For state and local agencies looking to bolster their cybersecurity efforts, cloud might just be their best bet.
But it hasn’t always been that way, Microsoft’s State and Local Government Chief Technology Officer Stuart Mckee tells StateScoop in a new special report.
“Roughly five years ago, no one was moving to the cloud because they were worried about security and compliance,” McKee says. “Today, it’s completely the opposite.”
Cloud vendors have made key investments to ensure the security of government cloud, and in some cases exceed the pace of government cybersecurity compliance standards like IRS 1075, CJIS and others.
But compliance isn’t everything, McKee says. Instead, it’s a stepping stone to a more robust cybersecurity framework that protects government against the most common cyberattacks, as well as the deeper more complex ones.
“Unfortunately, reported attacks are just the tip of the iceberg,” McKee says. “There are a lot more cyberattacks that are not reported, than reported.”
Through a mix of organizational accountability, a focus on identity and an increased focus on the security of physical devices, agencies can take better precautions to protect themselves against a large percentage of potential threats.
But even with the best technology, governance and structure are important to keeping agencies protected.
“It’s a real struggle,” McKee says. “There are lots of complex questions an agency must stop and consider. For example, does leadership prepare for an attack? Do they have an organizational structure in place that can effectively respond and deal with it?”
In addition, with cloud, agencies can rely on the institutional knowledge of not only compliance frameworks, but also multiple petabytes of data to leverage to improve cybersecurity across all sectors.
That collaborative approach helps, McKee says, especially in an era of rapidly changing attacks and attackers.
“Historically, you’d see an attack and it’d spread and then people would create mitigation capabilities, address it, stop the flow and then go back and fix it and clean up systems that were infected,” McKee says. “Today, we’re seeing the idea of polymorphic viruses. Viruses that are actually changing almost real-time.”
This article was produced by StateScoop for, and sponsored by, Microsoft Azure Government.