Cyber modernization too complex for quick fixes, in-house solutions, report says

MR.Cole_Photographer/Getty Images

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Stephanie Kanowitz,
Contributor, Route Fifty
 

Connecting state and local government leaders

By Stephanie Kanowitz

|

State and local agencies feel pressure to quickly overhaul their technologies and processes to stay ahead of adversaries and meet growing IT demands, but they first need an in-depth assessment of strategic costs and other implications.

State and local government agencies rushing to improve cybersecurity operations and reduce costs through technology and management changes may be opting for immediate improvements without developing a strategic vision, a new report says. 

Five factors are driving agencies’ push for rapid progress, according to the “2022 ISG Provider Lens Cybersecurity — Solutions and Services” report, customized by Atos. One is cost and constituent pressures. “The public sector has reached a tipping point where a critical mass of citizens, suppliers and other constituencies increasingly expect digital experience and engagement with elected officials and governmental institutions,” the report states. “Cybersecurity, a critical enabler and element of this digital demand, has struggled to keep pace.”

Another is that many IT systems and solutions are reaching the end of their useful life, paving the way for agencies to replace them with modern, cloud-based options.

“Underlying much of U.S. public-sector IT disruption right now is a broadening and accelerating shift to cloud-based software platforms and infrastructure services as agencies push to digitally modernize organizations, operations and IT,” Nathan Frey, head of ISG’s public-sector business, wrote in an email to GCN. “The shift from legacy to next-gen is fundamental. That suggests that a core, strategic cybersecurity re-examination is the most valuable immediate investment.”

A third driver is the stabilization of remote or digital operational environments. Now that the shift to hybrid or remote work is evening out after the COVID-fueled rush to digitize, agencies can “better conceive and develop suitable strategies and solutions,” the report states. “As the workforce and workplace become clearer, public agencies are looking to engage with providers for effective implementation and management of cybersecurity services and tools.”

Fourth, agencies want to be able to use data better – and to protect it. “As older systems were continually patched and as more users were connected from more locations in different ways, risk and inefficiencies grew, further pushing the need for newer, more capable, more secure and less operationally expensive options,” according to the report.

Lastly, agencies are looking to technology to attract workers and to offset a shortage of skilled labor after the public sector saw a sharp increase in job vacancies in 2021.

“With the pace of digital adoption accelerating and a serious skills gap in the market, it is difficult if not impossible for a single organization to scale people, processes and technology to stay ahead of motivated adversaries,” Frey said.

“In today’s environment, it is unlikely an in-house organization will be able to scale and pivot as needed in a cost-efficient manner,” he said. In the public sector, by the time an agency identifies the threat and desired solution and conducts a traditional procurement, the threat has usually already been addressed by the private sector, he explained. “Strong partner ecosystems with flexible contracts will provide more robust and resilient cyber protections at an accelerated pace,” he said.

This environment is ripe for software vendors and service providers, especially those that have “dedicated resources, robust partnerships and solutions tailored to sector requirements,” the report states. That’s because despite the urgency to improve, both sides face challenges such as budget cycles, regulatory processes and outdated procurement processes.

“Public agency change tends to be slow, and often requires political and legislative change to allow, then enable and enforce, the needed organizational and cultural changes,” Frey said. “Agencies working with service providers and software vendors that have proven public-sector experience and expertise combining political savvy and organizational change management with core, cloud-first IT are the most likely to enable and adapt to new IT and ways of working – and therefore improve the IT and organizational climate for cybersecurity effectiveness.”

The report looks at five quadrants of cyber software solutions and services. The first is identity and access management, which it notes is expanding in need and use, although today remains largely in the form of multifactor authentication and single sign-on.

The second is data leakage and loss prevention and data security, which are influenced by the growth in cloud use and privacy regulations. The most effective solutions, the report states, enable classifying data by content and context, classifying risk by context and location, monitoring data behavior, and developing controls, training, adapting and communicating.

Third is technical security services, which the report defines as “integration, maintenance and support for IT security products or solutions.” It predicts demand for these services to grow rapidly along with the expectation of solution and platform adoption.

The fourth quadrant is strategic security services, which the report calls “the most important cybersecurity-related services over the long term,” and suggests public-sector agencies are looking for partners that “demonstrate in-depth technical expertise, backed by dedicated internal cybersecurity resources and an extensive network of technology partners.”

The fifth is managed security services, or the outsourcing of IT security management – currently an uncommon public-sector practice that the report states is changing out of “economic necessity.” The result will be agencies that need help transforming IT security management, and providers must be able to offer services that can scale along with agencies’ needs.

ISG expects four main conditions to influence the state and local cybersecurity market in 2023. Two are the leapfrogging from legacy to next-generation technology and an increase in integrative platforms. Third is a slow but steady move toward outsourcing business processes, “a sensitive concept, especially for those in municipal governments,” the report notes.

The final area is about a new tactical approach.

“Selecting neutral third parties with expertise in assessments and [cyber risk quantification] gives the public-sector agency an unbiased view into realistic options to protect critical assets,” Frey said. “The resulting roadmap from this process will identify services and partners that can quickly close major gaps while positioning the organization for long-term cyber resiliency. This approach also provides a clear view on the ROI of Build vs. Buy based on realistic market conditions and constant evolution of threats.” 

As a result, the report states, the market in 2024 will likely see a surge in demand for systems, services, and data integration and management in addition to strategic consulting and training.

Stephanie Kanowitz is a freelance writer based in northern Virginia.

NEXT STORY: DHS unwraps $1B state and local cybersecurity grant program

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.