We’ve reached the finish line of Federal CIO Tony Scott’s 30-day “Cybersecurity Sprint,” but the race is far from over. Over a mere 30 days, federal agencies have made significant improvements to their overall cybersecurity, and during the past year, the public sector has made tremendous strides to enhance and strengthen the federal government’s overall cybersecurity. However, with the effects of recent cyber incidents still being felt throughout government, it is more crucial than ever that agencies continue to take concrete steps to mitigate risk and strengthen their security stance.
Just days before the sprint wrapped up, Scott reported that excellent progress had been made thanks to the Cyber Sprint, specifically referencing a dramatic increase in two-factor authentication. He noted that “a number of agencies have hit 100 percent and broadly across government we’ve hit 20 percent.” While this is encouraging, as stolen usernames and passwords are often used to gain access to federal networks, systems, and data, there is much progress to be made.
Holistic, end-to-end security is more similar to ongoing marathon training, with the sprint serving as just one important element. To mitigate risk and reduce the threat of future breaches, federal agencies need to take steps to adopt an end-to-end, holistic approach to security that incorporates the following elements:
Robust Identity Access Management (IAM)
The sprint set out to dramatically accelerate implementation of multi-factor authentication, especially for privileged users, and its success in achieving this goal is evident. While progress is promising, other elements of IAM and privileged access management must be integrated as well. Robust IAM can provide a complete view into an agency’s security stance serving two important roles â”€ enabling the protection of user, data, and device, and allowing IT administrators to proactively identify potential threats revealed by abnormal user behavior. We provide a complete set of privileged account management offerings to ensure privileged users have access to the systems and data they need and nothing more.
In addition to identity management solutions, end-to-end security must incorporate elements such as next-generation firewalls. Firewalls can identify network abnormalities and can correlate data from the network to more quickly discover and address network incidents. SonicWALL family of firewalls offer cutting-edge intrusion prevention and malware protection to better protect your agency.
Education and Awareness
A holistic approach to cybersecurity also needs to control the human element of security â”€ risks introduced by users, whether unintentionally or maliciously. Agencies should educate government users on their role in protecting agency IT infrastructure. Users should be made aware of common hacking techniques and be armed with the knowledge to avoid these tactics.
The Cyber Sprint may be over, but training for the marathon is critical â”€ because the marathon has already begun. In our current threat environment, security needs to be viewed not as a necessary evil, but rather a strategic investment, integrated into everyday operations and woven into the fabric of our next-generation IT infrastructure. Continuing the end-to-end security focus that started at the beginning of the sprint will position agencies for a long and secure run.
Learn more about Dell’s end-to-end security offerings: