How to strengthen security concerns despite budget constraints

Shortages of talent continue to handicap the ability of state and local governments to keep up with growing security threats. The shift to a remote workforce has expanded the daily onslaught of security threats just as agency leaders face looming budget pressures in the coming year.

That’s leading government agencies to reconsider the advantages of managed and professional service providers to bridge their skills gaps and maintain security operations at a lower overall cost, say security experts in a new podcast.

The skills gap is twofold problem for state agencies, explains Gary Buonacorsi, chief IT architect and CTO for state and local government and education markets at Tanium.

“Retirements are taking a lot of institutional knowledge out the door. And then there is a competitive landscape around modern tool sets for security and infrastructure,” he says. Leaning on managed service providers like Verizon and Tanium, which provide integrated security services, can take some of the pressure off of technology departments so they can redirect resources to other areas, he explains.

Chris Novak, director at Verizon’s Threat Research Advisory Center, adds that working with managed services also helps organizations get the best and broadest possible visibility of the threat landscape because they are able to correlate more data points and understand whether certain activity is anomalous.

“When I look at the partnership [Verizon has] with Tanium, it allows users to benefit from the fast and efficient scalability of that apparatus. The ability to deploy and point agents in mass across an organization or an institution, to do it quickly, and then get that visibility. That gives [an organization] a better people-to-technology ratio,” he explains in a StateScoop podcast underwritten by Verizon.

The ROI of managed services

Novack’s extensive work with public and private sector firms has only reinforced his belief in the growing need for security expertise, and the limits on resources many organizations face.  That has made the market for talent more competitive. And those who have the needed skills acknowledge getting tugged in different directions.

Tapping into Verizon resources and Tanium technology gives agencies an alternative, by providing access to both a skilled workforce and a modern security platform to augment an organization’s security posture — and at a predictable cost.

“Agencies don’t exist to do security. They exist to focus on the areas at the core of their mission. However, security is a ‘have to have’ in order to make their other operations remain operative,” says Novack.

Leaning on manage security or professional services helps augment security and minimize expenses. It also relieves agencies of the burden of hiring, training and retaining a larger workforce than they actually need day to day.

Cybersecurity threats are a growing concern

“In this new normal that we live in today with a distributed workforce, and distributed learning environments, people are no longer physically in the same location that you can control from a security perspective,” says Buonacorsi. “That’s really opened up the threat landscape, as many of these devices now whether you’re using devices that were provided by the organization … or using their own devices at home.”

Partnering with professional security service providers gives organizations a greater visibility of the threat landscape, and the risks they should be prioritizing.

“[Verizon does] hundreds, if not thousands, of breach investigations every year. One of the first things that we do when we start any investigation for any entity is check to see what tools they have and what instrumentation visibility they have in place,” says Novack.

He shares how using managed security service providers is helping organizations improve discovery and detection of threats. Citing a recent investigation, Verizon noted a trend in improved discovery in detection and time of breaches. By digging into the data, they saw that visibility across endpoints is improving, which contributes in a major way to improved threat detection.

“The fact is that those organizations were using managed security service providers means they were able to alert and detect incidents even faster than before,” he says.

How Verizon-Tanium partnership expands security

If an organization is already using Tanium to deploy the endpoint agents, the ability for Verizon to plug right in and investigate a security incident helps the response go much faster, explains Novack.

“Typically, we’re moving towards containment and eradication in a matter of hours, instead of maybe traditionally what would have been days or weeks. And then [we can tackle] health and hygiene as well,” says Novack

Buonacorsi adds that Tanium is easy to stand up because the platform doesn’t require infrastructure, unified endpoint management or unified endpoint security. It has a single agent, and Tanium can deploy to endpoints in less than an hour and start driving business value immediately.

Buonacorsi says that customers are able to see their costs reduced and visibility improve  quickly because they are able to reduce the number of tools in use, reclaim infrastructure, and redeploy headcount other resources for more productive work.

Listen to the podcast for the full conversation on closing talent gaps in IT security and learn more on how Verizon Professional and Managed Services can provide a full spectrum of digital and security solutions for your organization.

This article was produced by Scoop News Group for, and sponsored by, Verizon.

Chris Novak’s team leads hundreds of cybersecurity investigations annually, ranging from financial fraud, cyber-espionage, ransomware, industrial control systems, cyberterrorism, among other cyberthreats. And he advises multinational corporations and government agencies regularly on their cybersecurity posture.  

Gary Buonacorsi has held a number of senior technology leadership positions over the two decades in government and for Fortune 500 companies, including as CTO and CIO at the states of Nevada and Texas as well as at companies including Dell EMC, Oracle and Merck-Medco.

You can hear more coverage of “IT Security in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.