Just as drivers have to contend with blind spots on the road, so do security practitioners and leaders defending their networks. And just as a driver’s goal is to arrive safely at the destination, the objective of the chief information security officer is to ensure agency mission sustainment in a secure manner.
One of the biggest blind spots agencies have to contend with when securing their enterprise is rooted in data – how to instrument, move, store, analyze, distill and, most importantly, act on it. 2020 resulted in the transition to a majority remote workforce, making the data problem tougher to wrangle. While it was already difficult to achieve visibility and control of the devices that were within traditional agency network perimeters, that problem became significantly more complex as more devices moved off premises, and bring-your-own-device devices started accessing the network. Security blind spots multiplied.
Moving forward, federal agencies must work to eradicate these blind spots. How do agencies address the challenge?
1. Recognize a legacy approach:
Many agencies are struggling with a lack of visibility, but they’re never going to be able to overcome the problem if they don’t acknowledge it. Many of the past IT and security investments weren’t inherently bad investments – they functioned as intended in on-prem environments. However, when the U.S. office workforce is more than 70% remote, that model and tooling is simply no longer a viable solution.
2. Instrument at the edge:
Agencies need to adjust the way they think about endpoint security. The problem isn’t just about endpoints, it’s about data. Data has three central tenets: velocity, variability, and veracity. Agencies have typically collected and centralized data – for storage, analysis and, eventually, action. But today, that type of approach either results in ineffective actions or total inaction, because the data is no longer useful. The value of data decreases with time, so when data is centralized, the ability to act on that data in a timely manner is lost. It’s critical that agencies understand that centralized data collection is a legacy approach, and data instrumentation at the edge is the solution needed for enterprisewide real-time visibility and control.
3. Zero trust requires real-time data:
Many agencies are turning to a zero-trust model to better secure endpoints across a globally distributed workforce. However, no one solution collects all data and confirms or denies transactions in real time. Agencies need a method to bifurcate data instrumentation and collection. Instrumentation enables agencies to take action in real time. Collection allows for research and trends analysis. Agencies need to interact with data where it’s produced – at endpoints. Data centralization isn’t bad, but it should be reserved for only the most important data.
Many agencies think that to reduce security blind spots, they have to sacrifice the completeness, accuracy or timeliness of data. With legacy tooling, that logic is correct. With Tanium, however, there’s no sacrifice required. Tanium’s patented architecture allows federal customers to interact with data at the edge, leveraging every endpoint in unison as part of a real-time, living database. Data doesn’t have to be moved and workloads can be distributed across every endpoint, allowing for a complete, accurate and real-time view of every endpoint on your network – and zero blind spots.
This article is an excerpt from GovLoop’s recent guide, “Your Cybersecurity Handbook: Tips and Tricks to Stay Safe.” Download the full guide here.