Achieving federal security goes beyond technology

Security is currently the number one challenge that business and government face. The ability to keep sensitive data safe and out of the hands of hackers is important for everything from patent protection to brand loyalty to national security. Just look at what happened at OPM.

The technology at our disposal to keep this sensitive information safe and secure has improved exponentially in the past decade. Due to technological advances and a greater understanding of potential vulnerabilities, we’ve become smarter, more agile and better equipped to handle threats. 

But, security doesn’t begin, or end, with technology. It’s about people, principles and practices that set up, control and interpret what the technology does. Enhancing this human element of security is what will keep us safe.

Connection Moves the Perimeter

In the past, the thought of every employee supplying his or her own phone or laptop would have been laughable. Machines were hardwired to a specific desk, accessed by a password inside a room accessed by a keycard, inside a guarded building. 

Fast-forward to today and we’ve all gone mobile or moved into the cloud. Bring your own device (BYOD) is commonplace and employees are doing job-related and personal work on the same machines. 

As the world has become more interconnected, the security perimeter is now everywhere. As a result, constructing a firewall around your data center is no longer sufficient. Every employee, not just IT or security professionals, is responsible for security. They must be trained in proper practices and be given the tools to prevent what they can and report anything suspicious.

It’s Not Just About You Anymore

Part of the reason that every employee must be responsible for security is that it’s not just your information that’s at risk. It’s damaging enough to have your business’ or agency’s information hacked. It’s near catastrophic if that data, as it so often does, includes end users’ personally identifiable data, or information that poses a threat to our national security.

This is often what the data hackers seek. Medical records, tax returns, SSNs, credit card numbers or even user passwords are stolen and sold on the black market. This affects millions of people around the world.

We have technology that can help stop these intrusions. But, we need professionals who can spot them and act to stop them in real time. The security solutions that we create aren’t effective unless they are properly interpreted.

Did that increase in traffic come from a potential denial of service attack or did your company just launch a new, popular product? Are those suspicious international log-ins malicious or did your agency just send a diplomatic envoy overseas? These are the questions that well-trained people are in the best position to answer.

Intelligent Intelligence

While security threats affect us all, too often we deal with them in a bubble. The fear, or shame, of being perceived as weak on security stops many companies and government agencies from sharing threat information with others.

In order to protect us all, this must change. There must be a greater willingness to listen and share best practices, collaborate on new and better approaches and models for security technology and an actively exchange potential threat information.

This crosses private/public boundaries. Enterprises are the primary drivers and innovators of security technology. The government and intelligence agencies have superior insight into emerging international cyber threats, especially those that are state-sponsored. The interplay of these two elements, the technology and the human intelligence, is the key to creating and maintaining a proactive security strategy, regardless of the organization. 

Security isn’t a discipline where you can just deploy hardware or software and let it go. You have to know how to use, monitor and extrapolate the data solutions create. It’s not a problem you can just throw money at. You have to work at it.

This is why we all need to invest in a holistic approach to security. Anything less leaves you and your end users vulnerable. The more connected we are, the more those vulnerabilities will impact us all. Now is the time to change our thinking and adopt a security frame of mind.