Because of today’s massive shift to remote work, private and public organisations need new approaches to augment their network security.
While cybersecurity firm Tanium developed such a product (which they call ‘XEM’ or converged endpoint management), they also have an executive role — a chief information officer — specifically for state, local, and educational institutions (or SLED).
To acquire a better understanding on government cybersecurity matters, Frontier Enterprise spoke with Chris Cruz, Tanium’s CIO for SLED. We also asked Cruz about current technology challenges, government security spending, similarities between United States SLED sectors and Asia, and more.
IDC predicts that governments will be one of the highest security spenders in APAC this year. How can this increased focus on cybersecurity help government agencies save resources?
The increase in funding will help drive further innovation and provide additional automation in legacy modernisation and digitalisation of key applications, to ensure that application security is applied.
Most government organisations will invest in common security platforms that integrate their IT operations and security (i.e. SecOps) programs, thereby reducing the amount of tool sprawl that has gone on over the last decade. This tool sprawl has led to manually intensive processing and poor data visibility in responding to a cyberattack or incident.
Government organisations will look for real-time data platforms to provide risk metrics and dashboarding to monitor and manage their network infrastructure, respective risk thresholds, and tolerance.
The increased visibility and monitoring beyond the current network infrastructure will help accommodate the new hybrid work environment and develop zero-trust plans to build on security at the point of entry.
You were once a Criminal Intelligence Specialist in the California Department of Justice. What specific lessons learned there are you able to apply in your technology career? What was the most interesting part of that experience?
The takeaways from being in that position in the early nineties was how elementary we applied security into the programs that we were managing. Oftentimes, users were using the same user ID and password credentials to authenticate into critical systems, thereby increasing the threshold and risk of employees stealing critical data. This was a common practice at the time that has obviously evolved into more safeguards in place to avoid previous practices.
The highlights of that job were the investigative components of using Live Scan information to track down and prosecute criminals for serious crimes. The information gathered was used in court proceedings and presented by the prosecution to try the criminal cases.
What do you think are Tanium’s top technology challenges in this age of heightened cyberthreat risks?
Security tool proliferation can lead to a bigger attack surface. Endpoint tools aimed at anything from patching to software management and threat hunting can multiply quickly. This leads to unpatched systems, lack of a single source of truth for security data, and management challenges that burden government resources.
Without the budget, people, or access to modern technology that can bridge the gap, it can be difficult to reduce organisations’ attack surface.
It is critical that organisations eliminate these endpoint tools used for security management in favour of a converged, single-platform approach that provides integration into other key operational products for real-time data identification and remediation. Organisations must have the visibility to track, manage, and remediate all attacks at the endpoint level.
Talk to us about changes in the approach to cybersecurity these past few years. How similar or different are US SLED sectors compared to Asia’s cybersecurity plans?
In previous years the IT, operations, and security departments functioned autonomously from each other. They purchased their own tools, had very little interaction in terms of good cyber hygiene of the network infrastructure, and adhered to proper security policies and procedures.
Today, most organisations have started to integrate their security and operations into a common cybersecurity approach that addresses standardisation at the enterprise level. The CIO and CISO now collaborate more together with key business partners through a common governance framework, and create cybersecurity plans that integrate with their IT strategic plans to ensure alignment.
I believe that there is/were lots of overlap between US SLED and Asia in previous years, in terms of experiencing the same challenges and opportunities. We have seen more prolific growth in the areas of cybersecurity for both regions, as well as adhering to best practices and lessons learned in the cyber arena.
What predictions do you foresee in the cybersecurity space – specifically with issues faced by governments – for the next three to five years? How will emerging technologies like AI and machine learning (ML) affect its evolution?
We will see a more prolific authentication into an individual’s personal profile to determine who is actually accessing what applications. Expect greater utilisation of biometrics as a key AI identifier and authentication method into critical functions such as banking transactions, access to buildings, and critical infrastructure.
ML will also be used to detect malicious activities and prevent online attacks by using a combination of algorithms to spot such attempts within seconds of entering the network. This will mitigate the threat without due harm to the organisation.
Moreover, ML can be utilised to automate repetitive security activities and thus increase productivity in other areas of the organisation.