The recent Presidential mandates and legislation aimed at strengthening public sector digital defenses are much needed reinforcements to ongoing challenges. Cybercrime is predicted to cost the world $10.5 trillion annually by 20251, up from $6 trillion in 2021. Added to this are the stressors caused by the global pandemic — requiring agencies to transition to remote workforces while still serving constituents. And while digital transformation, including cloud adoption, has been on the “to do” list for quite some time, the pandemic accelerated the timeline as agencies looked to modernize their infrastructure and build resilience.
With these forces in mind, VMware’s public sector experts weighed in on what should be at the top of mind for agencies this year.
The Journey to Zero Trust Cybersecurity
December’s discovery of the Log4j vulnerability — which allowed hackers to run any code on vulnerable machines or hack into any application directly using the open-source Log4j framework — revealed the fragility of public and private digital architectures. Add to this, mainstream ransomware attacks targeting organizations in critical industries like Colonial Pipeline, JBS Foods and Kaseya made it starkly evident zero trust security needs to be a priority.
“Zero trust and supply chain risk management are at the top of the list,” says Jeremiah Sanders, Senior Federal Strategist at VMware. Zero Trust is the next-generation model for securely delivering IT services and solutions anywhere in the world, on any device or system. It’s not a single product but a security operations framework based on the notion of never trusting and always verifying.
Keith Nakasone, Federal Strategist at VMware added “Cybersecurity must be looked at holistically. It must become a part of the agency culture to include the people, process, and technology.”
Daniel Kent, Chief Architect, Public Sector, VMware notes that effective cybersecurity also requires agencies to practice good cyber hygiene. “IT security can’t be an afterthought, especially as we move to a devOps model, where analytics and automation will be critical to cybersecurity effectiveness,” he says.
The journey to Zero Trust security must be prioritized — and it’s now a Presidential mandate. Agencies need a measured, phased approach to achieve this goal. For more information on cybersecurity mandates and adopting a Zero Trust framework, visit: Incorporating VMware Zero-Trust for the Presidential Executive Order.
The Power of Public and Private Partnerships
Developing and strengthening the ecosystem of public-private engagement, including the Joint Cyber Defense Collaborative (JCDC) and the White House Open Source Software Security Summit, is a key building block for technological and economic progress. Similarly, VMware is collaborating with NIST’s National Cybersecurity Center of Excellence (NCCoE) Zero Trust Cybersecurity Architecture Consortium to develop practical, interoperable cybersecurity approaches that address the real-world needs of the public sector’s complex IT ecosystem. These partnerships build trust and resiliency as agencies work towards modernizing critical infrastructure.
In December, President Joe Biden signed into law the National Defense Authorization Act of 2022, which codified an approach to cybersecurity that depends on the decisions of private-sector entities to protect the bulk of the nation’s critical infrastructure. This is yet another initiative that brings public and private worlds together to achieve a ‘whole of nation’ approach to combating cybersecurity threats.
“The best way to achieve the goals set by mandates is to work with the private sector — they can be trusted advisors,” says Nakasone.
Leveraging the power of public-private partnerships should be a priority for agencies this year as they look to keep up with the pace of legislation and innovation.
A ‘Cloud-Smart’ Approach for the Multi-Cloud Era
The average organization in the private sector runs about 500 apps2 to drive their business, and those apps are distributed across clouds. Kent points out that the same forces will be true in the public sector as agencies look to the cloud and apps to digitize parts of their organizations.
It’s no longer about a ‘cloud first’ approach—it’s about being ‘cloud smart.’ A multi-cloud approach increases app velocity and innovation and will empower agencies to become much more agile and resilient. This year, agencies should focus on building a cloud strategy that provides freedom and control. The reality is across federal, state and local agencies are at different points in their digital transformation journeys. It will be important they have the freedom to choose the ’right’ cloud based on their strategic business goals. With a cloud-agnostic approach, agencies have the power to accelerate innovation and control their destiny in the multi-cloud era.
Nakasone noted, “the pandemic has created an opportunity for the public sector to consider alternative solutions to ensure that work can continue from any cloud, any application, and any device. Agencies will need to prioritize understanding cloud solutions moving forward to build a strategy that works for their organization.”
Upskilling and Reskilling Employees
With accelerated digital transformation initiatives, agencies are quickly realizing that new technologies require new employee skill sets. As agencies prioritize innovation, they must also prioritize upskilling and reskilling employees as part of the transformation.
“You can have the understanding of what you need — but not have access to talent,” Sanders says. As a result, agencies will need to focus on reskilling existing talent while also expanding their talent pool. Sanders points out that agencies now have access to a broader talent pool as the workforce continues with remote and distributed models, and there is further opportunity to ensure successful agency digital transformation by leveraging digital workforce upskilling partners like VMware to, “enable a new way of work.”
To learn how VMware is working with the public sector around these priorities, visit:
- Five Things to Know about Mastering the Cloud: A Guide for State and Local Government Agencies
- The Path to Digital Government
- Expand Digital Government Capabilities with Modern IT
Sources & Citations
- Cybercrime Ventures, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025,” November 2020.
- K2 Cybersecurity, “Average Enterprise Runs 464 Custom Applications,” March 2021.