It may seem ironic, but government agencies at all levels wrestle with the difficulty of compliance with regulatory requirements even as they issue regulations for others (sometimes including themselves) to meet. For example, just as the healthcare industry follows HIPAA, so too do Veterans Administration hospitals – along with all federal, state, local, tribal and territorial health organizations. Then there are government-only policies...

Agencies increasingly rely on Software-as-a-Service (SaaS) platforms such as Salesforce for mission-critical functions, which offers them numerous benefits including flexibility, reducing upfront IT resource costs and delegating upgrades and patches to the provider. Using Salesforce does not remove the agencies’ responsibility for cybersecurity, however, and SaaS applications face their own risks, including misconfigurations, poor access...

Government today faces a long list of imperatives in serving and defending its constituents while supporting and empowering its workforce. Constituents must trust that their need for essential services can be met with transparency, without sacrificing their privacy and security. Agencies and customers alike must feel safe from internal and external threats, including cyberattacks that could cripple infrastructure and disrupt vital services. Em...