Security in the “New Normal”

With telework expected to stay long after the pandemic ebbs, government agencies are looking to shore up the remote work solutions they put in place to ensure on premise security measures extend to the dispersed workforce. Multi-cloud environments are the reality for almost every agency. The many applications needed for the diverse functions of an organization require multiple cloud solutions to provide the specific support needed.

A report from Meritalk, Multi-Cloud Defense: Redefining the Cyber Playbook, found that 83 percent of respondents are increasing multi-cloud adoption to support telework and mission needs related to COVID-19. However, 42 percent said their cyber strategies cannot keep up. One part of the challenge is creating a solution that can be applied to the wide variety of endpoint devices and meeting enterprise security requirements.

One option for quickly developing and implementing security solutions for the reality of today's network is the practice of DevSecOps. DevSecOps is an organizational philosophy that combines agile software development with security testing and tools for rapid delivery of applications and services. The growing use of this approach has led The National Institute of Standards and Technology (NIST) to create DevSecOps guidance that would help agencies include security earlier in the development lifecycle. This builds a new level of transparency into the security of solutions being used on government systems.

Security has always been a paramount focus of government IT and now with the way we access systems and data changing dramatically and quickly it is an even more critical focus. Luckily, there are a number of events and resources that can help IT and business leaders navigate what this "new normal" means for security.

  • RSAC 365 Virtual Summit (January 27, 2021; virtual) - From security leader RSA, this one-day online event features four tracks - Analytics, Intelligence, and Response; Application Security; Machine Learning, AI, and Automation; and Impact 2020, looking at the resilience strategies that worked in 2020.
  • Cloud Security & Services: Matching Data Demands with Increased Security (January 27, 2021; virtual) - This session will look at the challenge of blending the different types of cloud and service models to provide access to needed data, while at the same time protecting a much-enlarged attack surface created by the large number of workers who are accessing the data remotely.
  • FCW Workshop: Pillars of Modernization (February 10, 2021; virtual) - This workshop will feature government and industry experts addressing the need for a holistic approach to modernization that looks at security, network infrastructure, multi-cloud architectures, data solutions, and the user experience.
  • Advancing Cybersecurity at Scale in the Cloud (white paper) -- Even though federal agencies are gatekeepers to some of the nation's most valuable and sensitive data, much of the core infrastructure tasked with securing these assets has not evolved. This paper looks at how to create a comprehensive platform to help modernize and holistically manage digital environments.
  • Cyber Resilience Review (data sheet) - Published by the Cybersecurity and Infrastructure Security Agency (CISA), this paper looks at how a review provides an improved organization-wide awareness of the need for effective cybersecurity management. It details how to map the relative maturity of the organizational resilience processes.

We'd love to hear where you are getting insight on DevSecOps and cloud security. Share your ideas in the comments.

Do you have an upcoming event related to security? Be sure to add it to GovEvents to reach our 100,000+ members and beyond. You can also now add white papers, case studies, infographics or e-books to GovWhitePapers.

The 8th annual IT Security Automation Conference

Originally posted on Federal News Radio

October is National Cyber security month and will be kicked off in Baltimore with a three day conference with a focus on automating security.

The concept of security and the federal government is inevitably wrapped in guidance from National Institute of Standards and Technology NIST.

On October 3, 2012, NIST is working with a wide range of members of the security community to produce the 8th Annual IT Security Automation Conference.

Listen to the interview with Dave Waltermire, security automation architect, in NIST's Computer Security Division.

In the interview, Waltermire gives an overview of the conference, talks about security automation, the history of SCAP, competing standards, the challenges of generating standards, and the role the federal government in this process.

The conference covers continuous monitoring, software assurance, incident handling, analytics, as well as trusted computing.

Listen to the interview with Dave Waltermire.