The pandemic and the rapid shift to telework challenged IT teams everywhere. Technology leaders and cybersecurity professionals struggled to do what seemed impossible, and ultimately played a crucial role in ensuring a safe transition to work from home and meeting the surge in demand for digital services driven by COVID, especially in the government sector. Overall their strategies met with success, elevating the status and recognition of the IT department as an essential organizational partner. To further capitalize on this success, IT leaders must continue to provide efficient security solutions and reduce costs while addressing the needs of their IT customers.
In this Q&A, Fortinet Public Sector CISO Jim Richberg discusses how the pandemic has changed the role of IT leaders, challenges around returning to the office, and how technologies such as SD-WAN can help governments do more with less.
When resources become tight, government agencies typically move to circle the wagons to protect whatever their core mission is. Everything outside of that core mission — including support services, which unfortunately often includes IT and security — become areas to absorb cuts. While this is the most common outcome, it did not happen in the case of the pandemic because IT and security were recognized as essential elements in the pivot to telework. If organizations hadn’t had the ability to rapidly deploy secure remote connectivity and collaboration technlogy, employees would not have been able to work from home at scale. Tech leaders were seen as enablers of success in a way they never had been before.
By identifying and championing the right digital transformation technologies. Unfortunately, government agencies typically lag the private sector in technology adoption; so identifying options that are impact and cost-effective is an opportunity to close some of that gap. Experience has shown that government can be just as adaptive as the private sector under the right circumstances.
One way agencies can simply operate and drive down costs in their IT cybersecurity portfolios is with software-defined wide area networking (SD-WAN) — enabling agencies to create a networking architecture for fast, scalable and flexible connectivity across different computing environments. By taking advantage of SD-WAN and by leveraging the capabilities offered in a platform-focused approach to cybersecurity integrated ecosystems of automated capabilities spanning the growing attack surface-- agencies can get the most bang for their buck in security and deliver better performance to their users and customers.
Cloud computing is another increasingly attractive option. It is efficient and responsive, and it allows you to do everything as a service. Agencies recognize how to work in the cloud and understand the shared responsibility model for security operations and data in the cloud. The challenge for many comes when working in multiple cloud environments. Most organizations have multiple cloud service providers, each with different levels and types of security offerings, which makes it challenging to ensure consistency of security policy and controls across them.
Cloud and software defined networking are examples of types of technologies that can both stretch the impact of dollars and increasing operating efficiency as budgets decline. And they allow organizations to work remotely, back in the office or in a hybrid environment. They meet any of those needs, they do it in a way that is intrinsically secure, and they allow agencies to innovate to powerful digital tools to their employees and customers. It is a win-win-win, and it is by identifying those winning technology areas that IT and security will continue to be seen as the indispensable mission partners they became at the start of the pandemic.
IT and security should collaborate to define the art of the possible for their agency, to shape that menu of digital transformation options. By having IT and security collaborate at the front end of the planning process, you end up with a solution that is secure by design rather than leaving security to addressed as an afterthought. And because the solutions that are intrinsically secure are often built around the latest generation of technology, IT often gets a solution that is more efficient and powerful.
Let’s use software-defined networking as an example. In its earliest version, it was just about traffic management and enabling local and wide area networks to be created and modified ‘on the fly’. Then people realized security had to be part of the equation, so you ended up with hybrid situations that either featured a security concentrator in the local network environment or as an enclave before accessing the internet. Then came consolidation into a unified inherently secure, software defined, networking product. This allows you to do things earlier versions of software defined networking technology couldn’t do, and of course it’s got all the capabilities of a next-generation firewall. It’s a win for everyone.
Organizations that were quick to return to the office — at least with part of their workforce — in some cases found they didn’t have adequate network infrastructure to support these hybridwork practices. Even in-office employees were holding staff meetings virtually, either for social distancing or to collaborate with colleagues who continued to work remotely. But these in-office employees often lacked the bandwidth for this collaboration because pre-pandemic, many organizations did not factor the need for simultaneous access to high-speed bandwidth by all employees into their network design. So many of the employees who returned to work found they had less functionality than when they were working from home using broadband access.
Establishing plans for return to work, collaborating with security to plan for flexible and cost-effective solutions, and championing for digital transformation technologies are all post-pandemic changes to the role of the IT leader. Their new popularity and prominence as key mission partners must be leveraged in a way that addresses the needs of government agencies, their employees, and the end users they support.