Letter: Security rules are only as good as those who obey them

"Gadgets that don’t play by the rules" is a good article on the challenges of adapting to agency responses to the rapidly changing technology landscape, but I have to ask about your comment in the sidebar that states, "Information technology managers...can buy some time by using common sense rules until they can develop a broader strategy."


With all due respect, the alarm went off at the announcement of the Veterans Affairs Department breach. With all hands on deck across the federal government, agency technology managers have been tasked with making sure that their agencies don't get embarrassed by another breach and yet many more have come to light. It's time to seriously look at the root cause: Information is easy to distribute once authorized access is granted. All of the training can be done and all of the policies in the world can be devised to state what is not allowed, but like speeding in your car, without enforcement, laws are only as good as the people obeying them.


Automated enforcement is needed that is transparent and user friendly so as to enable business productivity while enforcing security. Since unknown storage devices can be introduced, then enforcement needs to be at the information level. Industry is already working diligently to address this issue in the areas of the Secure Information Shared Architecture Alliance and enterprise rights management. The alliance would provide much tighter controls over network access offline and on, and a subset of this vetted off-the-shelf interoperability solution includes enterprise rights management to provide enforcement of agency policies and security awareness trainings at the data-level without putting additional strain on security departments. When "gadgets don't play by the rules," then agencies need to change the rules.


Anonymous

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.