Industry Perspective
How to Mature Your Agency’s Cybersecurity
An interview with Kevin Steeprow, Senior Vice President, Engineering, Red River Recently, most of the public sector has realized that
their cybersecurity practices have some growing up to do.
The COVID-19 pandemic prompted more
governments to work remotely than before, but
many found that they were not equipped to defend networks extending beyond their office walls. Thankfully, there is an answer for agencies.
Cybersecurity maturity measures how ready and
able agencies are to address their risks. During crises like viral pandemics, cybersecurity maturity can help agencies avoid painful disruptions.
But maturing agencies’ cybersecurity is easier said
than done. To reach maturity, today’s agencies must assess how their cybersecurity risks affect their people, processes and technology.
“Everyone knows what the end state is,” Kevin Steeprow, Senior Vice President, Engineering at Red River, a software provider, said about
cybersecurity maturity. “Unfortunately, there is no silver bullet or magic wand to get them there.”
Steeprow suggested three steps that agencies can
these discoveries can help agencies gradually strengthen their cybersecurity.
2. Start SOCs Security operations centers (SOCs) are centralized
units that handle organizational and technical issues. For cybersecurity, SOCs typically analyze, monitor and defend valuables like data.
“If you have a good SOC or a good partner providing SOC services, it can give you a proactive and
preventive look at what’s going on,” Steeprow said. By protecting cybersecurity in one place, SOCs can
remove many of the silos that sometimes separate agencies’ teams.
3. Embrace zero trust security Zero trust security dictates that agencies should never automatically trust the users, devices
and other computing entities on their networks.
Ultimately, making zero trust security second nature
at agencies lets them continuously monitor for – and then mitigate – potential cybersecurity threats.
“It is understanding what information you have and
take to increase their cybersecurity maturity:
who has access to it,” Steeprow said. “Just because
1. Take stock
you get the keys to the kingdom.”
Cybersecurity touches scores of agencies’
resources. Whether it is data, networks, users or
something else, agencies at every level have lots of ground to cover.
The truth is that understanding all these concerns
can be challenging. To chart a clear path, Steeprow recommended that agencies initially assess how their cybersecurity is performing agencywide.
“It is about what you have and what is most critical for you,” he said. “You don’t take on the elephant in one fell swoop.”
you’ve passed that original boundary doesn’t mean Cybersecurity maturity requires daily
improvements. The good news is that providers like Red River provide expertise about topics including
security assessments, SOCs and zero trust security to help agencies constantly raise the bar on their cybersecurity maturity and accomplish their unique goals.
“We want to help you be a Swiss Army knife,”
Steeprow said. “Let’s find the right tool for the right job.”
Security assessments can measure things like how many software vulnerabilities agencies have, and
Unpacking the President’s Cybersecurity Executive Order
35
