Following the high-profile cyber attacks involving Microsoft and SolarWinds, government agencies are taking a closer look at the risks posed by third-party vendors and how they respond to incidents like these.

Dan Stroman, senior director of public sector at CloudCheckr, explained that some government entities are shifting their systems to the cloud, as on-premises software leaves vulnerabilities, noting the SolarWinds incident. His belief is that cloud platform providers are taking the proper steps to show customers that this is a secure option.

“The cloud platform providers have made a huge investment in assuring the constituency, their customers, that they’ve got security really well covered. They have a lot of due diligence that they’re able to show.”

There are other steps that can be taken from a policy standpoint. For example, North Carolina has adopted supply chain security controls as part of the NIST 800-53 Rev 5 controls, and many other states are involved in similar discussions to improve visibility and controls. However, these risks are not something that state governments are able to handle alone and will require a coordinated effort between federal, state, and local governments working with the private sector. Pressure is also mounting for the federal government to implement a plan to help guide smaller government entities through these situations.


Continue Reading “Will the Microsoft, SolarWinds Breaches Change Gov IT?” in GovTech.