San Joaquin County: Technology Leader in Government
Over the years, Tanium has earned an enviable reputation for driving critical success at organizations running some of the world’s largest and most complex networks. From top to bottom, our company is fueled by a passion for customer success, so it’s thrilling when these efforts are recognized externally. Congratulations go to San Joaquin County, California, for being named as a leader in the prestigious 2020 Digital Counties Survey — thanks in a large part to its cybersecurity strategy. The county has been a Tanium customer since 2019.An award-winning response
Like many Tanium customers in government, San Joaquin County runs a demanding IT infrastructure connecting thousands of endpoint devices and supporting everything from local education services and law enforcement to the court system and healthcare facilities. Such complexity can be the enemy of effective IT security and operations, generating visibility gaps that can expose organizations to the risk of serious breaches and non-compliance.Recognizing the threat to mission-critical data from external hackers, new CIO Chris Cruz last year set about designing a data-driven decision-making model. His goal: to maximize IT efficiency, minimize cyber-risk, and improve ROI. The latter, he says, is important at a time when state and local agencies, in particular, are being stretched financially to the limit by the COVID-19 crisis. At the same time, local government bodies in the US are suffering significant damage from ransomware attacks targeting security gaps such as unpatched resources.
Tanium delivered straight away by helping the county discover multiple security vulnerabilities. Thanks to our platform, Cruz was able to roll-out a highly effective patch management strategy at speed and scale across the agency to help reduce cyber-risk exposure. He’s now also using Tanium’s asset management capabilities to discover unused software that can be retired, in order to improve IT cost-efficiency.
Excellence in IT
We’re thrilled that Chris and his team have been named leaders in technology innovation for government agencies in the 2020 Digital Counties Survey. Announced annually by the Center for Digital Government (CDG) and the National Association of Counties (NACo), the survey recognizes technology excellence among US counties and highlights projects that better serve and protect citizens while improving the efficiencies in government.According to Cruz, the CDG cited its cybersecurity strategy and “standardized security posture” as a key reason for its selection to the list. But Crus isn’t stopping there. He is pushing to make San Joaquin County’s IT infrastructure even safer and more efficient, and Tanium will be partnering with him and his team every step of the way.
_____________________________________________________________________________________________________________________________
How One of the Largest US School Districts Protects Its Data
Mitigating cyber-risks and understanding modern (and future) security strategies are fundamental skills for IT leaders.Guarding the virtual gates of an organization and running the cybersecurity program is key to ensuring business resilience and continuity in a fast-changing world. Enter Arden Peterkin, information security officer at Gwinnett County Public Schools (GCPS).
Peterkin protects the IT infrastructure for the school district near Atlanta, which is the 12th largest school system of its kind in the US, with an enrollment of more than 180,000 students.
“The school system is world-renowned,” Peterkin says. “It’s the standard that our CEO provides. We have to run at a very high level, more like a Fortune 100 company.”
Drawing the bridge against vulnerabilities
Like many top enterprises, GCPS is on the hit list for cybercrime organizations. It is forced to continuously ward off cyberattacks and update its defenses. As an IT and security veteran, Peterkin understands that no matter the effort, gaps and vulnerabilities still exist.“The root cause of cyber-related vulnerabilities is human error,” he says. “Vulnerabilities are often the unintentional consequence of a lack of knowledge, lack of skill, or lapses in judgment. They manifest as programming flaws within software applications, default or lax configuration settings, or the proclivity to fall victim to cybercrime methods, such as social engineering.”
It’s a challenge, but not too much so for Peterkin. Wide-scale automation and security education for employees been critical. Most importantly, Peterkin focused on keeping the team vigilant about their fundamentals security practices. This helped the district maintain good IT hygiene to reduce the opportunities for hackers to breach the network’s defenses.
With the advent of the global pandemic, businesses and school systems alike have noticed IT gaps and vulnerabilities more frequently than ever before. However, as Peterkin suggests, while the main threats and vulnerabilities have remained the same, the risk has dramatically increased.
More than a decade ago, school district leadership identified “anytime, anywhere” access to instructional support resources as a strategic priority. This progressive approach has helped the district build out online learning and administrative services for its mobile, digital constituency of young students. And this prepared them well for what the COVID-19 pandemic would bring.
Wielding the weapons of defense
Phishing to commit extortion using ransomware or financial fraud are the most prevalent attack methods employed against the school district. One of the weapons of defense for GCPS is having good security-foundation awareness and education.“While sometimes it’s easy to forget the basics, it’s not something that should be overlooked,” Peterkin says.
Keen strategies and effective risk mitigation are other weapons wielded by diligent data defenders, along with implementing the right tools. In fact, GCPS has around 16,000 laptops that leave the safety of the organization daily, which could create major gaps in visibility, resilience and agility. But with the proper environment and structure in place — complemented by Tanium tools — GCPS is able to take the burden off local IT.
Keeping an eye on the horizon
Over the next five years, Peterkin believes, organizations across all industry verticals – but particularly K12 school districts like his — will fully embrace a cloud-first strategy. He believes that host-based, micro-segmentation will become a necessity, as organizations continue to embrace the notion of “Zero Trust” networking. With a heavy burden placed on risk-management executives, the largest threat to a network will remain the users themselves.As for the future, Peterkin likes to SOAR: Security Orchestration, Automation and Response. He believes SOAR will bring your policy framework and incident response playbooks to life. It can also help improve security analysts’ morale and retention by eliminating repetitive, mundane tasks from their workday — giving them back time to contribute to more meaningful assignments.
“Never lose sight of the fundamentals – email security, IT hygiene, and security awareness education,” Peterkin says. “These are the frontline, foundational elements that, when managed well, will sustain your cybersecurity program and close your IT gaps.”
Finally, he recommends celebrating your success.
“Every day that your files are not decrypted and your data is not on the streets is an excellent day!” he says. “Your success isn’t an accident. It is the result of deliberate planning and execution by you and your team. Find ways to celebrate your team’s success regularly.”
