization that the cloud isn’t a silver bullet and that to be successful, organizations need to look at cloud adoption holistically. They need to take best practices into account when it comes to securing the environment, training and enabling staff, and even engaging in the procurement process. Open source supports a cloud smart strategy by helping eliminate vendor lock-in risk and technical debt. By using open source technology and an open source cultural process — where there’s transparency, collaboration and the ability to iterate quickly — organizations can solve their business problems and adapt their requirements based on emerging best practices. They’re not beholden to proprietary systems that may create friction for innovation and are potentially costly to replace, upgrade or move to the cloud.”

Read more insights from Red Hat’s Emerging Technology Lead, Frank DiMuzio.

 

Download the full Innovation in Government® report for more insights from these government cloud thought leaders and additional industry research from GovTech.

Best of What’s New in Cybersecurity

Posted on by
Reply

For security professionals, the COVID-19 pandemic represents something of a perfect storm. The risk landscape exploded in a matter of days as state and local agencies rapidly sent thousands of employees home to work remotely. At the same time, security personnel and resources were stretched exceedingly thin, with many security teams redeployed from operational tasks to urgent new projects. Now is the time to reevaluate security tools, processes and strategies in light of these massive COVID-driven changes. Immediate steps include understanding and addressing situations where users may be storing sensitive data on insecure home computing devices, as well as dialing back remote access privileges to reduce the risk of inappropriate access or stolen user credentials. Over the longer-term, agencies must develop better monitoring capabilities that help them spot threat activity and potentially risky user behaviors. Read the latest insights from industry thought leaders in Cybersecurity in Carahsoft’s Innovation in Government® report.

Time to Reevaluate Security PracticesGovTech Oct Cybersecurity Blog Image

“The bottom line is that even the best tool or approach will not fix a bad process. All the zero-trust technology in the world won’t work if your identity and asset management processes give the system bad data. To fully utilize these approaches, agencies must look honestly at their processes and what they’re doing regarding hygiene, security practices and things like that. Organizations also need to determine what they want from these tools, whether the tools align with their best practices and overall security approach, and how these tools impact the way they perform existing processes.”

Read more insights from McAfee’s Chief Technology Strategist, U.S., Sumit Sehgal.

 

Building Resilience through Digital Risk Management

“Planning ahead for how you’ll address problems and putting contingency plans down on paper is an important risk management process. Organizations need good security workflows and a way to aggregate information about their networks, valuable resources and who is doing what in the organization. Then they need plans for triaging the most devastating risks first. It’s impossible to think of every threat, but organizations can start by considering what types of incidents could interfere with critical capabilities and prevent them from completing their mission. With that information, organizations can put together contingency plans, even when they’re not quite sure what potential threat might bring about that particular loss of functionality.”

Read more insights from RSA’s Federal Group Field CTO, Steve Schmalz.

 

Confronting a New Threat Ecosystem

“Understanding your organization and where it fits into the threat ecosystem is probably among the most effective ways to grapple with this issue. In a purely introspective sense, it’s important to understand your corporate network — you need to know which information assets, individuals and applications are likely to be targeted by attackers and then place a higher priority on security alerts and advisories that impact them. Organizations also can narrow the focus of their detection and threat-hunting efforts by understanding the specific attackers that are known to be interested in their industry and geography, and use this knowledge as a preliminary guide.”

Read more insights from FireEye’s Manager of Mandiant Threat Intelligence, Jeremy Kennelly.

 

Remote Work Is Here to Stay

“The secure access service edge (SASE) model lets organizations apply security no matter where their users, applications or services are located. It dictates that enterprise users need access to a variety of business resources and information. To maintain business operability and meet their missions, enterprises must figure out how to do that securely. Secure remote access — which includes secure connectivity, identity access management, access control, continuous validation of secure connectivity throughout an interaction and more — will be the mark of a functioning cybersecurity apparatus moving forward. The other component is being able to scale cybersecurity talent and resources to accommodate growth.”

Read more insights from Palo Alto Networks’ VP and Field CSO, MK Palmore.

 

Addressing Evolving Application Threats

“No matter who comes through the door, you have to verify everything about them and that verification must follow them through the system. Organizations can’t just check a user’s ID, give them a password and be done with it. It’s a continuous process of authentication. When a user attempts to move from one part of a system to another — for example, if a person applies for unemployment insurance, but they logged in through a parking application — the organization may want to require additional authentication or scrutinize the user more deeply. Access is not all or nothing. There’s a granular dial that you’re turning up and down based on what a user is doing within the system.”

Read more insights from F5 Labs’ Director, Raymond Pompon.

 

Taking Threat Detection and Response to the Next Level

“A lot of the change comes from having to support a large remote workforce. Regular system maintenance tasks like vulnerability scanning and software patching have changed dramatically. In the past, patching technologies assumed that systems were physically on the same network or would ultimately be connected via a virtual private network. As users’ machines move off the network, they get scanned less often, if at all. Remote work and increasing reliance on SaaS have really highlighted the need for zero-trust networks, where services require not only a trusted user but also protection of the data viewed and saved from these services.”

Read more insights from SecureWorks’ Chief Threat Intelligence Officer, Barry Hensley.

 

 

Download the full Innovation in Government® report for more insights from these government cybersecurity thought leaders and additional industry research from GovTech.

Building a More Secure Cloud

Posted on by
Reply

Government officials nationwide had to accelerate modernization initiatives to ensure that teleworking employees could access networks and data from remote locations. For many agencies, that meant a higher reliance on cloud technology and a possible expansion of their cybersecurity vulnerabilities in an environment already attractive to hackers. In response to the security challenges raised by the cloud, the federal government has provided myriad foundational documents, guidelines and strategies to help agencies create a strong security posture, including the Cloud Smart strategy and Federal Risk and Authorization Management Program (FedRAMP). Cloud technology has a crucial role to play in agencies’ ability to modernize IT systems and take advantage of the latest technological innovations. Given this importance, cloud adoption must keep pace with security efforts. Read the latest insights from industry thought leaders in government cloud security and FedRAMP in Carahsoft’s Innovation in Government® report.

IIG FCW July 2020 Blog ImageCloud and the Customer Experience  

“The emphasis on user-centered design is changing the way applications are created. In the past, many government applications were built from the perspective of the agency rather than from the perspective of the end user. The flexible, innovative nature of cloud technology makes it easier for agencies to improve the efficacy of their applications and what they ultimately deliver. In addition, cloud technologies can help agencies start getting a 360-degree view of how they interact with citizens, business partners and other agencies and even begin personalizing those experiences. In addition, software that manages, authenticates and verifies people’s credentials can ensure privacy while streamlining the customer experience. IDEA codifies the use of secure credentials across platforms and therefore will accelerate the use of trusted credentials in multiple environments so that people will be even more willing to conduct online transactions with the government.”

Read more insights from Acquia’s Vice President of Federal Sector, Peter Durand.

Why MultiCloud and Zero Trust Are Now Essential   

“The coronavirus pandemic has underscored the government’s need to offer a secure cloud environment that allows employees to access their data and applications anywhere, anytime and at virtually infinite scale. Many agencies found themselves unprepared to support the sudden move to telework in response to the pandemic. Some didn’t have enough VPNs or smart-card readers for their employees’ remote devices, for example. Google Cloud customers that were already using G Suite or Cloud Identity were able to make the transition to telework smoothly without the need for VPNs or other special technology. That was due in part to G Suite’s reliance on a zero trust architecture, which shifts access control from the network’s perimeter to individual users and devices.”

Read more insights from Google Cloud’s Director of Federal, Shannon Sullivan.

The Route to Secure, Fast Cloud Adoption

“SASE and CNAP pull together a number of different technologies and categories. But those are point-in-time definitions. Technologies evolve and their functions change over time, so rather than think about what category of product they need, agencies should focus on what they’re trying to accomplish and the business outcomes they want to achieve. Agencies should look for a platform that was built natively in the cloud. It should apply persistent protection to sensitive information no matter where it goes; offer complete visibility into data, context and user behavior across the entire environment; and take real-time action to correct policy violations and stop security threats.”

Read more insights from McAfee’s Senior Vice President of the Cloud Security Business Unit, Rajiv Gupta.

Cloud Security Considerations for DOD Mission Partners   

“Moving to the cloud requires a considerable level of effort and expense. Ensuring the security of applications or services running in a cloud adds another layer of complexity. When choosing a cloud service provider, organizations need to understand what security controls they will effectively inherit from that provider and what controls they will have to build and deploy on their own. For government agencies, FedRAMP provides a host of security levels and a robust number of security controls in a well-documented package, but Defense Department agencies also need to understand if they have any additional impact-level requirements for their applications and mission-critical data. As mission partners move to the cloud, they need to make sure that approved cloud providers can meet those baseline security and impact-level requirements.”

Read more insights from GDIT’s milCloud® 2.0 Cloud Services Portfolio Lead, Jeffrey Phelan.

The Evolution of Trusted Connections    

“Under TIC 3.0, agencies can still use network proxies, cloud access security brokers, and security information and event management (SIEM) tools to build a strong security framework, but they don’t have to run everything through a TIC. And users don’t have to struggle with increased latency and network complexity. Instead, the end-user experience is streamlined because cloud-native tools are handling processes and workloads. Agencies end up with a clean omnichannel experience for employees because their location no longer matters. Whether they are working on an iPad at home or a desktop computer at a government office, the security level and user experience are the same.”

Read more insights from Okta’s Solution Engineer, Habib Hourani.

Cloud: One Size Does Not Fit All

“Cloud is not a one-size-fits-all solution. Instead, finding the right fit depends on knowing agencies’ customers, the type of information they’re processing and their user base. Then it’s a question of aligning what the customer needs with the cloud offerings that are available. FedRAMP has been very successful at making that fit easier. The program brings transparency and consistency to the government’s use of cloud technology. Agencies know that an authorized company’s product or service has been rigorously reviewed under FedRAMP and that the government’s continuous monitoring program will provide information about how vulnerabilities are mitigated during the term of service.

Read more insights from SAP National Security Services’ Vice President and CISO, Ted Wagner.

How Cloud Makes Telework Smarter

“Smartsheet Gov enables employees to complete tasks more easily, efficiently and securely by working with systems on an automated or integrated basis. In addition, employees can access Smartsheet from wherever they are. They can share information and the results of their work via dashboards that multiple employees can view at one time and continue that seamless collaboration with their colleagues even when everyone is working from home. Smartsheet datasets are housed in a secure, FedRAMP-authorized cloud environment, which assures agencies that they can adhere to the same security protocols from outside the office. For example, if an agency needs to conduct a yearly audit that would normally take place with all the participants at a physical location, they can do the work remotely using Smartsheet Gov to run the same playbook, the same audit and the same workflow regardless of where those employees reside. Such borderless teams can reduce costs while increasing employee satisfaction and productivity.”

Read more insights from Smartsheet’s Vice President of Security, Risk and Compliance, Ignacio Martinez.

Visibility is Essential for Cloud Security

“The nature of an agency’s mission, data protection needs and other requirements suggest that multi-cloud and hybrid environments will be the norm. As we migrate to these new locales, there is an exponential deluge of data scattered across multiple systems and endpoints. It is critical that agencies have granular visibility into all the devices, workloads and applications running across these environments so that they can gain operational and security insights. The fidelity of data is another crucial factor because without it any technology has its limits and decisions may not ensure successful outcomes. To allay any fears about security, FedRAMP, a standardized framework for security assessments, was introduced. It has grown to be the gold standard for cloud security today.

Read more insights from Splunk’s Director of Industry Marketing for Public Sector and Education, Ashok Sankar.

How the Cloud is Redefining Security

“The Trusted Internet Connections Initiative was created in 2007 after the Office of Management and Budget conducted a study that found thousands of unprotected internet connections at agencies. Back then, we were using the internet mainly for email and web browsing, so when the government mandated that all internet traffic must go through a trusted connection, it made sense. But over the years, agencies have moved workloads to the cloud, and now employees’ activities rarely travel through an agency’s data center. As a result, TIC became a barrier to cloud adoption. The TIC 3.0 draft guidance, however, is a crucial step toward removing those obstacles.”

Read more insights from Zscaler’s Vice President of Global Government, Stephen Kovac.

 

Download the full Innovation in Government® report for more insights from these government cloud security thought leaders and additional industry research from FCW.

Your Guide to Mission-Driven Cybersecurity

Posted on by
Reply

Over the years, the federal government has created a series of mandates to promote better cybersecurity practices and solutions. Today, three such mandates guide most agency efforts: the Federal Risk and Authorization Management Program (FedRAMP) for cloud security; the Continuous Diagnostics and Mitigation (CDM) program for network visibility and data security; and the Trusted Internet Connections (TIC) program for internet-based security. These mandates are increasingly seen as interlocking pieces of a larger puzzle. That puzzle is this: How can agencies create a more agile IT environment without compromising the security of their networks, systems and data? Learn more insights on how these mandates support flexible cybersecurity strategies in “Your Guide to Mission-Driven Cybersecutity”, a guide created by GovLoop and Carahsoft featuring insights from the following technology thought leaders. Continue reading