StateRAMP is here to stay. Are you ready?

By Ceren Öney, SLED Market Intelligence Manager

Formal adoption of StateRAMP into IT procurement policies is rapidly increasing. Last year, we encouraged vendors to put StateRAMP on their radar screens. Since then, nearly 200 government members representing 33 states have joined the membership.

For service providers selling into state, local, and education institutions, now is the time to ensure that your cloud security is compliant with StateRAMP requirements.

While StateRAMP itself may still be a few years from being a household word, that doesn’t mean that state and local governments have been sitting idly by. The move toward better monitoring and certification of state, local and education network security has been going on for years, with two states at the forefront.

Arizona and Texas introduce state-specific frameworks

In September 2021, Arizona CIO J.R. Sloan announced the state will “test-drive” StateRAMP over the next year. Sloan, StateRAMP President and founding board member, had previously introduced AZRamp, Arizona’s Risk and Authorization Management Program. Arizona’s move to test StateRAMP doesn’t come as a surprise and further solidifies Sloan’s confidence in the program.

Meanwhile, effective January 1, 2022, Texas mandates state agencies to only enter or renew contracts for cloud offerings compliant with the Texas Department of Information Resources’ (DIR) own security framework, TX-RAMP.

Rising ransomware attacks targeting state and local governments, schools and colleges increased the pressure to strengthen cybersecurity postures and protect against incursions by bad actors. Coupled with the shift to digital services due to COVID-19’s disruptions and federal funding available under the Infrastructure Investment and Jobs Act and the American Rescue Plan Act, considerable emphasis is being placed on cyber security now more than ever.

Other states adopt the StateRAMP framework

For most states, like North Carolina and Georgia, creating a state-specific framework is too laborious and inefficient. Adopting the established StateRAMP framework makes the initial risk assessment, continuous monitoring and management more seamless and easier.

Read more of this post

The importance of data monitoring and Zero Trust in battling ransomware

By Derek Giarratana, supplier manager

Ransomware is real and security threats continue to evolve, with new ones emerging daily. At times, organizations can feel that they won’t fall victim to ransomware, but now is not the time to ignore the facts. In 2019, it was reported that ransomware attacks were up by 41 percent, and in 2020 with the pandemic at the forefront, it was predicted that an attack occurred every 11 seconds.

In addition to the sheer volume of attacks, today’s ransomware and malware are also gaining in sophistication. Using random extensions and file names, the latest threats are making detection using blocked list solutions difficult and, in many cases, completely ineffective.

Every time an attack occurs, it takes significant time and money to remediate. Recovery time takes, on average, at least 16 days, and 67% of organizations that have been hit by an attack have lost all or part of their data. This is particularly problematic for public sector organizations that are faced with strict compliance requirements such as HIPPA, GDPR, CIPA, and CJIS.

Read more of this post

Cyber Insurance Is Not an IT Strategy

By Rachel Eckert, SLED Manager

Ransomware attacks on our state and local governments’ IT infrastructure are increasing at an alarming rate and our customers are looking at cyber insurance to mitigate risk. But cyber insurance shouldn’t be confused with a sound cybersecurity strategy that guards against attacks in the first place.

Here’s what you need to know about cyber insurance and how you can work with customers to develop cyber strategies that will serve them for the long term. Read more of this post

Can data save health IT security?

Lloyd McCoy Jr.By Lloyd McCoy, DOD manager

The military’s next battlefield could be moving to a hospital bed.

With the growth of new technologies like the internet of things in health care, the security of health IT systems is becoming more at risk. Another challenge is that medical devices are already several years old by the time they’re in active use in the Military Health System.

So could better use of data and analytics help make these systems more secure?

The military health system has a wealth of data and health IT professionals need to harness it to create business and medical intelligence. We don’t need systems to tell us what already happened, but to predict how to best use and position our medical resources to cater to service members and their families.

Read more of this post

How tech companies can step up after latest ransomware attack

Lloyd McCoy Jr.By Lloyd McCoy Jr., DOD manager

Most of us are still reeling from the turmoil brought on by the WannaCry malware last weekend. While most of you reading were not directly affected, the global scale of the ransomware attack cannot be ignored. Even though our federal, state and local governments were spared the brunt of the attacks, they are, by no means, immune to the dangers posed by ransomware.

Some sectors of government are more vulnerable than others and so the IT industry, particularly those companies specializing in anti-ransomware solutions, should be aware of these distinctions.

Read more of this post

%d bloggers like this: