Viewpoint: Governments need more than perimeter-based security solutions (with related video)
As part of our research on government budget trends for our mid-year 2013 Keating Report series, we reached out to Jerry Irvine, CIO of Prescient Solutions. The company is a Chicago-based IT outsourcer that provides CIO-level advisory support and on-site IT services to small, mid-sized and global organizations and government entities. The company has been in business for more than 15 years.
Irvine is also a member of the National Cyber Security Task Force. The Washington-based organization is a public-private partnership that was established to develop shared strategies and programs to secure and enhance America’s information infrastructure.
Here are Irvine’s views on local government IT security trends for the second half of 2013.
Government Product News: Is there a heightened emphasis on security and data management in government as we start the second half of 2013?
Jerry Irvine: Based on our experience, there is an increased knowledge of security threats and risks associated with government systems and data.
GPN: Are governments budgeting enough for IT security?
JI: While governments are aware of potential cybersecurity risks, in most situations, these organizations do not understand the systems or services required to provide the necessary levels of security. As a result, they are only budgeting for the outdated legacy solutions they know about.
GPN: What kinds of security products and processes are governments installing?
JI: Solutions typically being installed include anti-virus, firewalls and intrusion detection solutions. These solutions are all reactive solutions designed to provide perimeter security of systems and infrastructure devices. They resolve security threats only after detection of a security incident such as a virus, denial of service attack or data breach.
GPN: Do you have any advice for government officials (especially state & local) on upgrading their cybersecurity infrastructure/operations?
JI: Government organizations and facilities need to reconsider their security strategy. With the advent of mobile devices and cloud solutions, security can no longer be provided by perimeter-based solutions like firewalls and intrusion detection applications. Systems and data are being accessed remotely by mobile and remote users who are allowed to bypass firewalls and other perimeter solutions to run their applications and view the organizations private data. Today’s security strategy has to be designed to protect data across multiple systems and infrastructure devices whether on-premise or off-premise in the cloud. Additionally, cybersecurity solutions need to take a more proactive approach, reducing security risks prior to them being compromised.
GPN: How can your firm, Prescient Solutions, help governments?
JI: Prescient performs IT assessments to determine the security, reliability and performance of the environment in order to define any IT deficiencies within a government's systems and infrastructure. Using the assessment findings, Prescient outlines and suggests industry-best recommendations for design, configurations and management to mitigate loss caused by potential threats. In many cases, recommendations include a combination of increased security solutions in conjunction with off-premise (cloud or private cloud) placement of confidential and proprietary systems.
GPN: Thank you, Jerry Irvine.
Jerry Irvine, CIO of Prescient Solutions, explains the ever-changing climate of cyber security in this video.