Dear Washingtonians,
It's hard to believe we're entering our third year of the pandemic. This has been a challenging time for everyone, including in the world of cybersecurity.
The move to remote work for safety reasons has transformed information technology in a very short time. While cloud services were certainly important pre-pandemic, they are now central to how public and private organizations interact with the public. Everything is now moving to the cloud in some capacity.
On the positive side, cloud technology has opened the door to transforming the delivery of public services - making it easier than ever for Washingtonians to access what they need. However, it also opens several attack vectors for bad actors.
The transition to the cloud invariably creates gaps from a security standpoint, particularly when it comes to our growing dependency as a society on the internet of things (IoT) including security cameras, smart speakers and connected devices - from toasters to washing machines. These devices can enhance our lives but also come with vulnerabilities that bad actors can exploit to potentially access networks.
The attacks are not only growing in volume but also sophistication. The attacks and the required security controls are completely different for IaaS, PaaS and SaaS implementations.
The attackers also are joining forces at times and teaming up to inflict far more damage in the process. They are determined and persistent.
So what does this mean?
- We need to move carefully in our journey to the cloud. It is critical for organizations to consider the security needs associated with cloud services throughout the planning process, not just as an afterthought at the end.
- Because there are so many avenues for bad actors to launch attacks, organizations must plan for, and implement, defense in depth - which means layering security mechanisms and controls throughout this "extended network" to protect the confidentiality, integrity, and availability of the network and its data.
- We also must take a threat-centric approach to information security and consider all the ways that attacks could potentially happen. How do we plan the next layer of defense?
The state of Washington is making great progress on all these fronts and I'm confident that with everyone working together we can continue to strengthen the state's security posture.
I welcome your thoughts and ideas and look forward to our continuing partnership to serve this great state. Thank you for all that you are doing.
Vinod Brahmapuram
State Chief Information Security Officer