govciooutlook

Is Technology an Effective Tool to Manage Government Security?

By Joanne Hale, Secretary of Information Technology, State of Alabama

Joanne Hale, Secretary of Information Technology, State of Alabama

It is a matter of absolute wonder as to how the world around us is evolving in a rapid pace and attaining new heights within a brief span of time. Owing to recent developments in information and learning, governments today seem to incline more towards a technology-driven approach instead of clinging on to the erstwhile traditional modes of administration. With governments steadily transforming into e-governments, the question of security management has turned out to be of paramount importance. To tackle complexities pertaining to security, numerous governments have started employing technology as a means to curtail risks and simplify the existing modes of supervision.

Cloud Computing as a Tool for Security Solutions

In recent times, several trends have emerged into this landscape with the intention of reforming the aspect of security in the public sector. Validating this statement, many public organizations are found to be adopting a range of latest technologies with respect to information, data and infrastructure in addition to security solutions. Cloud computing, one of the most prevalent hi-tech innovations at the moment, has quite evidently made its entry into the arena. Despite the cloud being formally mainstream, a handful of executives still believe that its security practices are not reliable enough to preserve valuable data and mission-critical tasks at hand. However, this notion is bound to change with the ushering of leading cloud service vendors who continue to develop and implement exceptionally upgraded security controls.

“While addressing challenges, a risk-based approach is often reckoned as holistic instead of a simple checkbox mode of control”

When it comes to internet security, the advances in cloud security technologies can be interestingly metamorphic. Cloud-based cyber security has the potential to induce knowledge accumulation and risk prototyping, obstruct threats, augment solidarity and collective learning, minimize the gap period between detection and remediation and finally create dependable communication conduits. Generating cost reductions while providing a secure platform for keeping data, the outlook of cloud computing becomes all the more appealing.

How is the Public Sector Transforming?

In the wake of digital revolution, IT has gained remarkable momentum thereby transforming the face of business to a phenomenal extent. As a consequence, most governments at present are moving ahead in the direction of Information and Communication Technologies (ICTs) to improve activities in the corporate front. Notably enough, this is where the role of an information officer comes into play as an operator who commands the reins of the business. They determine the progress of a government through the integration of changing trends with the existing system of administration. Thus, the responsibilities of an officer are likely to fluctuate depending on the need of the hour.

Looking back ten years from now, leaders of IT in the state were expected to be inward-looking, somewhat like technicians aspiring to solve problems that others had identified. But this estimation soon yielded to the dominion of the Internet era that transpired a few years hence. Thanks to this paradigm shift, IT now is seen as the engine that drives every aspect– be it an agency, a process, a decision  or a transaction–of the state and its constituents. It has transmuted to become more of a business-oriented leader that not solves public issues but also helps look forward to understand how technology can navigate charges of the state to its people and also manage the risks that tag along with it.

Going by this conversion, the agenda of governments in terms of IT security is undergoing an extensive modification these days. Security has always been in the realm of priority for state CIOs but until the last few years, it has really been a course module where the leaders have to share anecdotal stories about glitches or risks and comps or breaches. Nevertheless, it is quickly changing to become more of a ProModel where agencies are recognizing that the responsibility for security is entrusted upon everybody, including the citizens themselves.

State governments have a major role to play in the safeguarding of public assets. In that regard, the landscape is quite positive as security happens to be top-of-mind for most organizations. More and more officials are now willing and eager to do everything that the state can for the protection of crucial data and resources. On the flip side, the risk landscape is getting all the more complex owing to the strict vigilance of thread actors in finding weaknesses.

IoT as a Challenge to Government Security

Taking into account the impact of IoT over public sector, the former has been speculated to be one of the biggest challenges to security because governments usually do not have a use case centering on IoT, or the security of IoT to leverage for making the case, exacerbated by the critical infrastructure that most agencies have. As for the masses, IoT is something from the future. They are yet to realize the enormity of the IoT threat (large, complex and multi-dimensional) as it really is.

The focus today is more when it comes to cyber security applied on databases, whereby one gains access to a product by connecting to an internet-enabled device in the field. The need to recognize and employ resources to curb data-driven risks has become crucial. Agents indeed have a liability towards preserving and protecting sensitive data which can be accomplished by an effective collaboration with the government.

Measures Taken to Ensure Security

While addressing challenges, a risk-based approach is often reckoned as holistic instead of a simple checkbox mode of control. This enables the authorities to analyze the sensitivity or risk factor as a step towards managing vulnerability. Another way to tackle this complex environment is by engaging the owners of a system to make sure that the specialists understand from the owner’s perspective regarding how critical that system is and what are the consequences of it being compromised. Based on a business or customer-driven perspective, the security experts need to do an assessment of the controls that need to be put in place.

If they can’t be successful with this technique, the answer is not to give up but to find compensating solutions that will provide a similar level of security and risk-reduction. It has to be a weighted decision metric; businesses initially go on to air on the side of accessibility and ease-of-use whereas the security professionals would want to air on the side of protection and locking everything down, neither of which works. It has to be a shared responsibility and a mutual priority setting to generate access, ease-of-use, portability and security.

It must be noted that this is not a solution that is owned and driven just by the security staff, but a system of collaboration. The key is to understand that the core protection mechanism irrespective of the data or the process or the agency, will take measures which has to be non-negotiable. A deep-rooted obstacle that interrupts this process is the problem of adaptability. Standardizing and using the same controls everywhere is likely to be a lot more cost-effective and much simpler. This, however, shall not be effective in case of revenue circulation although there are services like the Public Works Board to simplify issues by implementing a manual-based approach, regardless of the environment or the application.

Current Issues

Deltek: Born with Government Contracting DNA
DatabaseUSA: Harnessing Big Data For Government Agencies