Jul 24 2020

Make the Case for Security Spending

Government IT teams work to ensure that they can combat threats without impeding the mission. Communicating that approach to leaders is critical to gaining support for additional security investments.

Cybersecurity is always a top concern for federal IT officials, but as government workers scattered to their homes during the COVID-19 pandemic — increasing the number of endpoints and possible weaknesses — it became an even more critical mission.

Research from CDW and IDG found that the federal government was the sector most likely to spend money on risk mitigation in the first place, with an average of 28 percent of its technology budget allocated to cybersecurity in the next two years. Only modernization saw more spending, at 30 percent of the budget.

Modernization and cybersecurity go hand in hand, and it’s clear that the government understands that, given the rate of spending. But in a changing (and changed) environment, existing plans may not be adequate.

In fact, the CDW/IDG research found that although the government is most likely to invest in cybersecurity, only 15 percent of federal leaders surveyed think they are well positioned to meet risk mitigation goals in the next two years. Given the added vulnerabilities created by long-term telework, agencies may want to revisit their security plans to ensure defenses meet evolving needs.

Designing Security That Inspires Confidence

Although White House directives such as the President’s Management Agenda set the framework for reducing cyber risk, it’s up to the agency to work with partners, vendors and employees to manage the details. Uniting all stakeholders around a common understanding of the threat landscape — as well as the agency’s specific needs, goals and challenges — is often the first step in that process.

Realignment on key concepts ensures that IT and government leaders can face the new normal as a unified front and implement a comprehensive strategy that secures people, processes and technologies across the entire organization.

In a telework scenario, such a strategy may include awareness training, stronger authentication practices and improved endpoint encryption — all investments that safeguard data and systems, whether users are at home or in the office.

Of course, because comprehensive security looks at risk mitigation as just one part of the larger whole, IT teams work tirelessly to ensure tools and tactics combat threats without impeding overall mission effectiveness. Communicating that approach and value to government leaders is critical to gaining support for additional security investments amid today’s growing risks.