4 ways contractors can help alleviate feds’ security fears [Commentary]

snagfilms-a.akamaihd.netjason-parry-bfdcbfc5f595e873784a2315cfe41adaa8a1e185-1.jpg

In a single, average day, the Department of Defense alone experiences an estimated 100,000 cyberattacks. Meanwhile, with accusations of Russian election hacking dominating our national dialogue and new breaches constantly being reported, federal agencies have developed a real and justifiable fear: What if we’re next?

The actions of a couple of rogue contractors — most notably Edward Snowden — have only heightened those fears. Those cases, however, were total anomalies. The vast majority of federal contractors respect not only the law, but the mission they’re tasked with serving. Further still, in matters of cybersecurity, these professionals offer expertise and resources that could directly help agencies from becoming the latest victim.

When a breach occurs, there’s a natural temptation to respond by purchasing new technology and throwing it at the origin point. But this approach is unsustainable from a budgeting, planning or resource allocation standpoint. Agencies, after all, can only spend so much or hire so many. And no matter who they hire or what they spend, if they’re not equipped to maximize that technology, it will ultimately result in waste.

When budgets are tight and resources in short supply, agencies often must focus on optimizing what they have and on offsetting the challenges posed by staffing limitations.

For that, they frequently turn to government contractors. But how can those contractors alleviate federal agencies’ security fears?

Help them prioritize

Simply implementing a new technology doesn’t necessarily solve a problem. Before selling a solution, contractors should help agencies step back and take a wider view of their security posture.

Informed consumers, after all, make better choices. Federal IT leaders need to understand what they’re protecting, but also why and how. Contractors should use their experiences to provide that guidance and to help agencies prioritize security in a way that empowers federal IT departments to share this information across the chain of command.

Decrease complexity

Federal agencies have tight IT budgets and limited resources — not only in manpower, but time. If you pitch a technology that requires a new dashboard and extensive user training, there’s a high chance of rejection.

Instead of lobbing major changes from the onset, consider what that agency already has in place, how your solution works with their existing capabilities and whether it solves more problems than it creates. If the solution replaces an existing system, it should also leverage existing skill sets and processes. And, even if it solves the problem at hand, if it requires more training and new processes, you might actually be adding complexity and problems.

Introduce IT automation

We frequently encounter IT departments with systems that monitor traffic and deliver that information to an analyst, but that do little else. This type of system relies on a person to act on that data, which isn’t always efficient, sufficient or effective.

Why? First because today’s network infrastructures are capable of self-defense and of providing analysts with full visibility. Infrastructure can be designed to tackle known threats and to predict and defend from future ones before damage occurs.

Next is the issue of resources. Monitoring incidents is a time-intensive, repetitive task that technology can tackle with increased accuracy over time.

By introducing federal IT decision makers to IT automation and demonstrating the benefits of adopting it, contractors can help agencies redistribute resources and manpower more efficiently. In turn, their IT employees will have more time to spend on creating successful security strategies that address fears and threats by preempting them. It will also allow security professionals to focus on the priority incidents instead of all the noise generated by thousands of alerts.

Education

Like any business, federal agency decision makers are more at ease when they know their employees are educated and prepared. To that end, contractors should help federal IT leaders to incorporate education into their security strategies. After all, users are often the greatest source system threats.

To ensure agency employees remain informed and motivated to make secure decisions, contractors should help agencies develop education and training programs for their users.

But remember: the risks don’t begin and end with users. Explore whether agencies also have structured education and training for their IT and help desk staff. These are the teams that provide permissions for users to access files and links. It’s disastrous for security when they’re not sufficiently trained.

In short:

It’s easy to go straight for the sale when a customer comes to you with security fears. Instead, though, contractors must deliver sustainable solutions that build deserved confidence into their overall security strategies. Otherwise, that sale represents only a short-term win for you and a long-term pain down the road for customers.

Jason Parry is the vice president of client solutions at the network security company, Force 3. Force 3 has provided technology solutions and services to US federal agencies for more than 25 years.