Technology suppliers to the Federal government are telling MeriTalk that they expect to see Federal agencies place increasing emphasis on IT modernization efforts in 2023, along with continuing efforts to boost cybersecurity protections that modernized systems can help to achieve.
Mike Wiseman, vice president, Public Sector at Pure Storage, said he expects government agencies to “place a heightened focus on modernization and development priorities, including emphasizing digital government, upgrading legacy systems, continuing broadband adoption, and expanding remote work and collaboration platforms.”
“To help build a foundation to enhance digital government and ultimately improve the delivery of services to citizens, it will be critical for agencies to tap shared services,” he continued. “After all, shared digital services, products, infrastructure, and channels are core to enabling agencies to create streamlined, consistent customer experiences across government programs while enabling them to benefit from economies of scale.”
As part of those efforts, Wiseman said that many agencies are looking to modernize with Kubernetes, containers, and microservices, “as they are an effective way to gain speed, scale, and agility.”
“At the IT level, containerization offers a way forward – providing an efficient and portable means to speed up the delivery of new applications, along with building improved security into the development pipeline,” he said.
“A data management platform utilizing containerized applications can empower IT teams to modernization efforts while simultaneously delivering a unified data protection architecture in support of enhanced cybersecurity defenses,” Wiseman said.
Gary Barlet, Federal CTO at Illumio, said Federal agencies in 2023 should be evaluating their progress on zero trust security migration, and then redoubling efforts to make more progress on multiple pillars of their strategies.
“The Federal government is waking up to the prevalence and necessity of adopting an ‘assume breach’ mentality – which will result in a seismic shift in how agencies defend their operations in 2023,” he said. “We can expect to see an increased focus on implementing more modern containment strategies vs. solely relying on traditional prevention approaches.”
Because agencies are faced with a large volume of zero trust mandates, Barlet advised that “moving into 2023, agencies should evaluate the progress they’ve made on the different pillars of Zero Trust and dedicate their limited resources to making progress on all pillars versus getting stuck trying to find a perfect solution for each individual one.”
“Agencies also need to avoid paralysis by analysis,” he continued. “The reality is, no plan is 100 percent perfect – what matters is making progress. Even incremental, small steps toward Zero Trust will contribute to federal resilience efforts.”
He also said that government leaders should seek to boost collaboration on cybersecurity as a way to address shortages in the cyber workforce.
“Many agencies – especially smaller ones – simply don’t have the bandwidth, resources, and expertise to address today’s evolving cyber concerns,” Barlet said. “We need to get creative to address some of these challenges – and use our cyber workforce judiciously. Developing dedicated agency personnel to help with IT and security concerns across teams would be a step in the right direction.”
Barlet lauded the Cybersecurity and Infrastructure Security Agency’s (CISA) focus on improving security for critical infrastructure sectors and K-12 schools, but also pointed out that “these sectors have outdated and antiquated IT infrastructure and are largely underfunded and under-resourced.”
“Over the next year, the focus should be on improving the basics (like implementing widespread two-factor authentication and Zero Trust Segmentation, for example),” he said. “CISA is providing much needed guidance – the Cybersecurity Performance Goals and related resources are one example – but these sectors need tangible help (technology tools, software, etc.) to implement solutions and realize these goals.”
And on the threat front, Barlet said that more adversaries are likely to gain access to more advanced attack methods including through ransomware-as-a-service tools.
“We can expect to see smaller-scale bad actors, who wouldn’t normally have the resources to launch cyber attacks against the U.S. federal government, tapping into these services in 2023,” he said. “Unlike attacks on commercial organizations where the goal is to extract a ransom, attacks on the federal government are meant to steal intelligence and create mass disruption.”