Regarding cybersecurity, panelists, including Tommy Gardner, chief technology officer of HP Federal; Jamey Heary, a chief security architect for Cisco; and Warren Sponholtz, Florida’s deputy chief information security officer; homed in on zero trust and multifactor authentication.
According to Sponholtz, the pillars of zero trust for government include network segmentation, least privilege access and access control.
“Access controls is something that’s come a long way in the last 10 years,” Sponholtz said. “Let’s say I log into a system here in Tallahassee and get authenticated, and then moments later, I try to authenticate from Brazil; the system should know that something’s wrong with that type of authentication and be able to do something with it.”
“What really distinguishes this approach to security is it does it automatically. It doesn’t send an alert to a technician; it addresses it instantaneously and thwarts the threat immediately,” Sponholtz added.
Regarding multifactor authentication (MFA), Gardner and Heary emphasized the importance of using different forms of MFA and relying less on passwords. From Gardner’s perspective, MFA needs to be more than just having two ways of authenticating someone’s identity.
“The problem is most people say multifactor authentication, and what they mean is two-factor authentication,” Gardner said. “Multifactor, I would submit is more than two, and using all you can to verify someone’s identity.”
For example, Heary said credential theft is one of the most prevalent attacks organizations face to date. MFA needs to be part of combating this issue, but devaluing passwords is also important.
“From a risk perspective,” Heary said, “if we have a data lake that can massage the data in useful ways and give our analysts better efficacy, we’re gonna be a lot better off because I bet anybody here who has been through a breach knows that the data was there before being breached.”
SWITCHING TO THE CLOUD
During another panel discussion, “You’re on Cloud 9 – Now What?,” experts shared their experiences working with the cloud and how it can help governments manage their futures.
Russell Haupert, chief information officer and chief technology officer for the city of Tampa, led the discussion, sharing his experience overseeing the switch to the cloud.
“We actually started our cloud journey about 11 years ago with a hosted cloud,” Haupert said. “The biggest battle that we had at the beginning was budgeting.”
Since then, the city has moved away from legacy technologies and relies on Oracle Cloud, Oracle Cloud Enterprise Resource Planning (ERP) and Oracle Cloud Human Capital Management (HCM) systems to manage most of its services and data.
In order to make the switch, Haupert and other panelists said having a plan and strategies in place is key.
“There’s got to be a business reason or business justification, why we are doing something or why we’re not and that strategy has to be built around the realities of our institutions and organizations,” said Jayson Dunn, executive government adviser for Amazon Web Services (AWS).
“Prior to joining AWS, I had the role that Russell has in the city of Cincinnati,” Dunn said. “You start to look at all of the government constraints and operational challenges, especially in a large metro city, you've got to know your strengths and weaknesses, and you've got to know what’s possible, but also, what’s feasibly realistic to do.”
Perhaps the most challenging part of this process, panelists explained, are the costs associated with switching to the cloud.
“You really want to have a strategy and make it a formal strategy that everybody has and can see and understand,” Dunn said. “Then you really start dictating how cloud is going to be consumed, what circumstances and workloads are going to be cloud-first versus on-premise and start working on those things in your organization.”
USING TECHNOLOGY TO MITIGATE NATURAL DISASTERS
Lastly, during a panel titled “Bits and Bytes — A Nightmare Storm with a Heroic Response,” Keith Pruett, an emergency support function coordinator for the Florida Digital Service, shared his experience working with satellite technology during Hurricane Ian last year.
The hurricane hit the west coast of Florida on Sept. 23, severely impacting coastal cities.
To respond to threats and challenges posed by the hurricane, the Florida Digital Service worked with SpaceX to launch 30 high-performance Starlink kits to connect to the Internet and communicate with emergency teams across the state.
According to Pruett, he and his team discussed the possibility of using the technology with the state CIO Jamie Grant long before the hurricane hit.
“Within 48 hours [of the storm], 30 high-performance Starlink kits were delivered to us here in Tallahassee,” Pruett said. “Within six hours of them arriving, we were able to work with our partners and start advertising that we have this capability and let’s see what we can do with it; that’s how it really started.”
The technology, according to Pruett, was easy to use and quick to set up, making it a beneficial tool for the creation of a forward mobile base of operations to divert all acquisitions.
“That became a base of operations with just a small man presence here as a liaison between what we were doing on the ground and what we’re doing here in Tallahassee,” Pruett added. “What was really aided was real-time feedback. We were able to say, ‘So and so has asked for assistance in this area. Can we deploy some kits over there and get them up and running?’”
Moving forward, Pruett said the Florida Digital Service has the technology in reserve in case of another natural disaster and is looking at how to use it in other capacities.
*The Florida Digital Government Summit is presented by Government Technology (a publication of e.Republic).