2 minute read
How to Mature Your Agency’s Cybersecurity
An interview with Kevin Steeprow, Senior Vice President, Engineering, Red River
Recently, most of the public sector has realized that their cybersecurity practices have some growing up to do.
Advertisement
The COVID-19 pandemic prompted more governments to work remotely than before, but many found that they were not equipped to defend networks extending beyond their office walls. Thankfully, there is an answer for agencies. Cybersecurity maturity measures how ready and able agencies are to address their risks. During crises like viral pandemics, cybersecurity maturity can help agencies avoid painful disruptions.
But maturing agencies’ cybersecurity is easier said than done. To reach maturity, today’s agencies must assess how their cybersecurity risks affect their people, processes and technology.
“Everyone knows what the end state is,” Kevin Steeprow, Senior Vice President, Engineering at Red River, a software provider, said about cybersecurity maturity. “Unfortunately, there is no silver bullet or magic wand to get them there.”
Steeprow suggested three steps that agencies can take to increase their cybersecurity maturity:
1. Take stock
Cybersecurity touches scores of agencies’ resources. Whether it is data, networks, users or something else, agencies at every level have lots of ground to cover.
The truth is that understanding all these concerns can be challenging. To chart a clear path, Steeprow recommended that agencies initially assess how their cybersecurity is performing agencywide.
“It is about what you have and what is most critical for you,” he said. “You don’t take on the elephant in one fell swoop.”
Security assessments can measure things like how many software vulnerabilities agencies have, and these discoveries can help agencies gradually strengthen their cybersecurity.
2. Start SOCs
Security operations centers (SOCs) are centralized units that handle organizational and technical issues. For cybersecurity, SOCs typically analyze, monitor and defend valuables like data.
“If you have a good SOC or a good partner providing SOC services, it can give you a proactive and preventive look at what’s going on,” Steeprow said.
By protecting cybersecurity in one place, SOCs can remove many of the silos that sometimes separate agencies’ teams.
3. Embrace zero trust security
Zero trust security dictates that agencies should never automatically trust the users, devices and other computing entities on their networks. Ultimately, making zero trust security second nature at agencies lets them continuously monitor for – and then mitigate – potential cybersecurity threats.
“It is understanding what information you have and who has access to it,” Steeprow said. “Just because you’ve passed that original boundary doesn’t mean you get the keys to the kingdom.”
Cybersecurity maturity requires daily improvements. The good news is that providers like Red River provide expertise about topics including security assessments, SOCs and zero trust security to help agencies constantly raise the bar on their cybersecurity maturity and accomplish their unique goals.
“We want to help you be a Swiss Army knife,” Steeprow said. “Let’s find the right tool for the right job.”
