Many CIOs have lived through technology evolutions in their businesses over the last 20 years, including the advent of cloud computing, mobile computing, remote work, and more. How do you make sure to continue to keep pace with the changing needs of your organization and employees while innovating securely? We recently spoke with Robert Schwendinger, CIO of Arcfield, at CMMC CON 2023 to get his thoughts on how he is moving his company forward.
Data is the new currency
One of the age-old problems in cybersecurity is not knowing what you have and therefore not being able to protect your data. Focusing on understanding your assets and not just relying on scans is an important step in addressing this issue.
“Data is a huge opportunity for our company to maintain its competitive edge,” states Bob. “We leverage a live configuration management database (CMDB) utilizing some of the data that we’re pulling through. This takes sources of truth and maps the environment in real time.” He shares the value of always knowing the impact of any infrastructure action across the organization.
Balancing innovation with security
Cloud computing has transformed business operations, cost efficiency, scalability, flexibility and more. Within the defense industrial base there can be resistance from the security side of the house around data sovereignty concerns from putting data in the cloud. It is critical to take security matters into account and weigh them against the clear business benefits and need to drive the business forward.
The key providers, including GCC High from Microsoft and GovCloud from AWS, have already accomplished a lot of this. These solutions take data sovereignty into consideration and provide a level of self-encryption ability allowing users to bring their own keys to the environment, encrypt the data, and ensure it’s in their control from an access perspective.
“Security is foundational—it’s very much built into the operating models of many of the cloud providers,” Bob shares. “It’s fundamental to everything that’s being done in the cloud. The ability to spin up fast and to perform infrastructure as code are huge benefits. Also keep in mind that there are circumstances where on-prem or hybrid environments will be necessary, so stay informed and be practical in your approach.”
Planning and managing your IT budget
Juggling operational needs, innovation, and things that are security-related but fall under IT’s purview can be a challenge. It’s a year after year consistency, roughly knowing the tools and the personnel that are required. Costs also tend to stay consistent.
On the innovation side, it’s about pushing for business opportunities or gains for the organization. Bob continues, “As a CIO, when you go into a budget meeting, it’s important to bring up innovative ideas, like leveraging a data lake, and showing how it ties into the architecture and provides the business a big push to ultimately go to the next level. The most successful CIOs, CSOs, or leaders of any function who support the business, share the trait of being focused on enabling the business—not IT for IT sake, security for security sake. Everything is about enabling the business, finding ways for the business to be more competitive.”
How to prepare for emerging technology trends
“Evolution is one of the few constants in the technology world. Staying informed about trends that will significantly impact the aerospace and defense industry in the next few years is important to the health of your company,” states Bob.
AI is continuing to impact work today and that looks to continue. Be aware of opportunities to take advantage of these solutions and make sure that you have the content of your data being reviewed within your control. Also, be aware that web 3.0 is coming, which will bring its own services and resultant benefits.
Another trend to track is internet infrastructure as code, which will continue to expand. Many companies are taking advantage of this tech in their environments today. Its power comes from the fact that you can deploy the entire environment at the push of a button. Whether it’s a disaster recovery event or something else, you can quickly have the infrastructure completely up and operational again. If you’re launching a new office, you can spin that up incredibly fast. No longer are you waiting the three to six months for that office to be operational from an IT perspective.
Insights on architecture and infrastructure resiliency
When a cyber attack happens, the execution of the information security plan falls to the CIO and their team. Knowing that you have that resiliency built into the organization is a huge safety net.
Here are some ways to facilitate quick action and make sure you are covered in the event of an attack.
- Ensure that you have copies of your data in three places. Backups times three.
- Install and use multifactor authentication. MFA clearly has to be deployed across enterprises today.
- Adjust time level access and ensure that access isn’t always universally available.
- Build a zero trust environment as in some ways this is the foundation of the infrastructure of today.
- Leverage infrastructure as code.
- Take advantage of a cross-cloud configuration.
As you work to secure your infrastructure, contact the experts at CyberSheath with any questions you may have. We are here to support your efforts and to build resilience into your IT environment.