recommended reading


In 2017, Agencies Should Expect Forced Cyber Disruption

By John Kindervag // December 2, 2016


John Kindervag is vice president and principal analyst at Forrester Research.

The Office of Personnel Management data breach was one of the most significant breaches in our government’s history. Attackers stole background check data—including fingerprints—about individuals being considered for secret clearances. This breach put American citizens at severe risk.

In response to the OPM data breach, the House Oversight and Government Reform Committee investigated, reaching out to private-sector chief information officers to get cybersecurity recommendations to help ensure this would not happen again. Those enterprise CIOs told committee staff members about Forrester’s “zero-trust model of information security” and the promise it holds to significantly uplift cybersecurity for any entity and reduce the risk of future data breaches.

Zero trust is a data-centric architecture that focuses on defining protecting critical assets in a granular manner. Zero-trust networks create highly segmented networks designed to thwart off modern attacks and attackers. Today’s traditional networks rely on an extremely large perimeter that defines users and assets outside of that perimeter as “untrusted” and those inside the perimeter as “trusted.”

It is this trust model that fundamentally leads to all data breaches. By removing the concept of trust from the...

How to Improve the Health of Your Agency's IT Portfolio

By Kris van Riper and Nelson Wolf // November 30, 2016


Kris van Riper is a practice leader at CEB and Nelson Wolf is a research analyst at CEB.

While many experts have discussed the growing importance of technology to government and citizen services, federal budget statistics suggest there is plenty of progress left to make. Despite a widespread focus on innovation and modernization of legacy systems, IT budgets have been stagnant over the past several years.

In fact, spending directed toward development, modernization and enhancement innovations has actually decreased by $7.1 billion since 2010, a decline of 28 percent, according to data published by the Office of Management and Budget.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

A lack of resources isn’t the only obstacle agencies currently face on the way to innovation. Federal IT organizations also encounter difficulties in making the most of their spending. The Government Accountability Office has frequently reported on issues within federal IT management and in 2015 added “improving the management of IT acquisitions and operations” to its high-risk list.

Regulatory reforms such as the Federal Information Technology Acquisition Reform Act have tried to address this by centralizing accountability with the department chief information...

How to Stop Insider Threats from Departing Employees

By David Green // November 23, 2016

Andrea Danti/

David Green is chief security officer of Veriato, a company that focuses on user activity monitoring and user behavior analytics.

When any employee announces plans to permanently leave their post, federal agencies and contractors need to immediately act to prevent any classified data from going with them. Whether they’re disgruntled from a poor review, need to move on when President-elect Donald Trump takes office in January or simply received a better offer, the possibility they might take sensitive information with them that they shouldn’t isn’t so far fetched.

Remember National Security Agency contractor Edward Snowden, who electronically shared classified documents with our country’s enemies while claiming to be a whistle-blower trying to protect the nation? Or more recently, Harold T. Martin III, another former NSA contractor accused in October of stealing 50 terabytes of classified data over 20 years?

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

According to the IBM 2016 Cyber Security Intelligence Index, insiders carried out 60 percent of all attacks in 2015, with nearly 75 percent having malicious intent and knowingly stealing valuable information from their organization. Even worse, Insider Threat Spotlight Report found...

Taking the Federal Digital Leap: Inevitable, Imperative and Doable

By Kymm McCabe // November 3, 2016


Kymm McCabe is a principal at Deloitte Digital.

We are at an inflection point in human history. We’re warming to the idea that the digital age is here and we’re starting to take it seriously. And as we come to terms with the notion that digital transformation is not a choice, it’s inevitable, the question many are asking is, if we want to become digital, where do we begin? This article offers some actionable ideas.

A good starting point is to revisit the four “revolutions” driving the current global digital shift. They are key to finding the answers federal organizations seek. According to digital futurist Don Tapscott:

  • The technology revolution continues to deliver industry-disrupting capabilities such as 3-D printing, cognitive computing, the internet of things and cloud-based everything.
  • The social revolution—think social media—changed how and the speed at which we connect, communicate and collaborate by providing real-time information that eliminates boundaries between people, companies and countries.
  • The net revolution is fueled by digital natives—people born into the digital world with bottom-line expectations of speed, participation and value in every interaction—who continue to lead global citizen and employee expectations.
  • Finally, the economic revolution stems...

Why Citizen Input is Crucial to the Government Design Process

By Mark Forman // November 1, 2016


Mark Forman is global head, vice president and general manager of Unisys' public sector and former chief information officer for the federal government. 

As digital technology practices such as modular procurement and DevOps become widely adopted across government, the gap between IT and operations is closing and benefits from the new approach are becoming clearer each day. Now, government must take the next step: close the gap between citizen-specific needs and the process for designing, developing and deploying digital government.

Whether agencies are implementing an application or enterprisewide solution, end-user input (from both citizens and government workers) is a requirement for success. In fact, the only path to success in digital government is the “moment of truth,” the point of interaction when a government delivers a service or solves a problem for its citizens.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

A recent example illustrates this challenge. A national government recently deployed a new application that enables citizens to submit questions to agency offices using their mobile devices. The mobile application, while functional and working to specifications, failed to address the core issue: Most citizens prefer asking questions via email, an...

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.