This interview with Gene Stromecki, Federal Sales Specialist, and Dmitriy Ayrapetov, Project Manager at Dell SonicWALL is an excerpt from GovLoop's recent guide, Securing Government: Lessons from the Cyber Frontlines. In this guide, we review five tactics government organizations are using to enhance their cybersecurity.
The IT landscape is more interconnected and complex than ever before. The increasing number of initiatives involving telework, bring-your-own-device (BYOD) and the Internet of Things (IoT) allow for greater employee flexibility, efficiency, and connectedness – but it also presents serious cybersecurity risks.
So how can agencies stay secure without hampering performance and service delivery? We spoke with Gene Stromecki and Dmitriy Ayrapetov, both from Dell SonicWALL, a network and security solutions provider, to learn more about the increasing complexity of federal IT. They also discussed why a holistic cyber approach is needed to stay secure and how solutions from Dell SonicWALL can help your agency meet the critical balance of performance and security.
An increasing complexity and the pervasive presence of threats require cybersecurity to be a primary consideration for agency leadership. “Security is no longer just an issue for the IT staff – it’s now extending to the whole organization,” said Stromecki. “The impact of [cyberthreats] can be substantial. In government, it affects reputation but also the ability of an agency to deliver on its mission of service to citizens.” Illustrating this point, a McKinsey report found that cyberattacks could cost the world $3 trillion in lost productivity and growth by 2020.
Ayrapetov further emphasized the critical role of security in agency operations. “Security cannot be an afterthought; it has to be designed into all projects,” he said. “With growing complexity, the risks become bigger and there are more entry points into the network. It takes just one slip-up in security to be compromised.”
Protect the Entire Data Lifecycle
To meet these difficult demands, agencies have to be persistent in their security efforts. They need to think about the entire lifecycle of their data and all of its potential end-points. “At the end of the day, security comes down to protecting the data,” said Ayrapetov. “You need to start thinking about where the data lives: in servers, phones, computers, etc. When it lives in all those devices, how is it protected?”
For example, if a private contractor requests information, many questions need to be asked. What is being uploaded? Is the data going through an encrypted tunnel? Are credentials and access privileges being inspected? If credentials are stolen, is two-factor identification in place?
“Throughout the data lifecycle, we have to make sure that every step of the way is secure,” said Ayrapetov. “If you are insecure by design, you will be breached.”
Visualize a Holistic Approach
When there are so many moving parts and vulnerable access points, agencies need to look beyond individual network elements. With this in mind, government is adopting a holistic cyber approach.
“[The holistic approach] requires the need for sophisticated identity and access management tools, the ability to manage privileged passwords and privileged users, the need for technology such as encryption on the endpoint, and of course the next generation firewall, where Dell is a leading provider,” Stromecki said.
It is crucial for these tools to interoperate. “For example, an alert from a firewall allows you to disable a particular part of the network or particular endpoint devices in the case of an incident,” he said.
Dell offers holistic protection by securing the network, user, data, and endpoints. “Dell will monitor the network, help organizations create a plan and a security stance, analyze the security stance in an organization, and help respond to threats,” said Ayrapetov.
Additionally, Ayrapetov noted that network monitoring can generate gigabytes of data per day, so Dell helps agencies pick out the signal from the noise in order to respond effectively to incidents.
Align Security Strategy to Organizational Needs
But while security is paramount, Stomecki and Ayrapetov both agreed that an agency that is completely locked down cannot function and carry out its mission.
“Dell’s technologies have been optimized and engineered into systems to provide comprehensive and thorough components of security without substantially impacting network performance,” said Stromecki. “Ultimately, networks are designed for their end users to be able to accomplish their tasks and the agency to fulfill its mission. Security – while essential – cannot bring the network to its knees.”
Beyond simply deploying technology, government needs to weave these solutions into an overall environment of security, developing what Stromecki called a “security playbook.”
“[Agencies] need technologies that can detect compromises when they occur and understand the implications so that they can be contained,” he explained. “Then, they need to move into a situation of detailed forensics that gets to the root cause of the event to understand it and prevent it from reoccurring. It’s a continuous cycle.”
By protecting networks and complying with security protocols without impeding agency performance, Dell facilitates an effective and holistic cybersecurity approach for government.