Government actions, including the American Rescue Plan Act, have led to a deluge of federal funds to states over the past few months. Additionally, the federal government is using a $1 billion allocation for technology modernization and cybersecurity. These funds are vitally needed, and many anticipate that more funding is on the horizon.
While strengthening cybersecurity and data protection is a top priority at both the federal and state levels, state and local governments often face tighter budgets and more limited staffing, particularly around IT and cybersecurity.
Most states spend less than 3 percent of their total IT budgets on cybersecurity, according to Deloitte. The result is that state agencies are often left vulnerable to cyberattacks.
This has been vividly illustrated throughout the coronavirus pandemic. State and local governments have seen plummeting tax revenues, business closures, record unemployment rates and rising healthcare costs. They are faced with new funding requirements to safely reopen schools and businesses. Nearly all budget areas are taking a hit to make up the difference. This creates a dangerous conundrum, as cybercrime is on the rise. State and local governments are prime targets for ransomware attacks, and it’s critical they continuously strengthen their defenses.
States Follow Federal Footsteps on Cybersecurity
States including Texas are taking steps to combat these attacks and ensure better cyber defenses. Texas recently developed a new fund that will allocate federal dollars to state agencies to support information resources improvements. This fund, the Technology Improvement and Modernization Fund, stems from the efforts of 27 Texas agencies that pushed for the state legislature to allocate millions of dollars to address cybersecurity system risks. The funds will allow the state to upgrade severely outdated systems, protect state constituents’ information and improve cybersecurity defenses.
On the heels of this funding, the StateRAMP program announced its first Authorized Vendor List, giving state and local government IT and procurement officials more confidence in their cloud service providers solutions that process, store, and/or transmit government data.
Like its federal counterpart, the Federal Risk and Authorization Management Program, StateRAMP is based on a “certify once, use many” concept that saves time and reduces costs for both service providers and government agencies. Programs like this aim to drive consistent cybersecurity defenses across vulnerable state and local government organizations.
As both federal and state funding becomes available and state and local agencies continue driving the improvement of cybersecurity posture, state and local government IT leaders must have plans in place to fully leverage these resources.
KEEP READING: Get complimentary resources from CDW on building an incident response plan.
Zero Trust Can Strengthen States’ Cyber Posture
To deliver on government missions effectively, IT teams must make intelligent and vigorous use of modern technology and security practices while avoiding disruption by malicious cyber campaigns.
The zero-trust model is one solution to strengthen cyber defenses. Outdated systems and traditional networks can allow too many risk factors to seep in and threaten the citizen data stored within state and local operating systems. Zero trust helps government agencies keep information and data more secure by taking extra steps to verify the identity, devices, access and services employees attempt to use.
With zero trust, security is considered a service on top of the network, and secure access can only be achieved once contextual validation has occurred, regardless of the location and time. This approach will transform previous security models and make the No. 1 priority protecting the organization’s data — which is citizen data.
Zero trust is not a solution an IT leader can purchase. It is a cyber philosophy that can be applied to every aspect of an environment.
It gives state and local agencies strong access management and security tools to prevent unauthorized users from seeing applications and sensitive data, shrinking the attack surface and giving IT teams peace of mind as they monitor their environments.
However, states must be conscious of the difference between purpose-built, cloud-based solutions that are truly architected for zero trust and legacy on-premises systems that have simply been retrofitted for the cloud and rebranded as zero trust.
As state and local agencies seek to leverage available funding to strengthen cyber defenses and support the work-from-anywhere world, digital transformation is imperative. The attack surface continues to expand, and security must be embedded to protect the network. Agency IT leaders need a cloud-delivered approach to enabling zero trust that delivers fast, seamless, secure access across their entire ecosystems.
RELATED: Learn how to create an effective incident response plan.
