Proceed with Caution: Little-known Cybersecurity Risks in IT Consolidation
November 13, 2014 1 Comment
As budgets constrict, agencies across the federal government are looking to IT consolidation as a means of driving cost savings. The Department of Defense is no stranger to these pressures. One key aspect of the Department of Defense’s drive to consolidate all of their networks under a common security architecture is the Joint Regional Security Stacks (JRSS) initiative. Currently, bases and forts have their own cybersecurity architectures — at the local level. These architectures will now get handed off to regional facilities or nodes, making networks more unified, secure, and ultimately ensuring capabilities are universal at every fort and base. The benefits of the JRSS are it gives DOD a birds-eye view of their network activity, improves their network security posture by reducing attack surfaces, and reduces costs.
Unfortunately, there are some drawbacks that come with reducing attack surfaces through IT consolidation. Common belief tells us by reducing the attack surface of a system, there are less opportunities for network security to become compromised. However, in reducing the attack surface of a system, it doesn’t reduce the actual extent of damage that can occur once the system is traversed. Additionally, despite moving toward a smaller attack surface, DOD agencies can face increased vulnerability as increased amounts of data are concentrated into more target-rich attack vectors.
The key take away for COTS vendors is: as government infrastructure is consolidated and interoperability improves across DOD agencies, industry partners can play a pivotal role in helping keep systems and data secure. IT consolidation projects like JRSS will be the norm and will come with requirements for products like intrusion prevention, APT defense and other perimeter security tools.
IT consolidation is just one of many drivers we’ll talk about at the FY15 DOD Market Intelligence Briefing. Join us November 20th at the McLean Hilton to learn more about the priorities and programs, DOD cares most about. Come away armed with the knowledge and, well, market intelligence you need to have a successful FY15 and beyond.