For today's CISOs, the stakes have never been higher.

Not only are they tasked with the ever-present mission of keeping constant cyberattacks at bay, but with millions of public sector employees working remotely, attack surfaces are growing. 

To enable crucial remote work, agencies are easing restrictions while doubling and tripling up on new defenses, desperately trying to keep up with increasingly sophisticated attackers without compromising services to constituents.

WWT's Chief Technology Advisor for the Public Sector John Evans knows exactly what agencies are going through. As Maryland's first governor-appointed chief information security officer (CISO), he has guided both statewide agencies and city, town, and county governments toward more secure policies and practices, helping Maryland fend off daily cyberattacks and drive the state's security push into the cloud.

The once-clear boundaries that delineated where government systems ended and the wild, untamed internet began are no more. Now, with agencies running thousands of virtual machines in the cloud, and with users leveraging cloud-based software-as-a-service solutions, there is no clear perimeter.

Managing this uncertain territory requires a strategic and mental shift. Cloud adoption makes it essential to employ new concepts like defense-in-depth, zero trust, and multi-layered security. 

Firewalls still defend the network--but cannot defend the enterprise by themselves.

Emerging technology leveraging automated tools in the cloud--such as Data Loss Prevention (DLP) technology, intended to stop a massive exfiltration before it occurs; and Cloud Access Security Brokers (CASB), designed to block unapproved cloud services--are now indispensable elements of an in-depth defense strategy. The more these cloud-based services are used, however, the more they are likely to be targeted by bad actors.

In the latest installment from the Government Executive Media Group (GEMG) Leadership Voices Series, John provides an in-depth perspective on public sector security at the state and local level, what CISOs are facing on a daily basis, and the innovative defense strategies being implemented to combat these cybersecurity threats in the never-ending battle for true cybersecurity.

Read full article