By Rob Chee, Technical Director, Iron Bow Technology’s Cyber Security Practice
It is no secret that keeping our top cyber security professionals inside the federal government continues to be an issue. At the same time, cyber security is a threat to our nation that is only growing. The new administration is expected to soon sign an executive order outlining an aggressive plan to tackle the mounting risks to critical government data, but with a thinning cyber workforce, how are agencies expected to support it?
The Partnership for Public Service recently found that of all areas of federal employment, IT specialists were the least satisfied. Furthermore, this past year’s Federal Employee Viewpoint Survey found that a lack of necessary workplace resources is a driving factor of employee dissatisfaction. As threats continue to increase, cyber professionals’ jobs are only becoming more difficult. What can agencies do to keep existing workers content without sacrificing national security?
Security gaps that come from a decreasing cyber workforce with an ever-growing workload can be addressed through as-a-service offerings. Many organizations currently don’t have enough technically-minded security professionals able to sustain the security of their IT from an operational standpoint.
This is where, rather than relying entirely on their own staff, organizations can instead leverage centrally-located managed services staffed with professional security engineers. This lightens the burden on existing professionals within the agency and increases the level of data security agencies can expect.
With many moving pieces inside any given network, security monitoring as-a-service will ensure that in the event that potential threats do arise, IT professionals within an agency will be notified so they can troubleshoot and limit the damage.
Companies like Cisco, FireEye and Splunk can provide professionals to monitor web servers and more while also keeping these products up-to-date. This solution gives agencies back time, expertise and manpower without sacrificing the safety of critical assets. Through as-a-service network monitoring, organizations can focus on other key IT initiatives, such as modernizing legacy infrastructure and the like.
According to Cisco’s Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This is a false sense of confidence, and it’s time organizations took a different viewpoint and overall stance on cyber security. In the current IT climate, hacks should be viewed as inevitable.
From an organizational standpoint, agencies must work to improve visibility on the network to enhance their security stance prior to and in the event of a breach. With increased network visibility – for both internal security professionals, as well as for those monitoring the network as-a-service – organizations will be clued into what’s happening on the network at all times. This visibility provides agencies the who, what, when, where, why and how of a hack and allows them to remediate immediately in order to limit the damage.
Without network visibility, many agencies find out about a hack after the event and then face the challenge of figuring out the basics. When it comes to network security, being prepared means not just having the proper firewalls in place or security at each end point. On top of that, it means being able to see what is happening on the network on a day-to-day basis.
As cyber security continues to be a top priority, it is imperative that agencies recognize their shortcomings. It’s time for the government to be one step ahead of risk by ensuring they not only have the manpower, but also the intelligence necessary to minimize harm in the event of a breach. As-a-service offerings and network visibility are key to get there with ease.