The Pentagon has been slow to adopt the cloud and is famously reliant on floppy disks. The DOD relies on the physical security of the Pentagon to protect data, but 2020 pressured a reevaluation of digital security.
Most DOD IT (84%) and program managers (83%), admitted to "ill-advised security shortcuts" for handling department business, according to the report.
Long before the pandemic, in the private sector, 94% of CIOs and CISOs say they've also made compromising decisions due to a lack of visibility into endpoint security. Laptops, servers, virtual machines, containers and cloud infrastructure add to cybersecurity's complexity. COVID-19 made remote work entirely dependent on endpoint solutions.
Even in an office environment, security is designed around three types of employees: the average user, the IT professionals, and executive leadership.
The average user, prior to the pandemic, was hardly a top-of-mind concern for the National Cybersecurity Center of Excellence at the National Institute for Standards and Technology (NIST). An individual's home router is now part of an organization's security. The Pentagon holds upwards of 24,000 personnel.
For the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), which has a fraction of the DOD's employee count, "did pretty well" compared to its defense and intelligence peers, Bryan Ware, assistant director for Cybersecurity at CISA, said on a virtual panel in May.
Before telework, the agency used cloud-based services for email and communication but Ware was surprised by how much of CISA's mission can be done without coming into the office and in a declassified manner. "I expect we'll do more work that's not centralized in the national capital region" because of technology.
Right now CISA's focus is on finding solutions for the interim and long term to build confidence in security; especially as teleworking drives a new market of tools. However, there will always be exceptions to the rule and government agencies will have personnel who "have to touch computer hardware," said Ware.
Read more at: CIO Dive