As we settle in for a cozy winter’s break this holiday season, Government Technology Insider editors are sipping hot cocoa and enjoying visions of effective cybersecurity and data protection dancing in our heads. Looking back on 2018, we find that despite naysayers, public sector agencies at all levels of government are finding better ways to bolster cybersecurity, procure the right technology and protect personally identifiable information. Read the roundup of stories:
Does Improving Federal Cybersecurity Begin With Improving The Acquisitions Process?
The ability to secure federal data, networks, and assets is impacted by the ability of agency cyber leaders to access the technology required. They also need to continually respond to well-resourced adversaries that are constantly evolving the mechanisms of attacks. However, the existing acquisitions process can slow down requests to upgrade cyber defenses and keep agencies from acquiring the tools they need to keep pace with the constantly evolving threat environment. From request to approval and deployment, critical systems and data are vulnerable to a breach. But is the acquisition process, or at least how agencies approach it, responsible for ongoing cyber vulnerabilities among federal agencies? While this is a commonly heard argument around Washington, D.C., Kimberly Baker, Senior Vice President and GM Public Sector for RedSeal, believes that the acquisition process isn’t the obstacle to quickly bringing in new cybersecurity technology. Read more here.
Using Database Audits To Help Bolster Your Cybersecurity: Q&A With Paul Parker Of SolarWinds
Government CIOs and CISOs need to use every tool at their disposal to protect their networks and data. While more – and newer – technology can help, there may be more ways to shore up your defenses through existing assets. A database audit strategy that goes beyond the basics can help spot improper access and may also prevent incursions through tighter controls and monitoring. But doing it well takes planning and diligence, as well as a different view of how to use the tools you already have. To break down the essential components of this approach, we asked with Paul Parker, Chief Technologist – Federal & National Government, for SolarWinds, to explain how to use database audits as a key element in your cyber strategy. Read the Q&A here.
Personally Identifiable Information (PII) At Risk – Is It Time For A Single Department Of Data?
Multiple hacks of government databases, along with the well-publicized breaches of retailer and credit reporting agency databases, mean that a wealth of personally identifiable information (PII) is in the hands of criminals. A key issue, says Jeff Kramer, Senior Director of Government Solutions for Reed Tech, is that this data is duplicated in too many agencies’ systems, resulting in more places for bad actors to attack. Among his insights about the potential benefits and risks of this approach and how to keep PII more secure going forward, Kramer shared his idea for a “Department of Data” – a single agency that , would store, protect and make PII available only as needed. “Having key pieces of personal data stored in multiple places results in a great attack surface for bad actors and a greater possibility of data being compromised. However, if you put some type of identifiable information in one central place, that would reduce the risk,” he explained. Read the entire Q&A here.