Three Ways to Reconcile the Dueling Forces of IT Modernization and Security
When it comes to network modernization and security, federal IT may be experiencing a case of dueling personalities. On one side, network modernization is essential to a better security posture. This is because outdated legacy IT systems are more prone to vulnerabilities and were never designed to handle today’s threat landscape. However, the very act of modernizing networks may actually be making those networks less secure, at least in the short term.
That juxtaposition is evident in a recent SolarWinds federal IT survey. Sixty-six percent of respondents stated that federal agencies’ network modernization efforts have increased IT security challenges, while the majority also indicated that modernization has led to better risk management.
Focusing on three key areas—building a comprehensive staff training program, implementing strong IT controls, and automating network and security management—can help agency IT professionals navigate the tricky path between modernization and security. Let’s take a look at each to see why they are important and how they can be implemented.
Building a constructive training program
An agency can deploy the most secure solutions in the world, but if employees are not trained on how to use them, they may as well come equipped with Swiss cheese-sized holes. In fact, 50 percent of SolarWinds survey respondents claimed that lack of training on new technologies led to increased security challenges.
Investing in ongoing training for the new technologies is essential. IT teams must be fully briefed on how to use these tools from the outset so that they are ready to manage them right out of the box. Training must be continuous and occur at regularly scheduled intervals, so that teams can remain knowledgeable about new features and solutions.
Overall security training also is very important, and all agency employees should be kept abreast of the changing threat landscape. Hackers are becoming more creative and enterprising, introducing new threats on a regular basis. All agency personnel, including non-IT workers, should be made aware of those threats and trained on simple steps to mitigate risk. Training should be supplemented with end-user testing to keep everyone on alert for threats. Everyone must have a role in securing the agency.
Implementing strong IT controls
When an agency moves from a legacy IT system to a modern network infrastructure, there will inevitably be information overlap and increased vulnerabilities due to the hybrid nature of the environment. Implementing strong IT controls can help administrators bring new and old technologies together by allowing managers to monitor their hybrid infrastructures and update their systems accordingly.
Survey respondents called out several controls they found to be most effective. They included identity and access management tools, patch management software, configuration management software, and security and information event management (SIEM) tools, among others.
Many of these tools, particularly the network monitoring capabilities of SIEM tools, can be used effectively to identify and respond to threats, which enhances overall security postures. In fact, survey respondents who rated their IT controls as “excellent” noted that they have enjoyed greater success in network modernization and risk management.
Automating network management and security
Automation is a commonality among many of these solutions, which feature the ability to detect potential vulnerabilities and intrusions as they occur. For example, the system can identify an anomaly and automatically react to it by blocking IPs or disabling users. All of this can be done in real-time, closing the door on a hack before it begins.
Although educating individuals on the use of modern network security tools and cyber threats is important, combatting these threats and managing networks manually has become impossible. Network management has become far too complex, and in many cases, humans will not be able to respond to rapidly escalating breaches in an acceptable amount of time. Automation is essential for more efficient network management and better security.
However, agencies will achieve automation only through modern network technologies that begin to close the divide that exists between the old and the new. They must start to reconcile the need for better security with the pains associated with network modernization. They must recognize that network modernization and security are two sides of the same coin. There cannot be one without the other.
The challenge for federal IT professionals is to bring the two together. That starts with better education and a commitment to strong, automated controls.