In 2015, agency IT security and operations converge

 

Connecting state and local government leaders

The new year will see a convergence of IT security and operations, as agencies spread responsibilities across IT departments and security tools become integrated into software lifecycles earlier .

Two powerful trends will shape the government cybersecurity agenda in the coming year, say security experts, but they have more to do with how government security is managed than what technologies will better defend agency systems.

First, cybersecurity will increasingly be integrated from the start into the platforms and software being acquired and developed by agencies.  This means that perimeter defenses – already abandoned to the realm of what is necessary but inadequate – will receive less attention as cybersecurity becomes more integrated into the government infrastructure.

Also, cybersecurity will no longer be considered the exclusive province of the CISO or the CSO, but will become a professional requirement for everyone responsible for IT services to the agency. “As a security vendor, we are ending up in conversations with the IT shop,” rather than just the security shop, said Ken Ammon, chief strategy officer for Xceedium, an identity management company. “Next year will be the year of convergence.”

That outlook is backed up by a study by the National Association of State Chief Information Officers and consulting firm Deloitte that found as CISO responsibilities evolve to include risk and compliance, many CISOs are also become accountable to a range of other areas. “CIOs and state leaders need to consider creative ways of allocating and managing these expanding responsibilities,” said NACIO. 

The upshot: The new year will see an increased blending of security and operations in IT.

This integration of security could help take some of the sting out of the expected downtick in cybersecurity spending in the coming year, down from $1.44 billion in fiscal 2014 to $1.41 billion requested in the president’s FY 2015 budget request. And as CSOs move from merely overseeing regulatory compliance to getting a seat at the table for IT system design, it will become more difficult to break out dollars that are going specifically to cybersecurity.

The budget recognizes that “cyber threats are constantly evolving and require a coordinated, comprehensive and resilient plan for protection and response,” and includes $680 million for basic research, including cybersecurity, at the National Institute of Standards and Technology.

There also is $549 million to support the Homeland Security Department’s EINSTEIN intrusion detection and prevention system and $35 million to co-locate civilian cybersecurity agencies at a Federal Cyber Campus.

The threats facing agencies are becoming more complex and serious, continuing a multiyear trend toward stealthy, long-term attacks that are discovered only long after the damage has been done. The average time to discover a breach now is about 250 days, and most are discovered by a third party rather than by the victim, said Rob Roy, federal CTO for HP Enterprise Security Products.

As these breaches are discovered, it is becoming clear that the human factor in security requires more attention spearphishing and other forms of social engineering, which now are common vectors for malware. This problem is highlighted by the most recent Federal Employee Viewpoint Survey, which shows growing disengagement and dissatisfaction among government employees. The global satisfaction index was flat at a disappointing 59 percent for 2013, and IT specialists scored lowest on employee engagement and satisfaction.

“It shouldn’t be a surprise when you see survey results like this,” Paul Christman, public sector vice president at Dell Software, said of the growing role of humans in IT breaches. Cybersecurity requires a holistic approach that includes cost-effective training both for IT specialists and for end users.

Cloud security

The government’s security travails will have some impact on demand for new tools and agency IT acquisition decisions.

While the adoption of cloud computing will continue to expand in 2015, the benefits of the hybrid cloud model – a combination of secure private cloud for sensitive data and critical functions and a more flexible and economical public cloud for public facing information – could be more attractive as administrators balance flexibility with security.

According to a pair of recent vendor reports on cloud computing, improved security is a primary reason for moving to the cloud, with nearly two thirds of government respondents in a survey commissioned by General Dynamics Information Technology citing secure infrastructure as a top benefit. At a same time, a survey commissioned by SafeNet found that IT security professionals feel they are losing control of data in the cloud.

These apparently conflicting results show that securing the cloud is possible and practical, but that greater emphasis is needed on governance and establishing policies for using and managing cloud computing. “There is no doubt” that use of everything the cloud has to offer will continue to expand, said SafeNet CSO Tsion Gonen. “That is not surprising.”

To enable this continued expansion, cloud providers will develop better solutions for separated cloud functions, allowing better segregation of management of infrastructure and control of data. This will include a separate layer of cryptography managed exclusively by the cloud user to give more complete custody of data. “All cloud providers have or will offer this,” Gonen said.

One tool for providing the necessary level of security for data and other resources is the hybrid cloud, a combination of a secure private cloud for sensitive data and critical functions, and a more flexible and economical public cloud for public facing information.

“You hear a lot about hybrid cloud,” said Damian Whitham, senior director of cloud computing solutions and General Dynamics IT. But so far there has been little practical implementation of it. Government has focused primarily on the private cloud, with some public cloud use, with only 27 percent of agencies using a hybrid model. “They are trying to crack the code of implementing it,” Whitham said.

With much of the low-hanging fruit of cloud computing now gathered, agencies will be paying more attention to how to match business objectives with cloud offerings to achieve their goals of reducing IT costs, becoming more flexible and efficient, reducing their carbon footprints and ensuring the security and privacy of data.

“We need to get more stakeholders involved,” Whitham said. “Including the operational side, not just IT.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.