The U.S. Citizenship and Immigration Services (USCIS) saved $26 million last year by automating their alert and response to threats against the agency’s data that is secured in the cloud, according to the USCIS chief information security officer (CISO).
At MeriTalk’s Cyber Central – Secure by Design conference in Washington, D.C., on Oct. 27, CISO Shane Barney discussed the importance of resiliency within Federal data – noting that his number one recommendation would be for agencies to adopt cloud, something USCIS began to embrace a decade ago and now operates at over 95 percent on the cloud.
Transitioning to the cloud, Barney said, offered an easy-button solution to secure large amounts of data – and in a cost-effective way.
“Cloud is by and large easier to secure things in, it is by and large the best way to go forward in the future. It enables certain types of technologies and functionalities – especially on the security side – that you just aren’t going to get on-prem,” he said. “It enables you to operate at both the scale and speed of cloud technology which is really critical.”
Moving to the cloud opens the door for his next recommendation: alliance automation.
There is no way, the CISO said, that security experts can sit and watch for every threat that is attempting to penetrate the system. Agencies need to remove that manual barrier to protect their data more rapidly.
“Security automation is your friend,” Barney reiterated.
What both recommendations for securing Federal infrastructure have in common is the idea of a data-centric approach. It’s just good cyber hygiene, he said.
“You layer your overall security approach to how you [use] data,” Barney said. “This is what you should be doing anyways and should have been doing 35-plus years ago.”
To take this more data-centric approach – as USCIS has implemented – agencies will have to change their mindset and overall culture of how they leverage security. He explained that agencies need to shift from this idea of securing from the outside-in and focus on securing the data that’s on the inside first.
A data-centric approach, the president of Cloudera Government Solutions agreed, gives agencies “the ability to understand how the blood of the network is moving around.”
“Shifting the focus from the outer shell of the network is the hard part, because you get into the center where the real data is and that’s where the security – typically – got a little mushy,” Robert Carey said. “If you start on the inside and work your way out, you actually have a much better path of protecting, and you can identify and isolate the data that is most critical to your mission.”
“Once you understand the relationship between the soft center of the network and the edge, you have an ability to . . . feel reasonably comfortable.”