Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Stretching Government IT Budgets

Government budgets are not infinite, but with some work, they can be made a bit more elastic.

Stretching a budget however means finding efficiencies that will allow agencies to cut costs, and that, means understanding what your organization needs to protect and prioritizing, according to attendees at the (ISC)2 Security Congress in Philadelphia.

Government budgets are not infinite, but with some work, they can be made a bit more elastic.

Stretching a budget however means finding efficiencies that will allow agencies to cut costs, and that, means understanding what your organization needs to protect and prioritizing, according to attendees at the (ISC)2 Security Congress in Philadelphia.

“You can’t protect everything anymore,” said Matthew McCormack, who formerly served as chief information security officer for the Defense Intelligence Agency (DIA) and director of cyber-security operations for the Internal Revenue Service (IRS).

At the IRS, he said, his job was to keep the bad guys out; at the DIA, he was also tasked with catching insiders who misused data they were authorized to access. The shift in focus meant making decisions about what data was most critical and how he would go about protecting it, he said.

“Believe it or not, thin clients are cool again,” he said, adding that the devices are generally cheaper and make it easier to protect the perimeter.

Automation of routine tasks is also key, noted Peter Gouldmann, U.S. State Department liaison to the National Institute of Standards and Technology (NIST). Gouldmann and McCormack were part of panel Tuesday that discussed ways government agencies can make the most of their budgets, including repurposing hardware and applying data collected through monitoring in multiple ways.  

“How many of these things can I check off by doing the same operational monitoring that I’m doing today…if you can leverage your workforce gain a lot of intelligence out of your current monitoring capability and apply them to the business control requirements, you have saved yourself [money],” Gouldmann said.

Once employees are freed up, they too can be repurposed in ways that save money, Hord Tipton, executive director of ISC2, said Wednesday.

Advertisement. Scroll to continue reading.

“Anytime you can repurpose people…they go into some other area, some other cost center,” he said.

Another key area that provides cost savings is cloud computing, which Tipton said government agencies are cautiously embracing due to concerns about the safety of critical data.

“The cloud can start small; they’ll need to start probably with an internal private cloud just to see how it works,” he said.

Brent Conran, who was also on the panel Tuesday, described how moving to the cloud could reduce power consumption and cut costs. Prior to assuming his role as CSO at McAfee, Conran served as both the CIO and CISO of the U.S. House of Representatives, where he oversaw an effort to build a private cloud and consolidate servers.  

Some of the advice however was non-technical, such as learning to play nice with the chief financial officer and human resources. The two hardest things to come by, McCormack said, are people and money – and HR and the CFO can help with both.

“I always try to spend a lot of time with the CFO, because if you are friends with the CFO or your budget analyst, when they have money, guess who they are going to call? They’re going to call you because they know you can execute and spend that money in a week,” he said.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.