Addressing Security Concerns in a Growing Digital Government

A fresh administration could mean government doubling down on digital innovation in coming months.

“Digital government has gone a long way very quickly, and I think we’re going to see that accelerate,” says Faisal Iqbal, Public Sector Chief Technology Officer at Citrix Systems.

And as government continues to climb on board, security will become more and more important. Capabilities springing from the Internet of Things, the threat of increasingly coordinated and specialized adversaries and “the Snowden effect” on contracting paranoia have collectively made security a prevalent topic in the minds of nearly every government official.

Iqbal credits agencies like NASA and the National Geospatial-Intelligence Agency (NGA) with setting a healthy precedent for security. As new developments improve their operations, he says, they simultaneously keep security top-of-mind.

From a functional perspective, virtualization is one aspect of digital government that has proven especially apt. Iqbal says one approach to security is virtualizing applications and desktops to centralize data access.

“Instead of sending data out to users, keeping all secure government data in a centralized location—like a government data center or a FedRAMP-certified cloud—allows users to come to the data,” he says.

Virtual access means there’s no risk of losing valuable information if an endpoint—a stolen laptop or a lost iPhone, for example—is compromised. Tools like Citrix’s XenApp can connect users, wherever they are, to virtual applications.

Moreover, virtualization provides controls for specifying the information individual users can and cannot access. This acts as a safeguard toward insider threats, as well as added assurance that contractors and bring-your-own-device employees only have access to information for the duration of their work.

“A conditional, scenario-based access method is more agile,” Iqbal says. “People want access to data everywhere, but you have to do it securely, while keeping data integrity where it needs to be.”

Agencies are out looking for solutions—the Department of Homeland Security just closed an open call to the private sector and academia for technology that protects its ecosystem of mobile devices as well as the web of applications, sensors and systems that supports it.

But according to Iqbal, agencies should be wary of security solutions that promise “silver bullet” solutions by adding excessive new products to the stack. Most organizations are still struggling to secure, deliver and provide compliance for their legacy applications without creating too much management overhead.

Instead, leaders have an opportunity: Focus on adopting a virtualization platform that decreases management and security layers while providing built-in compliance for legacy IT.

“Compliance should be the easy part, but we’re dealing with a level of operational complexity that makes it extremely difficult to innovate and modernize” Iqbal says.

For more perspectives on the future of digital government, catch Iqbal and his colleagues Tuesday, October 4 at Fedstival, the innovation festival for feds.

This content is made possible by our sponsor. The editorial staff of Nextgov was not involved in its preparation.