Agencies need to get creative to save money, meet security requirements
Although agencies will have to spend money to meet OMB security directives, officials say they can and should find ways to reduce the costs.
OMB memo on security requirements
SAN DIEGO — Complying with Office of Management and Budget directives to secure agencies’ sensitive information through encryption and multilayered access authentication will be expensive, but agencies should look for creative ways to lower the costs, according Justice Department officials.
A June OMB memo directed agencies to encrypt all data on remote devices, require people to use two identification methods to log onto secure networks by remote access and use time limits to prevent sessions from staying open and vulnerable indefinitely.
Dennis Heretick, chief information security officer at the Justice Department, and Mischel Kwon, director of wireless information security in Justice’s Justice Management Division, agreed that the toughest requirement is logging all computer-readable data taken from databases holding the sensitive information. Technology to do that, such as the Enterprise Data Rights Management, is new and needs more testing.
The two officials, who spoke Nov. 7 at Federal Computer Week’s Government CIO Summit in San Diego, said agencies will spend a lot of money to meet the requirements.
Kwon offered suggestions, saying agencies should consider who has remote access. They should question whether all employees need laptop computers or whether certain employees need to work from home. Answering those questions can cut costs by eliminating the need to secure unnecessary remote access points, she said.
“Security is always more than encryption,” Kwon said.
NEXT STORY: Voters are caught in an e-voting quandary