In its list of State CIO Top 10 Priorities for 2023, the National Association of State Chief Information Officers cited cybersecurity and risk management as the top concern, while digital government and digital services ranked second. These two issues are closely connected: As states pursue ways to offer new services to citizens and improve current ones, they also face greater security challenges. Each new IT initiative a state begins represents a target that cybercriminals can try to exploit.
The nature of state government IT operations can create additional security challenges. Due to common budget constraints, complexity issues and demands on IT staff, many states operate legacy IT infrastructure that may hamper their efforts to deal with cybersecurity threats. In fact, a 2022 survey by NASCIO and Deloitte found that 52 percent of state CISOs cited legacy infrastructure issues as a top barrier to dealing with emerging threats and addressing cybersecurity challenges.
“New technologies offer opportunities to do things faster and more efficiently,” says Pat O’Brien, a senior national field sales manager with CDW. “But security is an extremely important piece of the puzzle.”
Updating legacy systems can enable government agencies to greatly improve their security posture. By enhancing data governance and management capabilities, IT optimization can help state governments address their security challenges and deal more effectively with emerging threats.
Click the banner to read CDW’s white paper on data center optimization for state and local agencies.
Key Security Threats Facing State and Local Governments
One of the key cybersecurity challenges that state and local governments face is the changing nature of the threats. Cybercriminals continuously change their tools and tactics to find new vulnerabilities to exploit. However, one thing that has remained consistent is the threat of ransomware. According to a 2023 report from Sophos, 66 percent of organizations were hit by ransomware in the past year.
“Ransomware is a top-of-mind threat,” says Scott Hansen, manager of hybrid infrastructure for CDW. “New vulnerabilities and entry points are discovered daily, so it’s very difficult to keep up. In fact, it’s not uncommon for agencies doing a vulnerability audit to discover unprotected and decommissioned devices they didn’t even know about.”
Many state and local governments also operate public utilities that are particularly attractive targets for cybercriminals looking to disrupt the day-to-day operations of agencies and threaten the health and safety of citizens.
DIVE DEEPER: How agencies can boost security against threats.
Infrastructure Optimization Can Help Agencies Improve Security
State and local agencies can address their security concerns by adopting advanced security tools and implementing strategies such as zero trust. But data center optimization initiatives can also help agencies improve their security posture and address evolving threats.
By optimizing their data centers, agencies can map out all of their IT assets, gaining a clear, comprehensive picture of interdependencies and improving their ability to spot vulnerabilities. Tools such as IT infrastructure management and data center management solutions enable agencies to have greater visibility into IT environments and help them to simplify their security efforts.
“Network management and visibility are important capabilities,” says Christopher Moran, state and local sales manager for the Keystone Region with CDW. “You need to know where your endpoints are and what they are.”
Efforts to improve state and local governments’ cybersecurity posture can lead to improved physical security. When they engage in cybersecurity initiatives, agencies also should address who has access to the data center. As security teams endeavor to limit privileged access to sensitive data, they should also work to limit physical access. For example, penetration testing to assess how effectively an agency can prevent unauthorized access to its systems can include tests of its access policies for data centers as well as smaller server closets and storage hardware.
As they look to optimize their data center operations, one choice many state and local agencies make is to hand off some day-to-day management and maintenance tasks to a trusted partner. This could include a comprehensive Data Center as a Service initiative in which a partner handles all data center management responsibilities, or it could take the form of a more limited engagement.
Many agencies opt to work with a managed security service provider, which can offer firewall management, threat intelligence, threat hunting, patch management and vulnerability scanning. A partner can even run a security operations center on behalf of an agency or multiple agencies. NASCIO and Deloitte reported that 78 percent of states plan to address gaps in their security competency by contracting with a managed security service provider.
“These agencies are looking for trusted information security partners that are willing to do this work for them,” Moran says.
Ultimately, state and local efforts to enhance citizen services and improve data center operations often have the added benefit of boosting security as well.
UP NEXT: How to fend off ransomware with a cybersecurity recovery program.