How Security Goes Undercover

For state and local agencies experiencing budget shortfalls and budget cuts due to the pandemic, a common course of action is to preserve core mission capabilities by absorbing cuts in other areas. Unfortunately, this mindset and action have historically meant “support elements” such as IT and security often get a disproportionate share of cuts.

For instance, consider a local government that determines it can fully fund only two of these three initiatives: public safety, waste pickup and IT modernization. Which is most likely to be left out?

“That’s the risk we run,” said James Richberg, Field Chief Information Security Officer (CISO) at Fortinet, a cybersecurity company.

“It’s especially tempting for organizations to cut funding in the area of security, since doing so doesn’t seem to produce adverse consequences — until a significant malicious incident occurs,” said Richberg, a former National Intelligence Manager for Cyber at the Office of the Director of National Intelligence.

“That’s why I think security has to almost go undercover. You need to make it integral to the broader solutions that agencies adopt,” Richberg added.

‘Like Siamese Twins, Joined at the Hip’

The COVID-19 pivot to remote telework has proven how relevant IT is to the agency mission, but what about the future? To take advantage of this momentum, it’s vital that IT and security teams are aligned and collaborating.

“We used to say it was nice to collaborate. Now, I think it’s imperative,” Richberg said.

If IT and security teams can partner to 1) identify key productivity-enhancing technologies and 2) shape the discussion of solutions for agency stakeholders to consider, they can both maximize the “bang for their buck” for expanded digital services and ensure that the choices prioritize security from the start.

Take software-defined wide-area networking (SDWAN) for example. SD-WAN is a flexible networking technology that enables fast connection to the cloud, a capability that may be attractive to amany agencies as the remote workforce and digital services have ramped up. It offers cost savings, operational flexibility and a better user experience.

In earlier versions of this technology, security was left out or treated as an afterthought. But some of the latest SD-WAN products include security as part of an integrated solution, so that a single device performs network management, router and security functions. Because these integrated products reflect technological progress made since the early days of SD-WAN, they typically offer higher performance in addition to cost savings.

To find efficient and cost-effective solutions, the chief information officer (CIO) and CISO need to have a “synergistic relationship where they’re almost like Siamese twins, joined at the hip,” Richberg said. A number of jurisdictions already operate in this way, but it can run the gamut.

“If you’re an organization trying to build these bridges, the best way to do it is to start from the top. Otherwise, inertia will sabotage it,” Richberg said.

This article is an excerpt from GovLoop’s recent guide, “Resilience Lessons From State & Local Government.” Download the full guide here.

Leave a Comment

Leave a comment

Leave a Reply