Connecting state and local government leaders
A hygiene-first approach combined with modern security solutions is essential for state and local agencies looking to increase their level of protection, gain visibility into their IT environments and eliminate blind spots.
Now more than ever, it is time to declutter and modernize public sector IT environments.
The growth in the number of systems agencies must manage across on-premise, hybrid and multicloud environments will make anyone’s head spin. Even for the most conscientious IT and security teams, it’s a challenge to protect workloads and treasure troves of data while enhancing solutions to keep pace with organizational growth and ever-expanding security concerns. This is a time when agencies need more visibility into their environments than ever before -- not only to detect threats, identify unmanaged assets and build secure applications – but also to bolster their communities by building best-in-class services that protect their end users and offer immediate response to remove threats from their environment.
Meanwhile, agencies are running antiquated technology that provides essential services but that isn’t easy to upgrade or migrate to the cloud. In many cases, they are dependent upon mission-critical business applications that were built a decade or more ago on what now most would consider legacy technology – everything from mainframes running COBOL applications and servers running older versions of server operating systems to systems for which it’s hard to buy replacement parts. Because these applications are working, agency leaders tend to spend their limited funds elsewhere, such as on the provision of new or enhanced services consistent with the agency’s mission. They aren’t keen to upgrade an application that in their eyes is functioning just fine, even while the foundation of that application may be crumbling.
Throw a few personnel changes into the mix, and it’s pretty easy to lose control of the technology inventory. The maxim, “you cannot secure what you can’t see,” resonates now more than ever. Visibility into the full scope of an agency’s IT environment is a big issue.
A critical component of IT hygiene, this visibility is needed to assess assets both in real-time and historically, giving state and local agencies a view into the ongoing threat posture of their environment. Applying a "hygiene first" approach to security architecture can give IT and security teams better visibility into their IT environment and help them address and eliminate potential blind spots.
Here are five actions state and local agencies can take to improve IT hygiene.
1. Deploy proactive security tools
Too often organizations rush toward something new, such as cloud migration, without understanding the threats in that unique environment. One of the biggest gaps is that security teams often have little visibility into what infrastructure teams and business operation teams are deploying into the cloud. This has led to errors and misconfigurations that have left cloud environments exposed to threats.
At the same time, with the push to multicloud environments, it is hard for infrastructure teams to be experts in every type of cloud. Therefore, security tools must work everywhere—across on-prem data centers and into the cloud, protecting the workforce regardless of location or device used. These tools should be able to perform discovery, assess configurations and detect security risks wherever an application is deployed. Most importantly, proactive security tools must respond to threats in real-time no matter where the employee or asset exists.
2. Combine vulnerability management and threat intelligence
Vulnerability management consists of identifying, evaluating, remediating and reporting on security vulnerabilities in systems and the software that runs on them. Threat intelligence is data that is collected, processed and analyzed to understand a threat actor's motives, targets and attack behaviors. Combining the two functions will help agencies prioritize remediation activities for vulnerabilities that present the highest risk. For example, if an attacker is targeting a state agency and making use of a specific vulnerability, then the agency needs to know whether that vulnerability exists in its environment. That allows security staff to prioritize and focus on remediating that vulnerability first.
3. Apply zero trust principles
Zero trust is a critical component of stopping breaches, since nearly 80% of cyberattacks leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection, according to the CrowdStrike 2022 Global Threat Report. It is important to layer modern security on top of this legacy infrastructure to help detect and stop modern attacks and to enforce multifactor authentication. Identity protection is a critical, yet often challenging security control, and requires modern security solutions to help solve this inherent weakness.
4. Encrypt all data
Ransomware attacks have evolved beyond simply locking up systems. Ransomware attackers are now making copies of an organization’s data and threatening to release it publicly or on the dark web if an extortion fee is not paid. Even if agencies are improving their resiliency by backing up data, they must encrypt all data to prevent attackers from stealing and exposing it, whether it is at rest, in transit or in use.
5. Fully deploy security tools
Agencies should deploy security tools quickly throughout their entire environment and validate there are no blind spots. Often agencies are implementing security tools too slowly or have not fully deployed them throughout the environment. As a result, attackers are able to gain access, undetected, and wreak havoc in networks and systems in a matter of hours.
Hygiene-first and modern security
A hygiene-first approach combined with modern security solutions is essential for state and local agencies to increase their level of protection, gain visibility into their IT environments and eliminate blind spots. Prevention, detection, hunting, threat intelligence and assessment as well as incident response are comprehensive protection capabilities agencies need to protect their environments and stop breaches.
NEXT STORY: State lays groundwork for cyber ecosystem