By Paul Parker, SolarWinds Federal & National Government Chief Technologist
IT modernization projects help federal agencies deploy more advanced technologies to enhance efficiency and provide a greater depth of capability. These advancements often provide greater opportunity to leverage automation and allow for stronger IT controls to protect critical assets.
That said, technology upgrades can also create security challenges. In the 2017 SolarWinds Federal Cybersecurity Survey, federal respondents cited three increases in IT security challenges as a result of modernization.
- More vulnerabilities in new technology stacks (cited by 53%)
- Burden of supporting new technologies and legacy systems (cited by 51%)
- Lack of training on new technologies (cited by 50%)
All in all, the survey revealed that 66% of respondents—a full two-thirds—think federal agencies’ efforts regarding network modernization has resulted in an increase in government IT security challenges.
Not modernizing is not an option; that’s understood. Security holes can be far greater in older technologies. So, what’s a federal IT pro to do?
Four steps toward getting the best of both worlds in government IT
Step 1: Enhance IT controls
According to the survey, those agencies that deem themselves as having excellent IT controls have seen a decrease in cybersecurity threats across the board. Conversely, those who say their agencies have poor IT controls have seen an increase in security incidents.
In fact, the same survey notes that 51% of agencies that rate themselves with excellent IT controls say IT modernization has enhanced their ability to manage risk.
Step 2: Ensure compliance
Over two-thirds (68%) of survey respondents said that implementing relevant standards is critical to achieving their cybersecurity targets. In fact, 62% agreed that agencies that merge and balance both risk management and federal IT compliance are more likely to avoid IT security issues.
Step 3: Take advantage of new technologies to enhance security
Remember, IT modernization projects often provide greater automation, stronger IT controls, smaller attack surfaces, and built-in security features. Federal IT pros can take advantage of these enhancements to improve the agency’s cybersecurity posture.
Respondents cited the following as “highly effective” in enhancing network and application security:
- Identity and access management tools (56%)
- Endpoint security software (48%)
- Network admission control (NAC) solutions (46%)
- Patch management (45%)
- Configuration management (42%)
Step 4: Training
Historically, one of the greatest sources of security threats to any agency, civilian or military, is careless or untrained users. The threat is not getting any smaller. In the 2017 survey, 54% of respondents cited this group of users as the greatest threat to agency security.
The solution is training, which is particularly important as agencies implement IT modernization projects. The more the federal IT team understands new technologies, the better equipped they are to implement them successfully and take full advantage of the newer built-in security features.
Federal IT pros face many challenges that affect an agency’s cybersecurity posture, from untrained users to budget constraints to a multitude of competing priorities. Ideally, IT modernization should not be one of them. The goal is to implement IT modernization projects that improve risk management protections, rather than increasing security challenges. Developing strong IT controls is the first step in that journey.
Find the full article on Government Technology Insider.
The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.