Skip navigation

Whiteboard

5 Posts authored by: chris.lapoint

If you’ve paid attention to the news at all throughout the past year, you’ve likely been made aware of a new major security breach on an alarmingly frequent basis. (Or if you’re out of touch with current events, perhaps your bank or movie theater alerted you to a major corporate hack.) As we see more and more security breaches, we learn that many of their causes point to hackers, foreign governments or other antagonists. But when we looked at the federal government and explored its primary sources of IT security threats, we discovered an interesting (and potentially concerning) discrepancy between the causes and impact of federal security breaches and the level of attention being paid them.


In a sequel to last year’s federal cybersecurity survey, we again partnered with government research firm Market Connections to survey 200 IT and IT security leaders in the federal government and military on their top cybersecurity threat sources, obstacles to threat prevention, necessary tools for threat prevention, and their concerns, investment and policies regarding cybersecurity. We specifically broke out data to explore these areas for threats caused by malicious external sources, malicious internal sources, and accidental or careless insiders.


First, we found that federal IT Pros identified careless and untrained insiders as their greatest source of cybersecurity threats – over malicious external sources such as hackers and terrorists.

Fed-Sources Security Threats 2015.jpg


However, when we asked about investment and concern regarding threats, malicious external threats got the lion’s share. Perhaps federal IT Pros think malicious external threats are more damaging so they deserve more investment and attention? We asked about that, too. And we found that plenty of respondents think insider threats are as damaging as or even more damaging than external threats.


So what is being done about the most common – and perhaps most damaging – accidental insider threat? Respondents weighed in on where their data is most at risk, their security policies and the necessary tools for threat prevention.

Fed-Tools to Prevent Threats 2015.jpg


By monitoring connections and devices on the network, and by maintaining logs and data of user activity, IT Pros can assess WHERE on the network certain activity took place, WHEN it occurred, WHAT assets were on the network and WHO was logged into those assets.


With the right solutions, federal IT Pros can get the visibility they need into their IT infrastructure’s security posture to prevent threats before they become breaches.

 

Full survey results:

http://www.slideshare.net/SolarWinds/solar-winds-it-security-survey-report-2015-final

 

Without quick – nay, immediate – problem resolution, IT Pros are very often the first to be blamed for slow application performance. In the latest survey from SolarWinds, 176 IT Pros from the federal government disclosed how they manage applications in their environments, and the results indicate that government IT Pros lack the valuable, cross-IT domain visibility required to fix app-related problems fast. And when apps perform slowly for military, intelligence or other government initiatives, national security may in fact be at risk. 

 

We asked respondents which apps they’re using, where certain types of apps are stored, how they identify application problems, how they address app performance issues, and about SLA requirements, among other things.


For example, which apps are hosted where in government IT environments?

Hosting of apps.png

For full survey results, click here

 

 

Government IT Pros weighed in on where they host their applications for: email, video and web conferencing, office use, file sharing, social media, collaboration, analytics, enterprise resource planning, CRM, and proprietary and custom business uses. Most respondents said that unique types of applications are hosted in different locations – both on premise and in various cloud environments including public, community and private clouds at government agencies. Ultimately, IT Pros are responsible for application performance – for anything from Microsoft Exchange to Google Docs to Tweetdeck – regardless of whether the application resides on premise or in the cloud, so they must be able to identify where a problem lies and address it quickly.

 

When asked how they identify causes of their application problems, the majority of government IT Pros depend on their own siloed IT solution to identify root causes of application issues:

  • 54 percent use monitoring tools specific to their primary application or infrastructure area
  • 42 percent use interface data from the individual applications or infrastructure they use
  • Only 5.7 percent use integrated monitoring across application and infrastructure silos

 

Because the majority of government IT Pros use siloed tools or approaches that don’t provide cross-domain visibility or application-centric correlation between layers, it is not surprising that most government IT pros take up to a day just to determine where an application problem is located within their environments, find its cause and resolve the problem. Within seven to 24 hours:

  • 82 percent of respondents can determine where an application problem is located within their environments
  • 85 percent can uncover the root cause of a problem in an application
  • 88 percent can fix the problem

 

We want to know: “How slow is too slow?”

  • While most respondents said they have less than an hour of downtime per month (86%), they are still likely experiencing significant delays and problems because it takes up to a day for IT Pros to fix the issues. So while the application may not be down, it is assuredly slow. 
  • Nearly 80 percent of respondents said their response time SLA metrics for key applications have reduced more than 50 percent in the past two years as organizations call for shorter response times and thus put higher performance requirements in place for IT Pros to attain.

 

It’s clear that performance expectations for government IT Pros are high. Even the shortest delays from unresponsive web pages, online apps that don’t work, and crawling download speeds, etc. can impact customers or prevent employees from working as quickly and efficiently as they expect to, especially given today’s demands for speed and the “always on” mindset. And when applications used in military operations or critical government communications experience problems, government IT Pros must have the solutions and strategies in place to ensure they can find and resolve problems quickly.

 

Visibility into converged infrastructures and comprehensive management of the application stack (AppStack), or the application delivery chain comprised of the application and all the backend IT that supports it – software, middleware and extended infrastructure required for performance – is critical for efficient monitoring and management of government IT infrastructures.

AppStack.jpg

Various products within the SolarWinds IT management portfolio are designed to help answer, “Why is the app running slow?,” enabling IT Pros to go from the application down, or from the hardware infrastructure up, to quickly identify and troubleshoot “fires” in an app environment. This top-to-bottom visibility helps IT organizations to better predict, prioritize and resolve issues before the end user and the business are affected.

Cybersecurity breaches in the government seem to be all over the news. (If you haven’t heard of Edward Snowden… well, he may know who’s heard of you – that’s all we’ll say.) The sheer number and wild variety of sources for these breaches led us at SolarWinds to wonder what federal agencies are really dealing with on a regular basis – are insiders leaking data? Are hackers stealing it? Who’s responsible and what can federal IT operations and IT security teams do to prevent these breaches?

 

We partnered with leading government research provider Market Connections to survey 200 IT and IT security professionals in the federal government and military on the top cybersecurity threats they face as well as what obstacles they have to implementing IT security strategies and what actions they are taking to remediate threats.

 

These survey results demonstrate that a broad and concerning range of cybersecurity threats plague government agencies with threat sources coming from careless and untrained agency insiders nearly as frequently as from malicious attackers and hackers from without.


whiteboard.png

While federal IT Pros face cybersecurity threats both from malicious outsider threats and internal ignorance, they must prevent and mitigate these attacks despite organizational issues and budget constraints. Finding the right software can provide much of the tech armor an agency needs to automate monitoring and thwarting of threats, but acquiring that technology has its own set of obstacles.


whiteboard2.png

Given the variety of cybersecurity threats and the unpredictability of human behavior, coupled with budget and organizational challenges, federal IT Pros must consider taking a more pragmatic and unified approach to addressing the availability, performance, and security of their infrastructures. By the “collecting once, reporting to many” theory, federal IT Pros can opt to use tools that address continuous monitoring of their networks, servers and apps across both their IT Operations and Information Security domains for maximum IT security coverage.


Full survey results:

 

 


Most IT pros face a number of challenges managing and modernizing their IT infrastructures – budgets, bandwidth, and bosses often hinder progress – and IT pros in government often face these challenges at an even more exaggerated level. However, SolarWinds has noticed that many public sector IT pros are addressing these challenges by automating technologies in their IT infrastructure. We set out to learn how the automation is going so far. In our recent survey of 162 IT pros from federal and state/local government, we learned the importance of automating technology and the restrictions and red tape that often get in the way of that progress.

 

Key Findings:

 

Where are federal IT pros in the automation process? Some have yet to automate anything, but most are somewhere in the process of evaluating technologies, implementing them, or have already completed implementation. In fact, more than two-thirds of survey respondents said they are already in the process of implementing a variety of technologies and 63 percent of respondents are planning an automation project during 2014.

 

img1.png

 

Federal IT pros who have automated some or all of their information technologies have already begun to realize real ROI from their automated IT deployments. More than 84 percent of survey respondents said the automation of information technologies in their IT infrastructures was a time- and money-saving investment for their teams, and 67 percent of respondents have seen increases in their teams’ productivity as a result of investments in automation.

 

img2.JPG

The automation tools that provide the most overall benefit in terms of time/money saved are:

• 58.3% Network Configuration Management

• 41.7% Help Desk

• 38.8% IP Address Management (including IPv6)

• 36.6% App/Server Provisioning/Config Management

• 23.7% Storage Management

• 22.3% Virtualization Management

• 20.1% Patch Management and Compliance Reporting

• 18.0% Business Process/Work Automation

• 9.4% Log Management

• 7.9% Mobile Device Management

 

So what’s the holdup for the others? And why aren’t IT shops automating everything? As always, lack of budget and lack of training play a part.

 

jpg3.JPG

 

Even with these roadblocks, though, IT pros in the public sector continue to recognize the importance of streamlining IT. With the breadth of IT management software vendors available, it’s now up to Federal IT pros to identify the most pressing challenges in their IT infrastructures and to find the right automated technologies to simplify those challenges. Luckily, with such strong evidence that automation saves time and money and increases productivity for government organizations, the case to automate is pretty clear.

 

Full Survey

 

Mobile_Device_Management_iPad.jpgThe Blackberry certainly started the “smart mobile device” revolution and there are some that still use them, but most would agree that it was Steve Jobs and Apple that really changed the world. With the advent of the iPhone, iPad, and then fast-following Android OS devices, employees and more importantly their executives enthusiastically brought the “new hotness” in mobility into the workplace regardless of whether their IT organizations were ready or not. We industry folks like to call this Bring Your Own Device (BYOD) for lack of a better term, but I think this implies a formal “hey, come watch the game at my house and BYOB” invitation that most IT organizations don’t remember sending out. A lot of IT folks are now left lying awake at night wondering whether all these new devices comply with their security policies and what happens when the first mobile-to-PC virus hits.

 

BYOD CAUSES MOBILE DEVICE MANAGEMENT (MDM) FERVOR?

I recently attended a MDM webinar and it seems most of the attendees were still trying to figure out what to do. A paltry 18% of those polled claimed to have rolled out an MDM program. So, let’s say you’re in the majority and still in the process of developing a program. Where do you start? Should you begin gathering requirements and evaluating MDM solutions immediately? In the immortal words of Lee Corso, not so fast my friends…

 

 

ROGUE AND UNINVITED DEVICES ON YOUR NETWORK

Here’s the thing. The concept of rogue or uninvited devices on the network isn’t a new concept for IT organizations. Anyone had a hub take out a switch on their network before? Or problems with rogue access points or servers? So, the issue is more fundamental than just mobile devices. This is a general problem that requires beginning with a comprehensive assessment of your network. And as the owner of network ops (and thus the network ports), you have a lot more solutions at your disposal than you might think. 

 

RECOMMENDATIONS

User_Device_Tracking_Switch_Port_Monitoring.jpg

1. Start by assessing what devices are on your network and where they’re connecting. Consider leveraging user device tracking and/or switch port monitoring software to track which devices and users are connecting to which switch ports (both wired and wireless) on your network over time and alert you to switch port capacity issues. Think of it as a switch port mapper on steroids.

 

 

 

Bandwidth_monitoring_traffic_analysis_netflow.jpg

 

2. Understand the performance impacts that rogue or uninvited devices are having on your network. Use your network management system and enable netflow analyzer to understand where you have network utilization issues and who and what is consuming your bandwidth based on the network bandwidth monitoring tool. Mobile devices may be consuming more than you think or it may turn out there are bigger fish to fry with bandwidth hogs running on “approved” devices.



3. In parallel, start gathering requirements from the various departments you support. Determine how they’re using their mobile devices today and how they’d like to use them in the future and reconcile this with your own security policies.

 

Once you understand the impact of BYOD on your network and have determined the right balance between user desire and your own corporate policies, I think the next steps will be much clearer. I'll discuss what comes after assessment more in a subsequent post, but for now...good luck!

Filter Blog

By date: By tag: