cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

4 Steps to Managing Risk While Driving IT Modernization

Level 11

By Paul Parker, SolarWinds Federal & National Government Chief Technologist

IT modernization projects help federal agencies deploy more advanced technologies to enhance efficiency and provide a greater depth of capability. These advancements often provide greater opportunity to leverage automation and allow for stronger IT controls to protect critical assets.

That said, technology upgrades can also create security challenges. In the 2017 SolarWinds Federal Cybersecurity Survey, federal respondents cited three increases in IT security challenges as a result of modernization.

  • More vulnerabilities in new technology stacks (cited by 53%)
  • Burden of supporting new technologies and legacy systems (cited by 51%)
  • Lack of training on new technologies (cited by 50%)

All in all, the survey revealed that 66% of respondents—a full two-thirds—think federal agencies’ efforts regarding network modernization has resulted in an increase in government IT security challenges.

Not modernizing is not an option; that’s understood. Security holes can be far greater in older technologies. So, what’s a federal IT pro to do?

Four steps toward getting the best of both worlds in government IT

Step 1: Enhance IT controls

According to the survey, those agencies that deem themselves as having excellent IT controls have seen a decrease in cybersecurity threats across the board. Conversely, those who say their agencies have poor IT controls have seen an increase in security incidents.

In fact, the same survey notes that 51% of agencies that rate themselves with excellent IT controls say IT modernization has enhanced their ability to manage risk.

Step 2: Ensure compliance

Over two-thirds (68%) of survey respondents said that implementing relevant standards is critical to achieving their cybersecurity targets. In fact, 62% agreed that agencies that merge and balance both risk management and federal IT compliance are more likely to avoid IT security issues.

Step 3: Take advantage of new technologies to enhance security

Remember, IT modernization projects often provide greater automation, stronger IT controls, smaller attack surfaces, and built-in security features. Federal IT pros can take advantage of these enhancements to improve the agency’s cybersecurity posture.

Respondents cited the following as “highly effective” in enhancing network and application security:

  • Identity and access management tools (56%)
  • Endpoint security software (48%)
  • Network admission control (NAC) solutions (46%)
  • Patch management (45%)
  • Configuration management (42%)

Step 4: Training

Historically, one of the greatest sources of security threats to any agency, civilian or military, is careless or untrained users. The threat is not getting any smaller. In the 2017 survey, 54% of respondents cited this group of users as the greatest threat to agency security.

The solution is training, which is particularly important as agencies implement IT modernization projects. The more the federal IT team understands new technologies, the better equipped they are to implement them successfully and take full advantage of the newer built-in security features.

Conclusion

Federal IT pros face many challenges that affect an agency’s cybersecurity posture, from untrained users to budget constraints to a multitude of competing priorities. Ideally, IT modernization should not be one of them. The goal is to implement IT modernization projects that improve risk management protections, rather than increasing security challenges. Developing strong IT controls is the first step in that journey.

Find the full article on Government Technology Insider.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

8 Comments
Level 14

Great article, even for the private sector.  Thanks!

Level 14

Yes.  Traing.  The old dilemma, train people and risk losing them, or don't train people and risk keeping them.

Training.  Say it over and over.  At budget meetings.  On the golf course with the CIO.  At lunch where everyone can overhear you.

Training.

pastedImage_0.png

Level 14

Training... the first ask in any project.... the first cut in any budget discussion...

Level 20

Under new rules in RMF... training is a requirement not an option.  If you don't have people trained on the technology and in many cases certified in them then you can't pass the audit.

Level 13

Thanks Good Article.

Level 14

Seen the same problem in public and private sector.  No money available for anything.  When we manage to squeeze a few pounds out of management it is usually for hardware upgrades to keep the already creaking systems running.  If we are lucky we get to upgrade some software.  Last on the list is always training.  That short-sightedness is beginning to catch up with companies now. 

Level 9

Good read.  Training is always an issue.  Train and have e  good retention policy in place.

About the Author
Paul Parker, a 25-year information technology industry veteran, and expert in Government. He leads SolarWinds’ efforts to help public sector customers manage the security and performance of their systems by using technology. Parker most recently served as vice president of engineering at Infoblox‘s federal division. Before that, he served in C-level or senior management positions at Ward Solutions, Eagle Alliance and Dynamics Research Corp.