4 keys to secure government systems modernization
- Posted on February 21, 2022
- Estimated reading time 4 minutes
This article was originally written by Avanade alum Wil Klusovsky.
Digital transformation came to your door, kicked it in, and sat on the couch eating Cheetos and isn’t using a napkin. It’s the guest that invited itself and is not going anywhere. For the government and public sector this has become even more evident. Working with limited budgets you tend to keep things in place as long as possible, extracting the most out of legacy systems. You must spend funding on areas with the utmost need because not everything can be addressed.
We have seen the impact of allowing these systems to continue to limp along. The inability to provide unemployment checks with more than 4 digits. The lack of data analytics to detect fraud. Having to resort to manual processes after a ransomware takedown. These highlight that improvement is necessary, and in some cases demanded.
Looking towards the future it’s important to look beyond “just fixing” current system X or replacing ABC with XYZ. This is the opportunity to assess the technical landscape and develop plans for improved systems that will be sustainable, resilient and adaptable. Within these plans you should take advantage and build in the security. Use it as an enabler, not an afterthought.
CIOs & IT leaders get with your CISO, your budgets help you both, you are teammates, find commonality to improve all fronts. To those who believe cybersecurity is “an IT problem” – step one is changing that belief. It’s wrong. Security is a business problem; it’s about risk, not just IT. It should be part of every department’s budget. That mindset shift will create ideas and improvement.
- The cloud
Moving to the cloud can be an obvious step in this progression to modernize. Doing so with a clear plan on how to secure it will improve the technology and security of organization. This is not the time to be short sighted, this is the time for having a vision. Build a modern approach. If you are going to use a new cloud solution, there are exponential values to be had. There are security capabilities built into the cloud as well as cloud-based options. Adopt (or at least plan for) the new way of doing business. Don’t try to force the old ways to work with new technology. Look at the benefits cloud can provide in both short and long term. Plan to mature.
- Security frameworks
Establish a security framework. It will address your current and future needs. It will help define cloud security & governance, addresses data privacy, compliance and drive a high value monitoring and response capability. Use these foundations to drive improved maturity in security and technology. With security as part of your maturing process, it will be easier to engrain it into the organization. Creating a more aware and resilient team is necessary to reduce risk. If you continue to add security as an afterthought, it’s more costly and often less effective. Even worse, you send a message to employees and your community that security is not important.
- Security maturity planning
Where are you on the maturity path? These times of change are prime for evaluating your current solutions. Are you using the right products? Are you getting the most out of the licensing and service costs you are paying? Are you paying for something you don’t use, or something that is redundant? Could you consolidate or optimize some areas? Improving this position could let you re-allocate budget back into other critical improvements. Consider “best in platform” where you get exponential value from a few providers vs. leveraging too many vendors for every solution. This provides economies of scale, critical when dealing with tight budgets and the need to modernize. Incorporate this into your new security plan. If you are not sure how to best evaluate this, engage a partner, you’ll save time and money and get the right plan.
- Zero trust
There is a federal strategy to move the U.S. Government toward a zero trust approach. NIST 800-207 defines a zero-trust architecture. Most vendors are creating zero trust solutions. It’s not a buzz word. Adopting a zero-trust model is a way to improve your technology with an integrated security mindset. Build zero trust principles into your security framework today, then apply them during your modernization projects. It’s important to know that getting to zero trust takes time. It will not be something you achieve with a few button pushes. Experience has shown that trying to add security “after the project” is more costly than doing so during. You don’t want to have to re-tool, re-architect or change things to fit into later. Do it right from the start. Start working with the CISO, DCISO & security teams now on that strategy. Building it into all phases of your modernization, ask “Is this zero-trust ready?” throughout your projects. This positions you for advancing technology and improves your security posture, which is a good thing. Win-win!
Modernize. Think security first and embedded. Build for the future, not today. CISOs and CIOs unite with all departments. Build a framework, think maturity. Streamline your current stack. Plan for zero trust.