Why Simpler Security Environments Help Safeguard Federal Agencies
VP of Sales and Operations, Federal Sector, Symantec
Over the last 20 years of his career in the security sector, Chris Townsend has seen cyberthreats gain power and complexity. What’s perhaps more dangerous, however, is that he’s seen cybersecurity environments become more complex, as well, melding into a tangled web of one-off solutions that protect against singular threats or prove redundant.
While inevitable, these complex security environments aren’t just costly and difficult to manage, they are also one of the many reasons why today’s security infrastructures aren’t serving federal customers as well as they could be, says Townsend, who serves as Symantec’s vice president of sales and operations for the Federal sector. Indeed, recent reports, such as the White House’s first cyber risk assessment, released last May, and a Senate report released this June, find that many federal agencies aren’t keeping up with cybersecurity demands, putting government and citizen information at risk.
“There was this thought for a long time that additional complexity made you more secure,” Townsend notes. “What a lot of organizations are now realizing is that additional complexities have made them less secure, because they have all of these tools with no ability to integrate, no ability to share information, and they are relying on a very small group of security analysts to correlate all of this disparate information and try to make decisions on what’s happening in an environment and what to prioritize.”
These advancements can help us sort through a lot of the noise and allow our human analysts to focus on what’s most important. But in order to take advantage of those technologies, we need to be more proactive in thinking about planning.”
What’s more, as workplace tools expand, the security environment is becoming even more complex of its own accord.
“As we move to the cloud, and begin to adopt IoT technologies and mobile platforms, you don’t have that hard perimeter that’s easy to identify and secure,” says Townsend. “It’s very hard to define where your IT environment begins and ends.”
This sprawling IT environment makes it more difficult to secure the perimeter or simply purchase a new tool to protect against an external threat, exposing many to unforeseen vulnerabilities or, worse, those outside their control.
Increasingly complex environments are met with growing talent constraints, making it more difficult than ever to manage the sprawling security footprints many organizations are amassing.
“All industries are dealing with the cybersecurity workforce challenges right now, and we just cannot continue to throw people at the problem,” says Townsend, noting that the federal environment is likely experiencing a more extreme talent shortage than many other industries.
He points to advancements in security automation, such as Big Data threat analytics, advanced machine learning and artificial intelligence, that can help augment the workforce in sorting through threats.
“These advancements can help us sort through a lot of the noise and allow our human analysts to focus on what’s most important,” says Townsend. “But in order to take advantage of those technologies, we need to be more proactive in thinking about planning.”
All industries are dealing with the cybersecurity workforce challenges right now, and we just cannot continue to throw people at the problem.
With the aim to simplify and modernize security environments, Townsend has taken up the crusade to educate both internal teams and federal customers of the dangers of increasing complexity and the virtues of integrated security tools.
“As vendors we created a lot of this complexity,” says Townsend. “We have been selling tools to fix a specific problem, each vendor represents a specific tool, but that’s just not scalable. We have integrated solutions, but we don’t always do a great job of going back in and re-educating the market, so there’s often overlap in the tools that many of our customers already have.”
But just as vendors helped to create the issue, Townsend says he and the Symantec team are looking to help solve the problem of complexity and re-educate the market. What does this entail? Townsend notes that, first and foremost, vendor teams can help organizations understand the need to shift the focus away from reactive tendencies and instead look to understand and protect high-value assets in order to make the most of limited resources.
But that change in mindset needs to come from both sides of the equation and, ultimately, vendors should aim to have a continuous, open dialogue with customers about challenges, needs and how their entire security infrastructure at large is serving the organization.
We encourage our sales teams to go in and speak to their customers without looking to sell anything. We encourage them just to talk and to educate them on what they already have and how they can drive more value from that existing investment. We want to be trusted advisors for our clients so they can call us when they are struggling and they know the person on the other side of the phone isn’t just trying to sell them something, but is going to actually help solve their issue. And maybe the answer isn’t even a Symantec solution, but another third party tool, and that’s OK because what the federal government needs right now is a partner, a consultant, someone they can have an open dialogue with, not somebody that’s just going to come in and sell more technology.
VP of Sales and Operations, Federal Sector, Symantec