This blog post was is an excerpt from a recent report created by GovLoop in partnership with Quest. It was written by Catherine Andrews, Senior Director of Editorial and Production Content for GovLoop and features quotes from Quest thought leaders. To download the full report, head here.
As government agencies work to protect their large volumes of sensitive data, they must continuously improve and adapt their security postures and programs to keep up with the changing threat landscape and regulatory environment. Government IT systems must be secured from outside and insider threats in cyber security, whether well-meaning or malicious. At the same time, agencies still have to ensure that the right people have access they need to do their jobs.
Government cyber security solutions are also changing. Today’s shifting environment means agencies and the vendors they partner with must keep every security tool aligned with both agency needs and regulatory requirements.
But achieving all of this is incredibly difficult. In particular, government faces a variety of challenges that, when unaddressed, can seriously complicate their cybersecurity posture.
In this changing threat landscape, it’s difficult for agencies to know what to expect. “One common thing agencies are facing is that the threat landscape changes on a daily basis,” said Bryan Patton, Quest Principal Strategic Systems Consultant. “We never know what vulnerabilities an attacker is going to try to take advantage of. So truly, the biggest challenge agencies have is the unknown. You don’t know who’s trying to attack your environment on a daily basis.”
Obtaining funding for cyber security initiatives is also a significant challenge for government. It’s difficult to predict how much of an agency’s funding should go toward cybersecurity because there’s no one-size-fits-all solution. “We understand that government has a limited budget,” said Patton, “so they must be strategic with what they spend money on and how they communicate that investment to others.”
Talent in the workforce:
The Global Information Security Workforce Study projects a 1.8 million-person shortage in the cyber security workforce by 2020. Government has been trying to address the shortage of personnel and skillsets in the cyber workforce, and it’s a constant challenge. “There is a serious shortage of cyber security talent to begin with,” said Patton. “Government needs to figure that out, whether through better hiring or more automation.”
“Whether it is departmental, political or technical segmentation, silos remain a huge challenge,” said Chris Roberts, Quest Enterprise Architect. “Anything that puts a barrier between the flow of information needed to manage IT assets effectively is a hindrance to any potential long-term success toward improved security.” In short, communication across all levels and functions within both technical and end users is a must before any tool or process will be successful.
All of these challenges led to the creation of the NIST Cybersecurity Framework. The CSF consists of standards, guidelines and practices to promote the protection of critical infrastructure and improve government security.
In our next blog post we will talk more about the CSF and specifically how Quest’s solutions map to these requirements.
Authored by: Catherine Andrews, Senior Director of Editorial and Production Content for GovLoop