In the ever-evolving cybersecurity landscape, federal agencies are grappling with the challenges of modernization and bolstering their cyber defenses. Despite commendable strides across government, skills gaps and data silos continue to plague agencies’ ability to mitigate threats.
In a recent discussion, Tina Rodrigue, chief information security officer at the Consumer Financial Protection Bureau (CFPB) and Fortinet Federal’s CTO Felipe Fernandez, shed light on the strategies employed by their organizations to enhance cybersecurity resilience.
Tina Rodrigue highlighted CFPB’s successful transition of approximately 70% of applications to the cloud, emphasizing the importance of being not just “cloud first” or “cloud smart” but “cloud best.” The organization’s cloud-hopping approach ensures the continuous evaluation and enhancement of security measures. Lessons learned include maintaining a value-driven approach, ensuring functionality remains secure and swiftly adapting to any evolving threat landscape.
Rodrigue underscored the role of cloud-based infrastructure in achieving true resilience. “We were lucky that as we moved through and into the pandemic, we could pivot on a dime and achieve true resiliency both on our human front and our technology front. And it was because we were cloud-based. So, we have actually expanded how cloud deployed we are, which has allowed us to be more resilient so that local disruptions in infrastructure or anything along that line are not disruptive to our mission.”
Depending on the chosen cloud provider, the controls and risks vary. Fernandez discussed the significance of integrated architecture and stressed the need for adaptive cybersecurity controls, policies and architectures that seamlessly evolve with changes in applications, cloud providers and service platforms.
“When you consider cyber resilience, you need to consider the ability to adapt and respond and be aware of threats for all of these changes. That way, agencies are not slowed down by the desire for change or the inherent risks of moving to a new application,” Fernandez explained.
He emphasized that a resilient cyber architecture enables agencies or users to adjust their cybersecurity controls, risks, and policies in response to changes in applications, the cloud, and service providers. By integrating cloud and managed service providers into the cybersecurity architecture, agencies can confidently and swiftly adapt to evolving circumstances, meeting the mission requirements efficiently.
Fernandez and Rodrigue shed light on practical strategies to strengthen resilience, from cloud adoption best practices to the role of integrated architectures. The key takeaway is the need for continuous adaptation and prioritization to stay ahead in the dynamic cybersecurity landscape. By fostering a culture of cyber resilience and embracing innovative approaches, federal agencies can enhance their capabilities to anticipate, withstand and recover from cyber threats.
Watch the full panel for security insights and learn about evolving government security architectures.
This video panel discussion was produced by Scoop News Group, for FedScoop and underwritten by Fortinet Federal.