Tag Archives: Secureworks

Best of What’s New in Cybersecurity

Posted on by
Reply

For security professionals, the COVID-19 pandemic represents something of a perfect storm. The risk landscape exploded in a matter of days as state and local agencies rapidly sent thousands of employees home to work remotely. At the same time, security personnel and resources were stretched exceedingly thin, with many security teams redeployed from operational tasks to urgent new projects. Now is the time to reevaluate security tools, processes and strategies in light of these massive COVID-driven changes. Immediate steps include understanding and addressing situations where users may be storing sensitive data on insecure home computing devices, as well as dialing back remote access privileges to reduce the risk of inappropriate access or stolen user credentials. Over the longer-term, agencies must develop better monitoring capabilities that help them spot threat activity and potentially risky user behaviors. Read the latest insights from industry thought leaders in Cybersecurity in Carahsoft’s Innovation in Government® report.

Time to Reevaluate Security PracticesGovTech Oct Cybersecurity Blog Image

“The bottom line is that even the best tool or approach will not fix a bad process. All the zero-trust technology in the world won’t work if your identity and asset management processes give the system bad data. To fully utilize these approaches, agencies must look honestly at their processes and what they’re doing regarding hygiene, security practices and things like that. Organizations also need to determine what they want from these tools, whether the tools align with their best practices and overall security approach, and how these tools impact the way they perform existing processes.”

Read more insights from McAfee’s Chief Technology Strategist, U.S., Sumit Sehgal.

 

Building Resilience through Digital Risk Management

“Planning ahead for how you’ll address problems and putting contingency plans down on paper is an important risk management process. Organizations need good security workflows and a way to aggregate information about their networks, valuable resources and who is doing what in the organization. Then they need plans for triaging the most devastating risks first. It’s impossible to think of every threat, but organizations can start by considering what types of incidents could interfere with critical capabilities and prevent them from completing their mission. With that information, organizations can put together contingency plans, even when they’re not quite sure what potential threat might bring about that particular loss of functionality.”

Read more insights from RSA’s Federal Group Field CTO, Steve Schmalz.

 

Confronting a New Threat Ecosystem

“Understanding your organization and where it fits into the threat ecosystem is probably among the most effective ways to grapple with this issue. In a purely introspective sense, it’s important to understand your corporate network — you need to know which information assets, individuals and applications are likely to be targeted by attackers and then place a higher priority on security alerts and advisories that impact them. Organizations also can narrow the focus of their detection and threat-hunting efforts by understanding the specific attackers that are known to be interested in their industry and geography, and use this knowledge as a preliminary guide.”

Read more insights from FireEye’s Manager of Mandiant Threat Intelligence, Jeremy Kennelly.

 

Remote Work Is Here to Stay

“The secure access service edge (SASE) model lets organizations apply security no matter where their users, applications or services are located. It dictates that enterprise users need access to a variety of business resources and information. To maintain business operability and meet their missions, enterprises must figure out how to do that securely. Secure remote access — which includes secure connectivity, identity access management, access control, continuous validation of secure connectivity throughout an interaction and more — will be the mark of a functioning cybersecurity apparatus moving forward. The other component is being able to scale cybersecurity talent and resources to accommodate growth.”

Read more insights from Palo Alto Networks’ VP and Field CSO, MK Palmore.

 

Addressing Evolving Application Threats

“No matter who comes through the door, you have to verify everything about them and that verification must follow them through the system. Organizations can’t just check a user’s ID, give them a password and be done with it. It’s a continuous process of authentication. When a user attempts to move from one part of a system to another — for example, if a person applies for unemployment insurance, but they logged in through a parking application — the organization may want to require additional authentication or scrutinize the user more deeply. Access is not all or nothing. There’s a granular dial that you’re turning up and down based on what a user is doing within the system.”

Read more insights from F5 Labs’ Director, Raymond Pompon.

 

Taking Threat Detection and Response to the Next Level

“A lot of the change comes from having to support a large remote workforce. Regular system maintenance tasks like vulnerability scanning and software patching have changed dramatically. In the past, patching technologies assumed that systems were physically on the same network or would ultimately be connected via a virtual private network. As users’ machines move off the network, they get scanned less often, if at all. Remote work and increasing reliance on SaaS have really highlighted the need for zero-trust networks, where services require not only a trusted user but also protection of the data viewed and saved from these services.”

Read more insights from SecureWorks’ Chief Threat Intelligence Officer, Barry Hensley.

 

 

Download the full Innovation in Government® report for more insights from these government cybersecurity thought leaders and additional industry research from GovTech.

Innovation in Government: Agency Best Practices: On the Road to IT Modernization

Posted on by
Reply

A majority of government officials believe COVID-19 has accelerated their agencies’ digital transformation. Modernization affects every aspect of an agency’s IT operations and involves transforming data centers, eliminating operational silos and creating robust multi-cloud environments that improve the agility, speed and scalability of IT resources. By transforming their IT operations, agencies can boost the public’s satisfaction with government and increase employee engagement while making more effective use of taxpayer dollars. Even before the coronavirus pandemic, the government’s shifting priorities reflected this growing understanding, as in the Modernizing Government Technology Act, which was passed to help federal agencies get the money they need for ambitious modernization projects. Read the latest insights from industry thought leaders in IT modernization in Carahsoft’s Innovation in Government® report.

FCW Sept Modernization Blog ImageThe Future of Digital Transformation

“It’s essential to provide all employees with the technology tools to achieve their missions, backed with the right infrastructure. This means offering access to the resources best suited to individual user needs, making technology easy to use and maintaining security from end to end. Taking inventory of an agency’s current technology footprint and what users need to be effective is an important first step. When introducing new technology, making it easy to use enhances productivity. This includes providing necessary digital resources like virtual desktops and applications and, when possible, pre-installing apps and settings. Finally, security needs to protect the full stack — including infrastructure, virtual desktops and applications — in a way that’s resilient and automated. End-to-end security extends to decisions about the appropriate cloud environment for each workload.”

Read more insights from Dell Technologies’ Vice President of Federal Sales, Steve Septoff.

 

Why the Time to Modernize is Now

“A Government Accountability Office study in 2019 showed that 80% of federal agency IT budgets are spent maintaining legacy applications and systems, and that percentage has been steadily increasing. As a result, only a relatively small amount of money is available for modernization efforts. Agencies need to shift their focus because IT modernization is essential to improving mission outcomes, particularly in terms of customer and employee engagement. By modernizing and bringing data closer to frontline workers, agencies can improve interactions and outcomes. For example, studies have shown that 80% of a call center employee’s time is spent answering the same set of questions. With the help of artificial intelligence and machine learning technology, we can create chatbots and other tools that bring information right to a customer much more quickly. That approach revitalizes the agency’s relationships with customers, and it boosts satisfaction among employees because they’re not stuck doing rote tasks and can instead focus on activities that require innovation and creativity.”

Read more insights from Boomi’s Vice President of Federal, Alan Lawrence.

 

New Opportunities to Modernize Security

“During the coronavirus pandemic, technology has allowed us to stay connected while being socially distant and to participate in the economy without going to restaurants or retailers. It has also highlighted the need for agencies to deliver critical services even when government offices are closed to the public. Furthermore, technology has an essential role to play in helping leaders make decisions about how to manage a pandemic. With a modern IT infrastructure, the government can boost its ability to correlate data and gain critical insights into understanding who is at higher risk of contracting the disease, the most likely means of pathogen transmission, the best containment and mitigation practices, and the most effective way to do contact tracing, for example. A modern IT infrastructure is an essential tool in enabling the government to respond to current and future challenges.”

Read more insights from Secureworks’ CTO, Jon Ramsey.

 

The Right Approach to Secure Cloud Migration

“Cloud technology is essential to IT modernization because it enables agencies to rapidly adapt to fluctuating environments. User expectations, compliance requirements and workloads can change very quickly these days. By utilizing expert cloud managed services, agencies can accelerate their pace to stay a step ahead. In fact, a recent study from Forrester, “How Expert Managed Services Accelerate Benefits of Multicloud,” shows that the top benefits for using managed services for multicloud strategies include more time for IT staff to work on high-priority initiatives and overall faster time to value. Agencies need their applications and data to be secure as they strive to modernize their IT environments. Successful cloud deployments hinge on creating partnerships with cloud providers that are based on the tenets of trust: Security, compliance, privacy and transparency.”

Read more insights from Virtustream’s Chief Trust and Security Officer, Pritesh Parekh.

 

Building a Future-Ready IT Infrastructure

“Agencies are making progress in several key modernization areas, most recently in workforce mobility. Teleworking accelerated tremendously due to the pandemic. For example, the Department of Veterans Affairs increased the number of mobile devices for clinicians from about 80,000 to 220,000 in March, when the pandemic began to have an impact. Also in March, a combatant command with strict security requirements was able to shift thousands of onsite workers to remote work almost overnight. In addition to mobile devices, agency users need modern apps that are designed to run on any cloud. Many agencies are creating software factories so they can build their own applications based on containers and microservices. That approach gives agencies a tremendous amount of flexibility to add features and change their applications almost in real time — rather than the weeks, months or even years it takes to update agencies’ traditional, monolithic applications.”

Read more insights from VMware’s Senior Director of the DOD Sales Team, Michael Houlihan.

 

Succeeding with Software in the Modern Digital World

“It can be difficult to differentiate between true Agile software delivery and what the Defense Innovation Board (DIB) refers to as “Agile BS.” VMware Pivotal Labs uses the following four questions to measure their efforts in alignment with DIB recommendations. 1. A re you in production? Is your software accredited and available in your operational environment today? 2. Do you have user adoption? Are actual users getting operational value from your software today? 3. Who cares? Is your software capability moving the needle for the mission or business? 4. What is your cycle time? How frequently are you delivering functioning, accredited software into users’ hands?”

Read more insights from VMware‘s Directors of Strategic Programs, Mikey McCormack and Aaron Swain.

 

Download the full Innovation in Government® report for more insights from these IT modernization thought leaders and additional industry research from FCW.