First off, I’m excited to be engaging in dialogue with more than 300,000 of my peers here on GovLoop! Prior to my first post, I solicited feedback from my LinkedIn connections for blog topics. Rest assured, we will be exploring a number of these suggestions, but I thought for my first blog post, we’d talk about what to look forward to and prepare for in 2021.
While most of us would love nothing more than to let 2020 be a distant memory, the unfortunate truth is it will continue to inform what our focus should be in the new year. From my perspective, the two events of 2020 that had the biggest impact on Maricopa County’s information security program were the COVID-19 pandemic and 2020 election cycle.
What we found was that our strategy itself didn’t change too much, but the priorities contained therein did. For example, we had always had a CASB (cloud access service broker) solution on our roadmap, with research scheduled in FY 22 and implementation in 23. FYI: the new ‘in’ acronym is SASE (secure access service edge), which CASB is a component of an overall solution/service. I don’t make the acronyms, I just write about them. . . .
Why this timing? Well, this was based on our rate of cloud technology adoption and the assumption that we’d be primarily still working from the office. However, 2020 came and, as all of us know, we had to quickly adapt and overcome. We accomplished this by providing the tools and support to work from home. We also accelerated the adoption of cloud services for internal and public usage. The big infosec challenge as a result is the lack of insight into digital activity, which makes it hard to protect the enterprise. As a result, our priorities had to change to meet reality.
With elections this year it was all about information security and integrity. Government agencies across the board haven’t seen this level of mistrust and, in some cases, animosity in I don’t know. I’ve never seen anything like this in my 25 years of public service.
However, 2020 was a year of challenges unlike any other. Even though we are close (?) to putting the elections behind us, what is not going to fade is this increased scrutiny in how we interact with our constituents. This is on top of the daily threat of cyber incursions and misinformation and disinformation about government on social media.
I like to say that the currency we use when interacting with the public is trust. If 2020 is any indicator, trust with some is already in short supply.Whether you are an elected official, manager or line staff, this is going to be a challenge we all face and ultimately must address.
In short, what we can all expect for 2021 is:
- our agencies to adopt more and more cloud services
- we’ll need different information security tools to help with this
- moving services from onsite to the internet at a faster rate than before
- see the above bullet
- a continued work from home for many of our staff
- perhaps a topic for a future post, but it will be interesting to see the reaction for those agencies that want to go back to 100% in the office
- a greater need to protect against cyberattacks like phishing campaigns, malware, DDOS attacks, etc., and assaults on the integrity of government across the board
Technology alone isn’t the solution; information security professionals like myself cannot be successful on our own. We need to work collaboratively to identify the risks and come up with plans on how we’re going to tackle them. Perhaps we can work on a few of these together in this blog and comments. I am hopeful that 2021 will be a better year, regardless of the challenges ahead.
Interested in becoming a Featured Contributor? Email topics you’re interested in covering for GovLoop to [email protected] And to read more from our Winter 2021 Cohort, here is a full list of every Featured Contributor during this cohort.
Lester Godsey is the Chief Information Security and Privacy Officer for Maricopa County, Arizona, which is the fourth most populous county in the United States. With over 25 years of higher education and local government IT experience, Lester has spoken at local, state and national conferences on topics ranging from telecommunications to project management to cybersecurity and data. His current areas of professional interest center around IoT (Internet of Things) technology and data management and the juxtaposition of these disciplines with cybersecurity. You can follow Lester on LinkedIn.