Federal cybersecurity needs a paradigm shift
- By Dave McClure
- Aug 12, 2016
Insecure. Vulnerable. Victimized. Reactive.
In many ways, the current cybersecurity prevention theme focuses on security itself as an end game. This focus accentuates what constitutes bad cybersecurity and the ensuing risks to high-value business assets. But there’s a new way of thinking starting to emerge.
It is becoming obvious that in today’s cyber threat ecosystem, organizations cannot “eliminate” all security threats and vulnerabilities. Government and industry are acceding to the “assume you've been compromised” battle cry. In order to advance cybersecurity thinking, we need resilient, well-implemented cybersecurity as a business liberator.
To do so requires a paradigm shift. By putting smart, business-centric security in place that addresses critical and prioritized risk areas, executives can re-focus their energy, passion and resources to the unchartered and breakthrough performance improvements created by today’s technology options. This involves building business performance leaps using newer processes, innovative services, and greater business proficiencies (via cloud, mobile, digital, IOT, etc.).
In short, well-run cybersecurity should help move organizations forward instead of constantly holding them back. Without being naïve to the daunting and evolving cybersecurity risks, there is a strong argument to make that effective cybersecurity should give executives confidence to explore, innovate and delight customers.
That paradigm shift cannot happen, however, without some building blocks leading to greater confidence in cyber readiness and preparation. Here is what is needed:
- Boardroom-level discussions around high-priority cyber risks that pose the greatest peril to business/mission services delivery.
- Confidence in a performance-driven cybersecurity maturity metrics addressing key risk areas, so that appropriate and targeted resources can be allocated to cybersecurity staffing and services.
- A discussion around the business process, workflow, supply chain and customer service delivery pain points that must be modernized, with secure technology options built in from the ground up.
Your organization's business growth requires a bold move into emerging technologies, capitalizing on new business models. Your cybersecurity team will benefit from security experts who can tailor those building blocks based on real-world experience, great customer testimonials and proven project leadership. Challenge your team to use this new perspective on security to succeed.
Dave McClure, Ph.D., is a leader of transformational IT initiatives at Accenture Federal Services. In this capacity, he oversees future-focused client projects that include cloud computing adoption, digital transformation, IT modernization, cloud security and creative customer-focused web design.
Before joining Accenture in 2017, McClure led the design and implementation of FedRAMP, the federal security authorization process for cloud computing products and services and the most significant security authorization process of its kind worldwide. He was a chief strategist of cybersecurity at Coalfire Federal/Veris Group, in which capacity he worked extensively with both government and commercial enterprises.
McClure’s long IT experience in both the public and private sectors includes executive stints at Gartner Group, the Council for Excellence in Government, the US General Services Administration and the US Government Accountability Office.
A University of Texas at Austin graduate, McClure has a Ph.D. in public policy from the University of North Texas. He is a Fellow of the National Academy of Public Administration, and is the Past Executive chair and current Executive Committee member of the Industry Advisory Council (IAC).