Advancement is always a good thing, right? Well, yes and no.
On one hand, IT modernization projects help federal agencies deploy more advanced technologies to enhance efficiency and provide a greater depth of capability. These advancements often provide greater opportunity to leverage automation and allow for stronger IT controls to protect critical assets.
That said, technology upgrades can also create security challenges. In the 2017 SolarWinds Federal Cybersecurity Survey, federal respondents cited three increases in IT security challenges as a result of modernization.
- More vulnerabilities in new technology stacks (cited by 53%)
- Burden of supporting new technologies and legacy systems (cited by 51%)
- Lack of training on new technologies (cited by 50%)
All in all, the survey revealed that 66% of respondents—a full two-thirds—think federal agencies’ efforts regarding network modernization has resulted in an increase in IT security challenges.
Not modernizing is not an option; that’s understood. Security holes can be far greater in older technologies. So, what’s a federal IT pro to do? How can you modernize agency infrastructure while controlling IT risks?
Four steps toward getting the best of both worlds
Step 1: Enhance IT controls
According to the survey, those agencies that deem themselves as having excellent IT controls have seen a decrease in cybersecurity threats across the board, from insider threats to malware to social engineering. Conversely, those who say their agencies have poor IT controls have seen an increase in security incidents, specifically in SPAM, external hacking, and denials of service.
In fact, the same survey notes that a majority of agencies that rate themselves with excellent IT controls say IT modernization has enhanced their ability to manage risk.
Step 2: Ensure compliance
Over two-thirds (68%) of survey respondents said that implementing relevant standards is critical to achieving their cybersecurity targets. In fact, nearly the same number agreed that agencies that merge and balance both risk management and compliance are more likely to avoid IT security issues.
Step 3: Take advantage of new technologies to enhance security
Remember, IT modernization projects often provide greater automation, stronger IT controls, smaller attack surfaces, and built-in security features. Federal IT pros can take advantage of these enhancements to improve the agency’s cybersecurity posture.
For example, enhanced automation means that protection and remediation tasks can also be automated, which means a faster, more efficient response to security issues.
Upgrading current tools to the newest versions will also help enhance security, as the newest versions will provide the most protection. Respondents cited the following as “highly effective” in enhancing network and application security:
- Identity and access management tools
- Endpoint security software
- Network admission control (NAC) solutions
- Patch management
- Configuration management
Step 4: Training
Historically, one of the greatest sources of security threats to any agency, civilian or military, is careless or untrained users. The threat is not getting any smaller. In the 2017 survey, 54% of respondents cited this group of users as the greatest threat to agency security; in the 2014 survey, 42% cited this group of users as the greatest security threat.
The solution is training, which is particularly important as agencies implement IT modernization projects. The more the federal IT team understands new technologies, the better equipped they are to implement them successfully and take full advantage of the newer security features that are built in.
Conclusion
Federal IT pros face many challenges that impact an agency’s cybersecurity posture, from untrained users to budget constraints to a multitude of competing priorities. Ideally, IT modernization should not be one of them. The goal is to implement IT modernization projects that improve risk management protections, rather than increasing security challenges. Developing strong IT controls is the first step in that journey.
