To Improve Cybersecurity, Federal Agencies Should Modernize IT First
Improving an organization’s cybersecurity posture should start with IT modernization, and that’s as true for federal agencies as it is for the private sector.
Many federal agencies are making progress in modernizing their technology, according to the recent Federal IT Acquisition Reform Act (FITARA) scorecard from the U.S. House Oversight and Reform Committee. That’s good. But many of their cybersecurity scores were still too low.
As laid out in the FITARA hearing, many agencies earned cybersecurity grades that were less than excellent. Only two agencies earned “A” grades, five received “B” grades, eight earned “C” grades, and seven received “D” grades. One unfortunate agency actually received a failing grade.
What’s more, many federal IT resources are being expended in outdated places. Overall, the U.S. government allocates over 60% of its IT spending on maintaining legacy systems, the U.S. General Accountability Office (GAO) estimates, but only 13% on IT modernization.
A new approach to IT modernization
It’s worth restating that the improvement of a cybersecurity posture starts with IT modernization. But first, the government needs to make informed decisions on prioritizing modernization efforts. These modernizations will be mainly funded by taxpayer dollars via federal legislation, including the Modernizing Government Technology Act and the Technology Modernization Fund.
The need for federal IT modernization has been apparent during the COVID-19 pandemic. When the pandemic first struck, some federal legacy systems created challenges around the continuity of government operations.
Agencies discovered that they lacked both comprehensive visibility into their IT assets and real-time data about those assets’ health and performance. As a result, many agencies struggled to adapt to both the pandemic and the rapid shift to remote working. It’s clear that any comprehensive modernization effort must include the ability to gather real-time, actionable data on the state of any endpoint.
Americans recognize that improving federal cyber postures is no easy feat, but they also want action. Recent Harris Poll data finds that 78% of Americans worry that their online accounts will be hacked or that their data will be stolen.
Getting started
How can federal agencies make better decisions around spending taxpayer dollars, strengthening their security posture, and proactively addressing the concerns of their constituents? These two actions can provide a good start:
- Adopt a Zero Trust platform strategy that bridges the gap between security and operations teams. Zero Trust provides a unified view of endpoints across the enterprise, validates each endpoint before authorizing, and gives teams visibility across end-user tools, cloud infrastructure and data centers.
- Practice good cyber hygiene. For example, conduct risk prioritization and remediation on the agency infrastructure. In this way, agencies can identify and determine which vulnerabilities need patching, while also assessing the security levels of individual endpoints.
Real-time endpoint management
For agency leaders who need to trust their digital systems — and isn’t that all of them? — Tanium offers a real-time endpoint management platform. Tanium provides the data and control federal agencies need to manage today’s unrelenting complexity.
Tanium offers the only enterprise endpoint management and security platform with a unique, patented and proven communications architecture. It can empower your organization with the comprehensive real-time visibility and control needed to make critical decisions and take the right action, right now.
The Tanium platform thrives in a variety of diverse environments, and it provides the extensibility and flexibility needed to handle the kinds of management and security needs that can change from second to second.
You can read more of my ideas on how government IT leaders can improve cybersecurity in this Nextgov article.
Learn how Tanium helps federal agencies protect endpoint devices and networks from any location.