Industry Perspective
3 Ways to Continuously Progress on Security
An interview with Tad Northcott, Plan Executive, Navy and Marine Corps; Dave Deppisch, Market Leader, Navy, Marine Corps, Air Force and the Defense Information Systems Agency; and Glenn Jensen, Software Account Executive, Insight Public Sector When it comes to security, agencies are used to doing more with less. Not only can budget
constraints limit options, but priorities can shift and talent can grow scarce. No matter the obstacle, even one roadblock can impede meaningful security advancements.
But what happens when today’s cyberthreats evolve
and agencies cannot keep up? Too often, the result is a costly and humiliating security incident. To prevent this, agencies need the ability to continuously refine their security capabilities and defenses.
“The bad guys never stop,” said Glenn Jensen, Software Account Executive at Insight Public
2. Leverage continuous monitoring Continuous monitoring is a vital component of
zero trust security because it detects changes to
agencies’ IT environments in real time. Whether it
is an emerging threat, vulnerability or compliance
issue, continuous monitoring makes sure agencies
are always informed about their security landscapes. “Annually, lots of agencies scramble to prepare for
cybersecurity inspections,” said Tad Northcott, Plan
Executive, Navy and Marine Corps. “With continuous monitoring, they’d know where they are before an annual review.”
Sector, a business-to-business and IT solutions
3. Add multifactor authentication
progress and improve.”
that agencies are increasingly leaning on for their
provider. “Cybersecurity requires us to continually The Insight Public Sector team shared three steps agencies can take to keep their security ready for anything:
1. Assess security capabilities Agencies frequently do not know the state of their
security personnel, processes and tools. By having
a trusted vendor assess their capabilities, agencies can pursue goals that elevate their overall security agencywide.
Multifactor authentication (MFA) is another tool
security needs. When users approach agencies’ sensitive data and other assets, MFA asks them for at least two pieces of proof to confirm their identities, such as a birthplace, fingerprint or something else.
All agencies have unique goals, but IT providers like
Insight can assist them by identifying their potential
security gaps. Insight can then provide agencies with specific tools — such as continuous monitoring and
MFA solutions — that can meet their mission demands.
“You can evaluate your current state and then move up the stairs to the state you want to get to,” said
Dave Deppisch, Market Leader, Navy, Marine Corps, Air Force and the Defense Information Systems
“What agencies have told us is that they want to leverage private-sector best practices,” Jensen said. “Our goal is to help them meet that need.”
Agency (DISA).
For instance, a vendor assessment can tell agencies how prepared their operations are for zero trust
security. Zero trust security involves distrusting all
computing entities, so agencies may need to ready
their devices, users and other assets before adopting such a dramatic shift in security strategies.
Unpacking the President’s Cybersecurity Executive Order
23
