In my role, I’ve had the opportunity to meet with many Federal leaders, and it’s been my experience that security leaders have been viewed as being resistant to new ideas, viewing cybersecurity as a cost center rather than as a potential cost saver, differentiator or even profit center. But I’m seeing that perception change, and the role of today’s federal CISOs and IT security managers isn’t just to be a protector.
Organizations are empowering employees to work smarter and more efficiently with the latest technologies, by working with security leaders to reframe cybersecurity as a strategic capability that enables innovation instead of inhibits it.
On average, agencies spend more than 70 percent of their budget on operations and maintenance of legacy IT systems. This leaves little funds, let alone human bandwidth, to explore how new cyber solutions and protocols can contribute to operational efficiency.
With that in mind, federal organizations are increasingly relying on CISOs as strategic counselors who can provide advice and guidance on business risk and clearly articulate how cybersecurity can differentiate the organization in a highly regulated market.
As today’s agency CISOs are evolving to be more strategic counselors, they are framing budget decisions in terms of improved citizen service, translating complex IT and security concepts into plain English, and educating senior leadership about risk management. In my many conversations with federal CISOs, I’ve observed that there are two things CISOs are exploring most in order to transform federal agencies – using security-driven insights and supporting civilian services.
Using security-driven insights
We are now nearly 10 years into the “big data” revolution. Today, data collection benefits the public sector in a multitude of ways, providing information applicable to everything from smart cities and connected transportation to drone data and the connected warfighters that are reshaping the battlefield. Federal CISOs and security leaders are now looking at network security data in the same way – as a valuable resource for operational insight.
Most agencies constantly monitor all network behavior, including what users are accessing, where they are logging in from and with whom they are communicating the most. Analysis of this security data provides insight into how best to optimize the network for users by better allocating IT resources and facilitating efficient collaboration across teams.
Imagine that the security team notices the number of employees working remotely increases by 10 percent during July and August. They then use this information to influence network management decisions during that time period and allow decision-makers to prepare staff for an increase in VPN access issues.
CISOs are also seeing how security-driven continuous monitoring can help identify potential synergies within agencies. For example, as part of their network monitoring, analysts might discover that personnel in several different locations are working on the same project independently of one another. By connecting them, those analysts facilitate greater agency-wide information sharing that helps eliminate siloes, reduces project time and ultimately saves taxpayer money.
Federal CISOs continue to explore how security-driven insights can be used by organizations to improve operations. In the coming years, as more analytics tools are available to the federal market, I see CISOs and security leaders fully embracing their strategic advisory role.
Supporting citizen services
Breaches in recent years have validated the important role security plays, especially for agencies charged with protecting citizens’ sensitive and personal information. But CISOs are finding that security can also enable better, more convenient citizen services.
For example, the Department of Veterans Affairs (VA) is expanding its use of telehealth services for patients. Telehealth services are proving to be critical for aging and disabled veterans, but they would not be possible without the security built into VA network environments, including in the cloud, to ensure that the record of virtual visits and confidential patient data are secure. The more strategic the security, the more enabling for citizen services it becomes.
Additionally, CISOs and security leaders are starting to use more effective yet simpler security systems – such as those provided by hybrid cloud environments – to not only reduce maintenance costs over the long term, but also reduce staff time needed to monitor and repair on-premise networks. This, in turn, increases network availability and agency efficiency as a whole. From faster processing of Social Security checks and IRS refunds to improved medical service for our veterans – increased network safety and availability can drastically improve citizen services.
As security enables more improved citizen services and allows organizations to utilize more innovative tools, I see this reputation of the security leader as “the enabler” becoming more and more prominent, as well as the industry mindset around security and its place in the network changing drastically. Security is not only a priority and federal CISOs are finding innovative ways to make it happen.
Embracing transformative thinking
By viewing cybersecurity as a strategic business driver, public sector security leaders are transforming the federal perception from a traditional focus on firewalls, passwords and authentications to a focus on how the actionable insights offered by security solutions can increase operational efficiency and citizen services.
Agency leaders, CISOs and security teams recognize that they are very often the key to unlocking innovative possibilities. Federal agencies’ digital transformation journey will face obstacles but embracing security as an enabler will continue to make the path easier (and faster) to navigate.