System Security: A priority for all (with related video)
Editor’s note: Steve Charles of immixGroup comments on IT and data security as the end of the federal fiscal year approaches on Sept. 30.
Enough already! That’s the reaction I’m getting to the constant stream of high-profile data breaches this year. Why can’t we stop it?
Because it’s complicated. But here are a few things to do now. Implement two-factor authentication on all systems. It slows up the bad guys immediately. Before that, make sure all your systems are patched—and kept current every day using automated tools. Could there be a higher priority for funds at the end of the federal fiscal year?
Who is watching your most trusted insiders? These are the people with the most access and user rights. The bad guys may have gotten the credentials of these most trusted individuals and started to use them in nefarious ways. You won’t know unless you’re watching. There are tools for that, too.
Remember: the National Institute of Standards and Technology (NIST) has really done a great service for all of us in developing the Cybersecurity Framework. It starts with asking yourself to identify what would hurt you the most. Then manage that risk by implementing the system security controls needed to prevent harm. It’s a simple concept often made overly complex by all the variability from one system to the next. The good news is that there are people trained to use the Framework and there are new, more capable tools coming to market every day to help improve system risk posture.
And finally, as we approach the end of the federal fiscal year on Sept. 30, don’t forget the bona fide needs rule reminding us that year-end funds be obligated for a need that has arisen in the current fiscal year—not one we anticipate in the coming year. Given the recent guidance to all federal agencies from the federal Office of Management and Budget following the U.S. Office of Personnel Management breaches, this seems like a good time for agencies to make sure they are doing everything they can.
Steve Charles is co-founder of immixGroup. The McLean, Va.-based firm helps technology companies do business with the government. The firm’s services enable IT vendors and solution providers to grow their public sector business while providing government agencies with access to commercial technologies through their preferred contract vehicles and business partners.
In the video, Steve Charles discusses agility in government as it moves to the cloud.