Unisys CISO: 'Trust, But Verify' On Cloud, Social Networking
"While it looks like business as usual, I will tell you that it's not," said Titus at Everything Channel's IT ChannelVision Government event in Boca Raton, Fla. "There looks like there's been no movement, but I will tell you right now that cybersecurity strategy is being written. Legislators have stepped up to the plate. Activities are happening."
According to Titus, integrators that seek to grow their cybersecurity practices in the public sector must ensure they understand the new realities of the market segment. That means not only a global network of bad guys, but ramped-up attacks on everything from the energy and manufacturing sectors to transportation and health care.
It also means educating consumers on how open and vulnerable their systems are.
"The danger goes all the way down to private citizens and the computers on their desks. Their home PCs are being used to launch attacks on the U.S. government," she said. "They're not properly patched, they don't have firewalls, everything. They're being taken over. It goes all the way down to the PDA in their hands and all the way up to the corporations supporting government."
Titus urged solution providers to be "ahead of the game" on cybersecurity legislation.
"Tell your customers, 'We know that it's going to impact you and here's how we can help lower the cost of implementation,'" she said. "You have to be on the forefront of understanding the legislation that's coming. There is no euphoria in the security space. It's a constant challenge. Plan for the worst."
Proper planning means staying up on important technology trends, Titus argued, and that means understanding the effect of social networking and cloud computing on government business.
"Social networking is like legalizing marijuana. Some people want it, there are good uses for it, and there are bad uses for it," she said. "Facebook is a great tool in the right hands. There is not a technology that shouldn't be implemented and used if you've done a good job of educating people on how to use it."
On cloud computing, Titus said that 2010 would be the year of pilot programs in government, and that 2011 would be the year the government fully begins to move to cloud solution models.
"There have to be verifiable security controls," she said of cloud infrastructure. "You are losing some control but also gaining efficiency. Trust, but verify. If it doesn't feel good for you [the integrator], it's not going to feel good for me."