Tag Archives: cybersecurity

Insider Threat Goes Mobile

Posted on by

Insider Threat has been a recognized attack and vulnerability vector for some time. In fact, one survey found that government IT professionals report that insider threats are at an all-time high. One source of this increase may be the rise in the use of mobile devices to access government systems. The main challenge in securing mobile access is ensuring that the person who owns the device is the one actually using it and the apps that reside on it. The portability and ease with which devices are lost and misplaced complicate security authentication efforts. But there are ways to mitigate this risk.

Agencies have looked to multi-factor identification to confirm the person accessing the system is who they say they are. This process includes combining two or more credentials. Typically this is something a person knows (a password), and something they have (an access card or a fingerprint). A practice growing in popularity as part of multi-factor identification is behavioral analytics (BA). This looks at how users typically interact with an application or device analyzing things like browsing habits, message syntax, even how they hold the device. If the behavior is out of the realm of normal, the system can lock that user out until they prove their identity another way.

Implementing these types of identity tracking and management is, of course, not without issue. The Department of Homeland Security is being challenged to put more procedures and policies in place to ensure its insider threat program doesn't violate employees' Fourth Amendment rights (protection against unreasonable searches and seizure).

There are many events in the coming months that include a deep look at insider threat and identity management to help navigate these security challenges.

Continue reading

An Agile Modernization

Posted on by

As government agencies look to respond to modernization calls from the executive branch as well as citizens at large, agile and DevOps practices are being employed to help speed time to "market" with new applications. A report issued in early 2019 found that sixty-nine percent of respondents said that their organizations are piloting agile, if not partially or fully adopting it. But, the same report also saw a significant percentage of respondents say that agile met their expectations "less than expected" and "much less than expected." So, if agile is seeing an uptick in use, why is it not meeting expectations?

The issue may lie heavily in training and understanding. Agile is not just a new process; it's a new mindset. It requires a new organizational structure that is a departure from the traditional command and control hierarchy of government. Agile teams are relatively flat with everyone holding interconnected and equally important roles. There's not only a logistical change that needs to happen in terms of org charts and structures, but also a cultural shift to a collaboration-driven rather than command-driven environment.

To begin really seeing the benefits of adaptability, speed, and cost efficiencies agile promises, people need to be trained not only on the process but on the softer skills of communication and collaboration that power the process. We've pulled together a collection of upcoming events that may help. Continue reading

Small Area, Small Problems? Not the Case with State and Local Governments

Posted on by

The operating challenges around budgets, resources, and legacy technology we see at the Federal level are amplified at the state and local level. Just because these groups are responsible for a smaller population does not mean their problems are smaller. On the contrary, historically low staffing levels and a geographically-limited pool of talent feed into the core challenges that all government teams face.

Security - Securing systems and the data that lives on those networks is now seen as a focus beyond IT. Everyone plays a role in cybersecurity, and there is a real need to update systems and processes as well as educate users.

Innovation - Since teams are so busy with day-to-day operations, stepping back to foster innovation can be difficult.  Many are finding ways to make the transformation work. In fact, some of the most innovative public sector programs are happening on the local level.

Managing change - Communication is key in implementing change within small, tight-knit teams. Participation in decision making ensures that new solutions meet the needs of the workforce as well as the citizens.

Finding time for training - All of the challenges above feed into an inability to make time for training and education to keep up with the rapidly evolving technology field. Continue reading

The Why and How of Federal Event Attendance

Posted on by

Market Connections recently conducted a survey to understand how federal decisions makers view and use events as part of their professional development and daily work. The survey included input from technology decision-makers across defense and civilian agencies and aimed to find out how they make decisions about what events to attend and what they expect when they are there.

The survey found that the topic is the main driver for event attendance with 85% citing that as the key reason they decide whether to attend an event. Price and location also play a big role in the decision to attend an event or not. Interestingly, while the topic is important, who delivers that topic is not as critical. Keynote speakers did not rank high on the list of deciding factors. Similarly, while event planners may push the opportunity for networking, that is a "nice to have" for attendees rather than a reason to spend time and money attending an event.

With the topic being so key to attendance, the survey looked at what people are interested in learning about at events. Cybersecurity was the number one topic of interest in the survey. This mirrors what we see in terms of events on our site; cybersecurity typically has the most events listed year after year. The other topics in the top five were cloud services, digital government, AI/Machine Learning, and budget/cost control/fiscal management. Continue reading

It’s Not Enough to be First, You Have to be Smart – Cloud Smart

Posted on by

Over the past year, there has been a shift in the way government approaches the cloud. No longer are agencies asked to go "cloud first," they are now urged to be "cloud smart." This change is not just a matter of semantics; it is a different way of thinking. Rather than choosing a cloud solution to meet mandates, agencies are examining whether the cloud is the right platform for the application or system in question. Cloud Smart also means picking the right kind of cloud - public, private, or hybrid/multi cloud to meet user, administration, and security needs.

One way to be Cloud Smart is to follow FedRAMP guidance. While this program is not without its challenges (including the speed at which technologies get approval), it is still a valuable tool to ensure that industry standards and security protocols are met. Participation in the program is growing with 150 participating agencies and over 130 FedRAMP-authorized cloud service offerings.

While guidance around how to proceed to the cloud is evolving (along with the cloud technology), agencies are pushing forward and finding their smart path to cloud and, more importantly, creating new ways to interact with their constituents. For example, the U.S. Department of Agriculture's (USDA) Farm Production and Conservation division made the shift to a commercial platform-as-a-service (PaaS) for Farmers.gov. This site "allows farmers, ranchers, foresters and agriculture producers to register their businesses electronically and gain personalized access to the services they need to manage their operations." By using cloud technologies, USDA found they could save their developers time, enabling them to focus on configuring, rather than coding.

There are several events that feature examples of these cloud successes and discuss how to overcome technical, policy, and cultural barriers to smart cloud adoption.

  • DC CloudWeek (June 3-7, 2019; Washington, DC) -- This SXSW-style citywide festival brings together thousands of government and tech leaders from around the nation to share how the cloud is transforming government, academia, nonprofits, and the private sector. It includes dozens of community conferences, events, and parties.
  • AWS Public Sector Summit (June 11-12, 2019; Washington, DC) -- This event brings together innovators who are changing the world with cloud computing to share their successes and lessons learned to guide wider cloud adoption in government. The conference aims to send attendees back to their office with new strategies and techniques for kicking off new projects, maximizing budgets, and achieving mission goals.
  • ATARC Federal Cloud and Infrastructure Summit (June 25, 2019; Washington, DC) -- This educational, one-day symposium will examine the cloud tools and techniques being used by the Federal Government to provide agencies with greater efficiency and cost savings. The morning session will feature speakers and panels with government thought leaders, while the afternoon includes the MITRE-ATARC Cloud Collaboration Symposium, where government, academic, and industry subject matter experts will examine cloud and data center challenge topics.
  • 2019 Cyber Security Brainstorm "Cyber Strong: Cyber's New Frontier" (August 8, 2019; Washington, DC) -- This half-day program will discuss integrating cloud and other next-gen technologies, strategies for building cyber strength, and preparing the workforce for these technological changes.
  • KubeCon | CloudNativeCon (November 18-21, 2019; San Diego, CA) -- The Cloud Native Computing Foundation's flagship conference gathers adopters and technologists from leading open source and cloud native communities to further the education and advancement of cloud

Let us know your go-to events for cloud information with details in the comments.