Mike Poulos, technical director of U.S. federal operations at California-based cloud security services provider Qualys (Nasdaq: QLYS), has said federal agencies should develop a continuous monitoring program in order to protect their information technology infrastructure amid the increasing number of cyber threats.
Poulos wrote that such a program should be based on automation that works to “reduce the load on IT professionals and help them focus on mission-critical tasks.”
Agencies should implement cloud-based managed services and integrated platforms to accelerate analysis of data and functions as well as facilitate the decision-making process, he noted.
He called on agencies to integrate security requirements as they develop applications and websites and perform risk assessments through adoption of an automated workflow that facilitates trend analysis and creates a baseline for the organization’s cyber risk posture.
Poulos also discussed the importance of the Federal Risk and Authorization Management Program to agencies as they field cloud platforms and the need for chief information officers and chief information security officers to collaborate on all data and operational security areas.
“Governance policies should be built around a management framework that lets agencies accept a certain level of risk while understanding it’s impossible to defend an entire infrastructure in today’s boundary-less mobile work environment,” he added.