Technically Speaking

For nearly 30 years, DLT has grown to be one of the nation’s top providers of industry-leading IT solutions for the public sector. The strategic decision to focus solely on the public sector market has cultivated trust and assurance with our technology vendors that DLT is their go-to expert. With the evolution of technology and the emphasis on modernizing government, the public sector is changing how it procures new technologies by leveraging consumption-based and as-a-service delivery models.

Federal agencies are using multiple public clouds in addition to on-premises private and non-cloud infrastructures. This mutli-cloud adoption is creating increasingly complex environments and making it difficult to manage and protect data. Without proper data management, hybrid and multi-cloud environments can quickly become just another series of expensive and risky silos. All cloud migration strategies should encompass data management best practices to maximize cloud adoption benefits while minimizing risk.

Many government agencies, particularly large agencies, face enormous obstacles in simply compiling and inventory of the software and hardware under in their system. The difficulty is understandable: I know of one agency responsible for 220,000 makes and models of medical devices (note that this number refers to “makes and models” only. The actual number of devices is much, much higher). In addition, the devices are online intermittently, and many of them are on air-gapped (i.e., physically separate networks), complicating the use of automated tools for identification and inventory.

Every government organization has been the victim of a cybersecurity incident. These can range from mundane incidents such as a user leaving their desk without locking their screen, up to a major breach such as the OPM hack in which hackers stole comprehensive and confidential information on millions of government employees and contractors.

Identity and Access Management (IAM) is the art and science of ensuring that someone is who they say claim to be. This ensures that they have the correct level of access to systems and data – enough to do their job, but no more. IAM systems cover a wide range of features, but typically include:

Cybersecurity assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002.  The law’s broad scope included a mandate to the US National Institute of Standards and Technology (NIST), charging it to create methods and standards to assess and optimize the cybersecurity posture of US government agencies.