The Bureau of Information and Telecommunications (BIT) is responsible for South Dakota’s IT security. At the Siouxland Cybersecurity Forum 2019, Xigent hosted Pat Snow, South Dakota’s CIO and primary BIT executive.
BIT, like banks, must deliver heavily regulated IT services under increasingly challenging circumstances. Snow’s presentation and roundtable Q&A session provide valuable insights to bank compliance officers and IT executives on integrated IT security.
A Streamlined Technology Platform
South Dakota has what may be the country’s most efficient IT security platforms. The State’s BIT operates under a lower budget than most other states, and yet has developed a security platform that supports monthly low-impact vulnerability assessments on every endpoint.
How they got to that point (pardon the pun) is a great story.
South Dakota’s Bureau of Information and Telecommunications IT Security Platform:
- Depends on a project management approach focused on strategic objectives.
- Enforces edge-to-edge security control.
- Responds to 30 different audits each year from federal and state officials.
- Delivers and protects daily data transmissions of ~14.5 GB per second.
Like any good security platform, it is built on early project management. For the State, that meant shifting the focus from task-oriented reactive work to strategic planning.
“Project management manages the IT,” Snow told the audience. A culture that considers the objective and purpose first, prior to developing the infrastructure, is far more effective. This type of business-oriented thinking led to them to their current system, in which “security is embedded across all [State-managed] platforms.”
The State migrated to an Office 365 email system to reduce risk from an alarming wave of phishing attacks. As a result, they were able to block 73 percent of incoming emails in just one year. Over those 12 months, more than 96 million harmful emails never clogged the server, bogged down network traffic or introduced malicious threats to users or their departments.
In addition to reducing vulnerabilities with a modern email platform, South Dakota’s BIT developed a system to provide better network intelligence. A map showing deployments was helpful, “but our maps didn’t tell the entire story,” Snow said. A better system for identifying and monitoring all network devices helped the small IT staff see where to prioritize their efforts.
For example, improving the system of collecting and parsing active directory logs turned out to be valuable. Analytics from these logs helped make a case for employee training and even termination of those who continued to jeopardize the network. Adding endpoint security monitoring is an exceptional achievement with a very high return on investment.
Bank security analysts know that endpoint security, while critically important, can be almost impossibly difficult. The log volume is tremendous and can be overwhelming. BIT’s SIEM storage is 34 terabytes and climbing! But even so, integrating IT security with core objectives allows organizations to prioritize their most valuable work.
However, as Snow pointed out, collecting event logs is one thing, getting good intelligence from those logs is quite another. Effectively analyzing and extrapolating from event logs requires a high-performing and well-managed IT security platform.
IT admins at financial institutions are also keenly interested in how South Dakota reduces the weight of audits and vulnerability assessments to manageable action items. BIT’s incremental process improvement led them to a scalable and modular analytics platform they use to rank network vulnerabilities and then measure corrective actions.
Using a powerful business analytics tool, Microsoft PowerBI, security analysts can observe abnormalities immediately. Dashboards present key metrics with drill-down capabilities. For an organization with more than 1,000 virtual servers and business applications, such security intelligence provides early detection of potential vulnerabilities, empowering preventative measures rather than reactive ones.
Managed security services provide IT admins critical strategic advantages.
Pat Snow discussed how valuable it is to have insight into threat timelines, as reducing those timelines is paramount. “Most exploits can be fixed with a good platform of patch management and system updates,” he stated. “Patching is fundamental.”
In addition, according to Snow, “Most people don’t use available security features of the endpoints.” Windows 10, for example, has very good application whitelisting capabilities that go unnoticed by many IT departments. A central administration panel can configure and enforce such features across the network.
Stay Up-To-Date on Cybersecurity
Pat Snow was among several expert presenters at Xigent’s 2019 Siouxland Cybersecurity Forum. For more insights into integrated security for financial institutions, sign up for our newsletter to view other presentations and round-ups from the Forum.