GOVERNMENT TECHNOLOGY/The one-two punch
The challenge of making government information readily available to employees and the public while maintaining its security continues to present a conundrum for the public sector. To strike the right balance, IT managers should focus on building a resilient information infrastructure that combines security and availability management tools.
Software on government networks is being exploited with alarming speed. Confidential information can be gathered through keystroke logging and password-stealing Trojan horses; bot (short for “robot”) infections covertly installed on a government employee’s machine can allow unauthorized users to control the computer remotely; phishing e-mails can trick recipients into divulging financial data; and malicious code can download additional functions once a system has been infected.
Today, the average time between the disclosure of a vulnerability and the release of code that exploits that vulnerability is just 6.4 days, giving already overburdened IT administrators less than one week to identify, patch and test their systems. Complex local government IT environments that comprise databases, servers, desktops, laptops and handheld devices that use hybrid wired and wireless networks provide multiple entry points and targets for hackers, making IT security even more challenging.
To help ensure the integrity of critical information, IT managers can use advanced administration tools. Software that automates patch management, provisioning, installation design, license and asset monitoring, backup, recovery and reporting should be combined with early warning systems, intrusion detection, firewalls, virus protection, content filtering, compliance and vulnerability assessments and virtual private networks.
The right tools can help reduce manpower needed to thwart security threats. For example, when an early warning system identifies a threat making its way across the Internet, it does not stop at reporting the potential threat to IT administrators and security personnel. It also triggers more frequent system backups throughout the agency, automatically identifies vulnerable systems, and updates them to preserve continuity and information security. Security technologies — such as antivirus, firewalls, intrusion detection and prevention, content filtering, antispam, and alerting software — help agencies identify, analyze and prioritize threats. Backup and recovery software and security policies help reduce downtime and information loss.
A resilient infrastructure also can tell IT managers the status of systems, applications and data, and make them aware of emerging security threats, strategic compliance issues and information risks. Government agencies then must be able to protect their information from attacks, mitigate risks, fix errors and have recovery tools and procedures in place to bounce back from an incident.
IT managers face numerous challenges as they struggle to maintain the availability of information while reducing vulnerability. By integrating security with storage technologies, agencies can create more resilient IT infrastructures that can improve operations and ensure information availability while enhancing productivity and efficiency.
The author is president and CEO for Herndon, Va.-based DLT Solutions.