Your Playbook for Protecting Against Cyberattacks

Many state and local agencies are just beginning their cloud journey, with the bulk of their resources focused on their on-premises environments.


Lack of leadership prioritization, funding, training and cloud security knowledge. Security professionals are also in short supply, which can make secure cloud adoption and management a challenge.

Also, security teams need to have visibility and to monitor closely to detect anomalous activities in both their on-premises and cloud environments. These tools add another layer of complexity to the environment.

Imagine a small state agency that experiences a ransomware event. The event begins to spread from on-premises servers to the cloud, preventing all access to employees and citizen services. The under-resourced security team is quickly overwhelmed and unable to contain the event.

Unfortunately, these scenarios are happening more frequently across the nation. But there are ways to bolster your defenses.

It begins with creating a security playbook that gives a clear understanding of roles, responsibilities, and activities during an incident. The playbook describes a standardized approach that is repeatable across a variety of scenarios that might affect your hybrid cloud environment.

Here’s how to create one:

  1. First, define use cases, such as types of security scenarios that are identified risks.
  2. Next, assign responsibilities to those who will need to respond to the event and remediate its impact. Who should I call?
  3. Then, establish the methodology. How will your agency work through to recovery? What is the communication strategy?
  4. Categorize the incident based on the scope of the impact. How far reaching was it?
  5. Finally, identify additional resources available for response and recovery. For example, what other teams and tools are available to help?

After you have that playbook in place, here are five best practices that agencies should consider to optimize and secure their cloud environments:

1. Automate processes.

Orchestrate and automate the tedious, day-to-day tasks with capabilities, often enhanced through machine learning or artificial intelligence. This allows teams to focus on key events that could cause a significant disruption in your environment.

2. Monitor continuously.

Continuous monitoring helps you to maintain visibility and gives you the ability to detect and identify changes within the environment. This is particularly important in maintaining a strong and secure identity foundation.

3. Leverage native cloud solutions.

Using existing on-premises security capabilities might not be the right approach for the cloud. Security teams need to embrace cloud-native solutions and integrate them into the existing architecture.

4. Consider managed services.

Managed services provide a way to augment an organization that struggles with a shortage of IT and security professionals. Using managed services could help to reduce the risk of operational and security failures due to untrained or unavailable resources.

5. Take advantage of new funding.

The American Rescue Plan provides a significant amount of funding to support IT modernization efforts. Don’t miss this unique opportunity to gain funding to improve security and modernize your IT infrastructure.

Cyber activities are nearly impossible to predict, and time-consuming to remediate. Local governments, academic institutions, and state agencies will always need to be ready to react. However, improving their processes through planning, automation and practice will make it easier to consistently respond to unexpected anomalies in their environment.

This article is an excerpt from GovLoop Academy’s course “Your Playbook for Protecting Against Cyberattacks,” created in partnership with AWS. Access the full course here.

Leave a Comment

Leave a comment

Leave a Reply