Federal agencies are scrambling to protect their intellectual property from cybersecurity threats as technology continues to evolve. Rather than implement strategies to keep pace with technological advancements, agencies have opted to simply ban certain applications across the board.

Consider the Pentagon's recent ban on the wildly popular app Pokemon Go, for example. A game that tasks users with catching virtual monsters might seem harmless, but its GPS tracking capabilities led to spying concerns. As a result, the smartphone game was banned in all defense department facilities.

The majority of federal agencies' trademarks, secrets and other intellectual capital are kept in IT systems, cloud repositories or internal intranets. PricewaterhouseCoopers claims about 32 percent of all U.S. businesses have reported intellectual property theft due to cybersecurity compromises.

Given the large amount of important intellectual property that government agencies possess, cybersecurity is understandably critical. That said, banning every new app to hit the market is not the best way to build adequate security around your intellectual capital. The better solution is adopting a DevOps approach to cybersecurity.

Back to basics

DevOps involves operations and development engineers working together for the entire service life cycle, from design through development to production support. DevOps is all about going back to basics for long-term technology planning by combining an engineering V-model approach with a management plan-do-check-act (PDCA) model. These approaches incorporate several basic tenets: process, research, develop, test, evaluate, implement, manage and sustain organizational products and workflows.

Agencies that implement DevOps practices can expect continuous software deployments — about 200 times more frequently than competitors — faster feature delivery, a more stable operating environment and improved customer loyalty. The end result is improved quality that actually requires less time and effort.

The concept of DevOps largely remains off the radar for most federal executives, but it's crucial that agencies successfully adopt a proactive DevOps strategy to keep up with technological advancements.

Changing your approach

While a DevOps model can benefit any enterprise, the proactive approach is particularly useful in terms of cybersecurity. Begin your own journey toward a DevOps reality with four simple steps:

1. Define your assets. Before you can protect (build, maintain and modernize) your hard and soft assets, you need to take stock of what you have, as well as what you don't have. The U.S. Department of Commerce gained valuable understanding of its software assets through license agreements and security reports. Similarly, New York City's Metropolitan Transportation Authority used Infor's Enterprise Asset Management to improve its service and lower costs.

2. Acknowledge vulnerabilities and assess threats. Be realistic about your highest risks and acknowledge steps you have not taken to protect your assets. The Government Accountability Office has addressed the most common types of cybersecurity threats and vulnerabilities for most federal agencies. Its analysis shows hackers have more opportunities as organizations become increasingly reliant on computers and interconnected networks.

3. Develop your DevOps strategy. Develop a strategy that is "living," proactive, and able to adjust to daily, weekly and monthly security threats. DevOps should be part of your basic mode of operations for cybersecurity planning and strategy. Organizations also need to do a security assessment to determine the various ways they have failed to keep pace with the changing IT environment from a security standpoint.

4. Test your approach and make adjustments. Companies that are security leaders review their policies and procedures annually. Testing and monitoring your current system is crucial because cyber criminals are constantly adapting and becoming more brazen. A string of recent attacks by ransomware hackers targeted police departments in the United States by locking officers out of their records management systems. Routinely test your system for potential exploits.

Too often, organizations attempt to maintain the status quo rather than address risks created by the latest technologies. Federal agencies should not rely on knee-jerk bans to prevent security breaches. By employing a DevOps strategy, they can strategically adapt to address cyberthreats in a way that truly protects their intellectual property.

Bradford Blevins is a managing partner at gothamCulture and was recognized on the 2015 Inc. 5000. He is a U.S. Army infantry veteran and a result-oriented organizational strategy adviser.

Share:
In Other News
Load More