Making Security a Top Priority

There are more than one billion connected devices on the Internet today. This means there are more entry points that can be hacked, making cybersecurity intrusions more common than ever before.

In order to prevent these intrusions from causing significant damage to government agencies, security must be developed for every technology, process and system. As government services continue to evolve in the digital world, security best practices and procedures must do so as well.

Kicking off GovLoop’s Gov Security in the Digital World Virtual Summit, Colorado’s Chief Information Security Officer, Deborah Blyth, spoke about the state’s successful security transformation.

Ten years ago, the state of Colorado’s security budget was $6,000 and one of the lowest priorities for the state. Enter Secure Colorado. The initiative combined 17 different IT offices into one consolidated approach and made security a top priority. Now, security is 5 percent of the annual spend of the state’s IT budget, compared to less than 1 percent just a decade ago.

Blyth addressed how she was able to transform the state’s outlook on IT priorities security programs as well as what the future of security looks like for Colorado. When it comes to security goals, here are some of the top priorities.

• Protect information and systems. Secure Colorado’s goal is to reduce the state’s exposure to data breaches and cyber attacks. Many of the common issues Colorado needed to address included streamlining the different existing tools and configurations and the varying levels of security maturity by agency. Blyth suggested looking first at the most critical systems.
• Research and development. Cyberthreats are always changing and evolving. Blyth discussed addressing these challenges and the importance of staying up to date and informed. One of the goals of Secure Colorado is to justify an ongoing budget for security improvements. This involves being able to fund research and further development to stay on top of new security threats.
• Partnerships. Develop key partnerships, including with government leaders, academic institutions or private sector organizations. Secure Colorado received the support of the governor and sponsorship from the Office of Information Technology.
• Compliance. You want to continually assess the level of compliance and be able to identify and collect issues of noncompliance.
• Framework. Secure Colorado follows the Center for Internet Security’s (CIS) framework, which helps agencies lay out the top critical security controls for the most effective cyber defense. Having a framework also works with the budget to strategically implement security improvements across all agencies.

Secure Colorado has been a success. Currently, there is 98 percent coverage across all environments and security measures, such as two-step verification have been implemented. Colorado also reduced its risk by 48 percent across 17 agencies. “Above all, you want state security to be strategic and critically important to its success,” Blyth said.

This blog post is a recap of a session from GovLoop’s recent Gov Security in the Digital World Virtual Summit. For more coverage, head here. To watch the Gov Security in the Digital World Virtual Summit on demand, head here.