Collaboration Inside and Outside the Agency
Collaboration shouldn’t be limited to internal offices. It should extend outward to anyone managing aspects of the agency’s security, such as contracted vendors. Historically, however, security vendors have put up walls around their slices of the agency’s information.
“Most government agencies, by design, procure at a very granular level. Work is contracted out to multiple vendors, whether it’s a competition thing or whether it’s a concentration risk. It’s a part of a strategy,” Hans says. “If you have two different vendors, they would not talk to each other. In a way, they’re told not to talk to each other, because that’s how contracts are procured. That is a little bit of a hindrance.”
Instead, IT leaders can work with their procurement teams to encourage collaboration when dealing with vendors.
“Going forward, especially for zero trust, there has to be a little bit more flexibility in some of the ways things are procured. Have clauses in the contract that require companies to collaborate and share data with each other. The IT leadership and the procurement leadership need to foster that,” Hans says.
EXPLORE: Why zero trust needs to be a goal, not just a mindset.
Agency conversations with vendors could shift, Hans notes: “We’re going to do it a little bit differently. We expect you to do these five things, whether it’s collaboration or sharing of data, and, as a matter of fact, we think it’s good behavior on your part to do that.”
Whether information sharing occurs outside the agency or within, it provides valuable context. “Context is so important in cyber operations. Without that, you don’t know what’s happening,” Hans says. “A lot of breaches happen because of that.”
Hans shares an example to illustrate the value of context in collaboration: “If there is a vendor doing firewalls and IPS/IDS, and the identity folks are doing their thing, how nice if the identity folks can get some context as to what’s happening in the perimeter. If the intrusion detection system is telling you that there’s been an intrusion, it’d be nice for the identity folks to know that there’s an intrusion happening.”
Click the banner below to get Insider access to exclusive articles about federal IT trends.