This blog post is an excerpt from GovLoop’s recent guide, “The People Behind Government Cybersecurity.“
IT professionals in government face challenges every day creating systems, platforms and protocols that protect agencies from dynamic cyberattacks like malware and ransomware. They must strike a balance between having information accessible to users and protecting the information from hackers. This task is even more difficult in the public sector because IT professionals must also navigate political mandates, policy changes and tight budgets.
GovLoop recently sat down with Rob Potter, Vice President of the Public Sector for Symantec, a leader in cybersecurity, to discuss how agencies can leverage integrated platforms to increase their capabilities while ensuring their information is secure. Being able to balance integration and security is crucial for agencies because it will allow decision makers to trust the integrity of the information for policy decisions, while simultaneously ensuring that internal users can access information appropriately.
The most challenging aspect of securing government information is that they live in an environment where
the attack surfaces at agencies are changing with the incorporation of each new contractor or platform. Recent breaches have proved that, “agencies have to focus on the infrastructure and the perimeter, as well as protecting content,” said Potter. Although breaches may be difficult to stop, agencies can mitigate the damage of breaches by making sure that for each critical function or asset, there’s a control commensurate with that asset. Agencies can then protect specific content and restrict which roles can access sensitive information.
This involves assessing what content an agency has, how it should be protected and who should have access to which pieces of information so that the information can be used across to deliver on the agency’s mission. By managing identities and using content specific solutions to communicate and protect information, employees can be shielded from serious cybersecurity threats. They can trust that they are making decisions that will advance the agency mission based on uncorrupted information.
Solutions like Symantec’s integrated cyber defense platform ensure that IT leaders can manage cybersecurity and information access from a single platform. The platform integrates information, user profiles, web security and email messaging security. This allows users to operate efficiently and communicate within an environment, while helping agencies prevent security gaps across systems.
Potter specified why integrated platforms must secure these four aspects of digital content:
• Information: Agencies need to be able to trust that their data and information is accurate and reliable because they will be making important decisions based on it. That means agencies must be able to control who is modifying the content.
• User Profiles: Users and partners need remote access for collaboration, which involves authenticating both the user and the environment to which they have access. The users need to comply with the standards and policies of the environment as they interact with the data and the infrastructure.
• Web Security: Securing interactions with the web doesn’t just mean protecting the platform from the internet, but also determining how employees interact with cloud based applications and other resources connected to the web. Agencies should also put controls around how content is moving in and out of the perimeter for daily operations or storage.
• Email Messaging: Email communications internally and externally must be encrypted and protected from phishing scams and ransomware, and the best way to protect technologies from these threats is through user education.
“If you have a platform that allows you to communicate with your web provider, identify content, define policy around that content and control how people are coming in and out of your environment in terms of the way that they collect information,” said Potter, “it’s going to create a greater level of intelligence and visibility inside your environment.”
Internal integration is achieved by ensuring that different technologies are using the same communication and development protocols and processes, and the more agencies can leverage integrated capabilities, the smaller the gaps are in the platform.
The integrated cyberdefense platform is also an open platform so it can integrate with platforms and products from multiple vendors and contractors. That way, agencies can build upon investments they have already made in technology while integrating new technologies into the overarching infrastructure and strategy.
Although keeping dynamic government IT systems secure and user friendly may seem like a daunting task, leveraging integrated platforms will reduce gaps in cybersecurity perimeters and make agencies more efficient. If agencies concentrate on increasing control over information content, user profiles, web interactions and messaging through an integrated security platform, then IT and non-IT employees can leverage organizational capabilities to gain better insight into operations and missions.