The massive shift to telework in the last couple months has put enormous pressures on federal, state and local IT departments, given the scale and complexity involved in shifting operations. But there may be a silver lining, as IT leaders are in a stronger position to advocate for more modern and out-of-the-box solutions that can deliver services faster or more flexibly.
Steve McMahon, Interim CIO at Splunk, can relate to what agency IT departments are going through. In a podcast, he shares some of the steps his organization had to take to adapt to a new operating environment — and suggests strategies that IT departments can use to address the expanded set of security risks.
“We shifted all of our services to being targeted toward remote workers. And that’s something that I think has really helped keep our employee productivity very high, because we’re meeting employees where they need to be met,” says McMahon in the podcast, produced by FedScoop and underwritten by Splunk:
Silver linings in IT modernization initiatives following the crisis
One thing the current situation allows a CIO to do is ruthlessly prioritize projects within a limited budget. IT modernization is about simplification of the IT systems so that the organization can keep pace with demands.
McMahon says this environment gives IT leaders more flexibility to use out-of-the box software and simple software solutions, rather than go through all the nuances of the requirements.
Additionally, they have more authority to say, “we understand [this task] may support 2% of the business, but we need to focus on the 98% of the business and get a tool and system out the door very quickly.”
How to keep up with demands for access and IT support
Automation is a key concept that is enabling IT to keep up with demand, says McMahon, to deal with issues from managing employee identity and access privileges, to rolling out updated services.
“What is different is we’re transforming our IT department to look more like a software development team. So, concepts like continuous integration and continuous delivery where a pipeline pushes code without a human involved in the QA process is mostly automated. We’ve got a goal for my team to push code once per week. But that’s really only possible with a framework that automates most of the manual toil,” McMahon explains.
The security risks CISOs need to be aware of
McMahon says that under the current remote work environment, cyber risks aren’t necessarily new; rather, the level of impact has shifted.
For example, when an employee has a laptop, or some form of endpoint, it’s always critical to have a data loss prevention software. Now that becomes more critical working from home networks, because a family member downloading something on his or her Xbox can create new risks across the entire network and potentially impact the laptop that’s provided by the employer.
“In addition to that, we’ve seen a fair amount of phishing, using COVID-19 as some of the bait. So, the key point is making sure that the CIO and the CISO have a good relationship first and foremost.”
Splunk is rolling out new recommendations to its employees, Mahon says. “Since we’re going to be at home for an extended period, there are some changes to their network that they really need to make. As a very simple example, we’re actually recommending to all our employees that they have two different SSIDs for their wireless network, one for everything they do that’s work related, and one for their family. And that way, when an employee is using his or her laptop at home, they log into the SSID for their corporate related things, allowing that to be separate and distinct from whatever their family is doing.”
Steve McMahon has had a long career providing technical services to enterprises across North America, serving in a variety of leadership roles for companies like IBM, Cisco, and for the past five years at Splunk.
Listen to the podcast for the full conversation on adapting to the surge in telework. You can hear more coverage of “IT Modernization in Government” on our FedScoop and StateScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by FedScoop and underwritten by Splunk.