Some government agencies continue to struggle with modernizing IT infrastructure to support new, emerging, and disruptive technologies. Since the early 1990s, legacy enterprise architecture dictated separate technology “swim lanes” as a best practice to maintain and scale IT infrastructure—helping deliver new citizen services and mission critical capabilities.
These traditional swim lanes are now intersecting in new ways, fueling the need for agency IT infrastructure transformation. The increased volume, variety, and velocity of agency data translates into a larger cyberattack surface making the intersection of cybersecurity and critical infrastructure services an agency priority.
Governments Are Under Constant Cyber Attack
The 2015 the U.S. Office of Personnel Management (OPM) data breach was an eye-opener for government agencies—it compromised 21.5 million citizen and government employee data records. This data breach included government employees and contractors holding government security clearances. The post-attack analysis of the OPM hack found a number of issues in the approach protecting agency and citizen data.
The magnitude of the OPM breach gained national attention, however, government agencies have been under constant attack from nation-state actors, hacktivists, cyber criminals, and inside threats for years. As agencies’ mission use of data continues to grow throughout the entire IT stack—from servers and networks to mobile applications and cloud services—the attack vector and levels of vulnerability also increase.
Cybersecurity is Defense in Depth
Data is an often critical and potentially vulnerable agency asset. As such, the National Institute of Standards and Technology (NIST) Cybersecurity Framework recommends a defense in depth strategy to protect agency data and infrastructure. The framework’s core functions—identify, protect, detect, respond, and recover—address threats presented to critical systems impacting national security, economic stability, public safety, and health risk.
Dependency on Converged Infrastructure Services
Defense in depth cybersecurity calls for a range of near real-time, interactive services from an agency’s IT infrastructure. These often include compute, encryption, tiered storage, analytics, identity and access management, data protection, event log management, notification, data management, and security policy enforcement services. Many infrastructure services are invoked at different points throughout the NIST risk mitigation process as shown in the chart below:
With software and hardware tightly integrated, a converged infrastructure stack can be well positioned to support the near real-time, data-rich environment of core functions of the NIST Cybersecurity Framework to address ongoing threat detection, analysis, and mitigation.
A Natural Intersection Key to Cybersecurity Operations Success
Infrastructure services can be critical to an agency’s cybersecurity operations. Oracle believes that cybersecurity and converged infrastructure are a natural intersection in government IT environments. Through the delivery of near real-time, converged infrastructure services, agencies can gain tools to help successfully execute cyber threat operations to protect and defend mission operations and citizen data. Oracle’s tightly integrated and co-engineered converged infrastructure stack is intended to empower government to ensure successful execution of agency cybersecurity operations.
To learn more about Oracle’s Converged Infrastructure Stack, please contact Amit Sharma at firstname.lastname@example.org.