Now in the private sector at Cyxtera, former federal CISO Greg Touhill views his role in helping federal agencies move to new technologies as very similar to when he was in government.
The first and so far only federal chief information security officer views his mission as largely the same, albeit now at a different place and this time in the private sector.
Greg Touhill left the federal CISO post in late January after nearly four months in the role, which was preceded by two years as deputy assistant homeland secretary for cybersecurity and communications. Since leaving government, Touhill has among other things taught cyber risk management courses at Carnegie Mellon and worked on a pair of books.
Touhill also spent that time “looking at taking the next steps” for his post-government career as he described to Washington Technology. The retired Air Force brigadier general has since found what he sees as a good fit in secure IT services provider Cyxtera.
At Cyxtera, Touhill leads its Washington region-based federal business as president. The company bases its headquarters in the Miami metropolitan region and is backed by private investment groups BC Partners and Medina Capital, which formed Cyxtera in part through the acquisition of CenturyLink’s data centers and colocation business earlier this year.
For his new role, Touhill said he wants to continue facilitating teamwork between government agencies and their partners in the private sector. Namely, one of his goals at Cyxtera is to help educate prospective agency customers on where business can help.
“CIOs, CISOs and the technical teams are task-saturated and have so much to do,” Touhill said. “They don’t have the time to do as much market research as they’d like to do.”
Cyxtera’s 57 data centers are in 29 geographic markets around the world, Touhill told WT. The launch of Cyxtera and its federal business comes at a time when agencies are rethinking their data center footprints, a trend Touhill saw first-hand as CISO and at DHS.
“I found the government had a plethora of data centers that were increasingly expensive to operate and maintain,” Touhill said. Touhill said civilian agencies have almost 16,000 data centers in their portfolio.
“The reason the government built the data centers is they didn’t have a lot of opportunities to purchase capabilities from the private sector, which has leapfrogged the government in data center capability,” Touhill said.
Cyxtera sees opportunity in helping agencies recapitalize their data center footprint as much of those hubs are aging, Touhill said. The government can co-locate and put functions into private data centers as agencies retire their own data centers and other related systems, he said.
Cybersecurity will be another key area of focus for Cyxtera in the federal arena and in particular where the defensive perimeters are shifting. Touhill said that dynamic is changing as users have changed how they connect to networks.
“How things currently operate, we’ve been relying a lot on fixed defenses but today’s user is very mobile,” Touhill said. “They like to use their mobile devices with a lot of remote access.
“The perimeter has changed but today’s federal IT architectures are with 1980s work charts.”
Software-defined perimeters are the direction agencies should go toward for security of their networks, Touhill said. Connections under that setup require verification of a device before access to a network is granted.
That move is needed as agencies increasingly move their IT infrastructures into cloud computing environments, according to Touhill.
“Right now we rely on firewalls as a primary line of defense, we still need them and they’re good but they need to be augmented in a cloud-based environment,” he added.
“The theme I’m looking at now is that it’s time to leap into the 21st century in IT.”