While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The standard definition of security is wrong. It is commonly defined as protecting something or someone from another something or someone. But this definition is outdated and incomplete.
Cybersecurity operations in 2017 are more than firewalls and data encryption to keep the bad guys out. The idea that security tools and personnel impede innovation and drive up costs is simply incorrect.
More than just guards at the gate, today’s security analysts are also detectives capable of finding efficiencies, guiding investments in new areas and delivering insights that will help improve customer and citizen services.
Here are three ways you can move beyond a limited view of cybersecurity in 2017 and truly use it as an enabler across your agency or organization.
Security data is good for more than just identifying possible network threats. With comprehensive security operations, information collected across departments to form a holistic security picture can also be used to improve broader agency operations and spur greater efficiency.
For example, suppose an engineer from a national laboratory is searching the internet for information on a particular topic to support a project he or she is working on. This action would likely be captured by the agency’s security team as a part of its routine monitoring. However, modern security operations teams can take this a step further.
A security analyst might notice that the engineer is searching a topic that another lab researcher worked on a few years prior. With this knowledge, the security team can connect the two employees, creating a collaborative environment where intellectual property can be shared. This drives efficiency by accelerating the engineer’s workcycle, saving time and allowing the new project to be modeled in a way that meets policy and compliance requirements.
All too often, large agencies lack this visibility, and departments operate in silos while internal resources and information are not shared.
Another example would be using security chain analysis to inform operations. Security analysts monitor user communications to understand the potential chain a piece of malicious malware or a virus might use to spread. However, analyzing user communications also provides insight into workflow habits, which can help from an operations standpoint.
For instance, many agencies are anticipating a flood of baby-boomer retirements. This could disrupt workflows, especially if a wave of retirements hits a department at the same time. Using the visibility from security chain analysis, agencies can see where the biggest holes are likely to occur and allocate more resources to those areas when someone retires to limit the operational impact.
Traditionally, chief information security officers are focused on stopping something from happening. However, another approach to reducing risk is to be proactive in identifying needs and create an environment that enables success.
Today, it is not a CISO’s job to say “no” to ideas. Instead, it is to create an environment where improved operations and services can be achieved. Whether it is cloud services, data services or something else, security operations teams’ expertise can extend beyond the security department and guide agency leaders in making operational improvements.
For example, agencies are exploring (and need) greater data and document-sharing capabilities. The first response from many agencies is to create an internal sharing capability with their own servers and keep it on-premises to protect it better. However, a cloud provider could offer quicker deployment, run it faster than the agency would, and avoid the management and maintenance costs of those servers.
Security is the perceived obstacle to making this move. But, in truth, this is not the case.
The CISO and security team can create requirements to ensure the agency controls the information, has increased visibility into who accesses it and has some measurements to monitor if the vendor falls out of compliance.
So, rather than dismiss using a cloud provider, the security team can help the IT team set up an environment that enables document sharing capabilities to be implemented efficiently, cost-effectively and securely.
Security analysts monitor agency network and web traffic for threats, but this visibility can also be used to identify opportunities for putting processes in place to create more value and improve citizen engagement.
An agency could use its security team to provide better services to citizens and perhaps drive more revenue. A visitor applying for a license, permit or fee in one jurisdiction might be interested in getting the same license for a neighboring jurisdiction, municipality or state.
On the other hand, someone who frequently visits the website related to a particular service might be interested in taking advantage of other related government services. By identifying these opportunities, the security team could spur new offerings to be flagged for those visitors through direct email outreach or advertising.
Another example could be an agency’s response to the changing habits of the audience it serves. For example, as seniors become more tech savvy, the agency might want to optimize its online resources for multiple device platforms. The web security team could facilitate this by identifying trends in the devices used to visit the site and coordinate with the IT team so it can adapt online service capabilities to meet user demands.
CIOs, IT teams and federal leadership overall need to start viewing security through a different lens to see how it can help create more value and support agencies’ missions as a whole. These benefits could be found anywhere, even where you least expect it.
Security is an enabler — we just have to start looking at it that way.