This interview is an excerpt from GovLoop’s recent guide, What the Internet of Things Means for the Public Sector, which explores insights and best practices into how government is using automated machine-to-machine transactions and implementing IoT in the public sector.
The cyber world is a dangerous place. In a rapidly escalating environment of cyberthreats, obsolete devices, software beyond end of life, and poor visibility of your IT infrastructure, the risks an organization faces are extremely heightened. Additionally, the Internet of Things’ rapid growth is making it even more difficult for organizations to keep their technology up-to-date and secure.
GovLoop sat down with BDNA’s President Walker White and Vice President, Public Sector Clark Campbell to discuss how BDNA’s enterprise IT data management software can help organizations take control of their IT infrastructure to become more secure in this era of the Internet of Things.
Step one? Look at your “end of life” products.
Software, hardware and devices that have reached end of life are vulnerable assets that vendors no longer support. Because they stop receiving security updates over time, keeping track of end of life products is essential to an organization’s cybersecurity. Hackers target outdated devices, software and packages to infiltrate the IT infrastructure and acquire an organization’s valuable, private information.
However, given tight budgets, government agencies still often use technology that is near or past end of life, leaving federal agencies especially vulnerable to cyberattacks. And many organizations have no way of tracking whether their technology is near its end of life.
BDNA is helping change this.
BDNA’s enterprise data management software tracks the technology in an organization’s environment, providing centralized, up-to-date, reliable information about how close technology is to its end of life.
“Being able to monitor this is an extremely valuable piece of information to give to someone in IT operations,” said White. This is because in no small part it allows IT to address potential risks before a cybersecurity threat arises.
As we move into the era of the Internet of Things, keeping software updated is even more critical. “If many of the breaches are coming through end of life software in the traditional IT space, there’s no reason for us to think that won’t be the case with the Internet of Things,” White said.
“As attackers are getting more sophisticated, people using these devices need to make a better effort to keep their IT up-to-date,” White explained. Organizations must make sense of the massive amounts of data that will come back from IoT device sensors and apply proactive cybersecurity practices rather than reactionary ones.
However, because of the sheer volume of data produced by IoT, enterprises often lose track of their technology and end up overspending on IT goods and services. Today, IT departments can waste more than 25 percent of their budget if they leave their enterprise IT data unmanaged.
But by using BDNA’s enterprise IT data management software to implement security-focused IT asset management, organizations can simultaneously cut costs and mitigate security risks before they become a larger issue.
As IoT expands into private areas such as the healthcare and medical fields, “A lot of damage can be done if we don’t posture security at the very outset of what we are doing,” White said. With so much information being generated by these devices, making sense of information quickly, “is going to be absolutely essential to identifying issues and gaps,” he explained.
A few years ago, the Department of Energy fell victim to a successful cyberattack that allowed hackers to access the personally identifiable information of 50,000 people. The cause: an outdated version of a software application leaving the information vulnerable in cyberspace. As a result, the Department now spends $4 million per year in credit monitoring services for victims of the hack.
“Now, because the DoE is using BDNA software, they have the awareness of what their end of life situation is on their hardware,” Campbell said. Government agencies do not have the budget to replace all of their devices before their end of life, Campbell stated. “Today, the DoE has visibility into what percentage of their hardware and software assets are near or beyond end of life because of BDNA’s enterprise IT data management software. They have end of life information readily accessible, allowing them to effectively rank which technologies need to be upgraded first, enabling them to prioritize their department’s budget and mission needs.”
As IoT expands, it will grow increasingly important for government agencies to understand what outdated IT is still in their environment. Hackers will continue to target the technologies with the most vulnerability. By aggregating and analyzing information on the government’s end of life products, BDNA’s enterprise IT data management software is helping federal agencies determine the most critical equipment to replace, proactively addressing cyberthreats before they become a bigger problem.
Photo Credit: Flickr/David Goehring