recommended reading

7 Tips to Best Secure Your Agency’s Digital Transformation Efforts

Maksim Kabakou/


By Chris Borneman October 21, 2016

recent posts

Chris Borneman is vice president of Software AG Government Solutions. With over 20 years in technology and having held CTO, CIO and COO roles for multiple organizations, Chris has focused his career on delivering value to business through technology and building strong relationships.

As citizens and businesses increasingly prefer to interact with the government online, the need for digital change at federal agencies is imminent. With that said, any digital transformation effort needs to ensure the security and integrity of the underlying systems and their integration interfaces must be solidly intact and scalable.  

One needs look no further than the 2015 Office of Personnel Management data breach for an example of how poor data integration led to massive security vulnerabilities. In addition to the risk of data escaping, new unauthorized data coming in must be protected as well. Even with so many advances, for many agencies, data manipulation through network intrusion is a top concern.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The availability of our systems should be treated with the same level of care as we invest in our security. As we transition to mobile digital approaches, our capacity requirements will shift. This means as the ability to access and process information from anywhere and anytime expands, design patterns of legacy architectures must also evolve.

On Aug. 24, 2014, a single rogue Android app took down the National Oceanic and Atmospheric Agency’s national digital forecast system, through which tens of millions receive their weather forecasts each day. The problem was caused when the app developer introduced a defect that changed the polling refresh rate for new weather data, inadvertently causing a distributed denial of service attack. The outage initially went undetected, and once identified, required several additional hours before a successful block could be put in place.

To support the benefits for digital transformation while addressing existing and emerging security concerns brought on through Advanced Persistent Threat, agencies should consider adopting the following seven techniques:

  1. Ensure all integrations between systems leverage secure, authenticated connections that provide non-repudiation and avoid interim data at rest scenarios. Avoid Extract, Translate and Load approaches. Many legacy interfaces to newer information systems have relied on ETL, but this results in interim files that can be stolen or tampered with.
  2. Avoid point-to-point integration approaches between systems by leveraging an ESB. Point-to-point integrations increase costs, lowers monitoring and integrity checking, and makes security updates difficult to coordinate and deploy. By implementing an Enterprise Service Bus, agencies can alleviate this complexity and accelerate modernization efforts.
  3. Develop and manage a system to review all key sources of authoritative information. By doing so, agencies can ensure they remain protected, accurate and secure and prioritize modernizing interfaces to these systems.
  4. Use service virtualization where possible. Service virtualization provides an extra layer of protection and change management capabilities through interface versioning.
  5. Implement an enterprise in-memory caching system. Enterprise in-memory computing will relieve the load from database and mainframe connections while improving performance and response time.
  6. Deploy a reverse invoke gateway for all communications. This will close off all direct communications to internal systems while securely brokering the information between the requestor and the backend systems.
  7. Require unique registration for every consumer of interfaces. Through this onboarding registration, identification at run-time can isolate bad actors and allow service levels per actor to be introduced. This will ensure that critical systems continue to function and receive higher priority during peak usage times.

Modernization brings an excellent opportunity to improve how we deliver our services and enhance the capabilities within our programs. Using the above techniques can ensure your agency will benefit from secure and successful implementations leveraging approaches and technologies proven in business and government architectures to securely deliver billions of transactions every year.


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.