Reducing Cyber Risk in Local Government with the Cloud

Don’t stress over modernization. Aging tools and unsound practices that make local governments more vulnerable to cyber events pose a greater challenge.

As local governments prepare for a post-COVID environment, they cannot ignore the cost, speed, and agility advantages of the cloud.

There is an innate resistance to relying on cloud technologies that host critical data off-site. Stakeholders must be persuaded and employees must learn new skills. But with cyber risks rising, government technology leaders need to think about moving some workloads to the cloud.

A CDG survey of technology leaders found that 61 percent of respondents faced increased cyber threats since the start of the COVID-19 pandemic. A scant three percent of respondents were “very confident” in their ability to respond to cybersecurity risks.

The respondents’ top three challenges were aging, vulnerable technologies; lack of proper employee training; and low budget prioritization of cybersecurity. Human error was the most common cyber risk, followed by social engineering events (which take advantage of people’s bad habits), and compromised accounts/credentials.

These data points highlight the pervasiveness of cyber threats and the difficulties mid-sized governments face in confronting them.

Strengthening security in local governments starts with keeping critical applications available in a cyber event or a public emergency (like a natural disaster).

Cloud services promise speed, flexibility, and economy when deployed strategically. During the pandemic, local governments started using streaming applications to enable work-from-home capability. These apps were written to provide the same security as a virtual private network (VPN) on any device without the hassles of implementing VPN.

This level of speed and flexibility requires local governments to shift their perspective away from controlling everything in their IT sphere. The pandemic made agencies cede some of their control to cloud providers and software as a service (SaaS) companies, giving governments the freedom to try new things quickly in an emergency.

Local governments also are using low or no-code applications, serverless infrastructures, and other automated solutions to reduce the potential for human error,

But automation doesn’t fix everything. Local governments need to teach people to adopt secure practices. Training people to watch out for phishing and other forms of cyber threats is a good start. Local governments also can create systems encouraging people to adopt safer practices, rewarding them for good behavior rather than punishing missteps. Agencies can also talk to their cloud provider about simple-to-implement security tools.

Ultimately, improving security in a time of limited budgets and increasing threats comes down to persuading government leaders to adopt new ways of thinking about people, processes, and technologies.

Summarized from

Leave a Reply