this post is an excerpt from our latest GovLoop Academy online training course, How to Build Connected Security.
Security has always been a primary concern for government, but the definition of security – as well as the strategy to achieve it – is constantly evolving. While some things have stayed the same, other aspects of security are evolving
Think about how different security looked in the era of filing cabinets filled with rubber-stamped, paper documents. Even just 30 years ago, security meant protecting computers the size of cars from attacks. Security largely equated to physical security.
Today, things are different. Cybersecurity is getting the most attention after a number of high-profile breaches have shown the vulnerability of even the most sophisticated government IT systems.
But cybersecurity is just one new dimension for government to protect. It’s not the only one. The days of a fixed network edge are gone. Digital transformation, cloud computing, Bring Your Own Device and the Internet of Things (IoT) have fragmented the traditional government network perimeter. Add to that the challenge of an increasingly distributed and mobile workforce, and it’s nearly impossible to determine where an agency’s perimeter actually lies.
Avaya calls this new scenario the “everywhere perimeter,” where physical objects, cyber assets and network configurations all play a vital role in security.
But most public and private sector organizations haven’t matured operations to meet the needs of an “everywhere perimeter”. We still live in a world of silos of security responsibilities. That makes it difficult to set up a coordinated defense to multi-vector attacks, even though organizations should be working together.
Technology also continues to be a challenge, with new tools providing as many problems as solutions. For instance, innovations like cloud computing offer better ways to understand what’s happening on and around networks. Cloud can power analytics and extend to the edge of your network. But cloud comes with its own set of security risks, like privacy and sharing concerns, as well as the ability to access data from nearly anywhere.
Plus new tools have to integrate with the legacy infrastructure that government continues to use, extending security to new devices while making sure older tools are safe too. That makes it imperative that acquisitions focus on security integration and orchestration but – again – security personnel are often separated from other departments, such as procurement. As a result, systems are bought first and then secured separately.
To put it simply, the job of government has gotten a lot more challenging when it comes to security. Multiple factors, both organizational and technical, make it difficult to secure the “everywhere perimeter” and keep agencies safe. But it’s not impossible.
How? Take our newest course on GovLoop Academy, How to Build Connected Security, to learn the three components of security and how to master them.