Blog Viewer

State CIOs and Achieving a Security First Organization

By Jonathan Nguyen-Duy posted Jul 30,2019 09:34 AM


By Jonathan Nguyen-Duy, Fortinet

and risk management has emerged as the number one priority for state CIOs, according to the recently published State CIO Top Ten Policy and Technology Priorities. Like their private sector brethren, public CIOs grapple with an ever-changing threat landscape, greater complexity, and limited resources.

With the dual pressure of rising breach rates and skills shortages, state CIOs must continually be on the lookout for new approaches to improve risk management while operating under tight budgetary guidelines.

Along with security, the survey finds another top priority for CIOs is enterprise vision and strategy. Indeed, state CIOs are on the forefront of moving to a security-first mindset, moving from reactive to proactive – thereby transforming risk from disruptive to normative. Because security requires a holistic view of the entire enterprise ecosystem, it should be directly related to an organization’s values and mission, as well as balance risk management and compliance objectives.  We’re seeing risk management in both private and public sector organizations increasingly focused on delivering a reasonable level of due care rather than just compliance. 

However, state CIOs face additional pressures including intense budget constraints and complex stakeholder and constituent relationships. As a result, getting security and risk management the attention that it requires at the state level is often quite a challenge. Elevating risk management as a priority – and a critical measure of success – is being pushed forward thanks to the efforts of many CIOs.

Luckily, cybersecurity technology, techniques, tactics, and procedures continue to advance and improve our ability to identify and manage risk.  Automation, along with better integrated technologies, offers CIOs an opportunity for better security despite budgetary and staffing challenges.  A renewed focus on thinking about security from the outset, rather than as an afterthought, has generated greater adoption of secure software development lifecycle approaches, more holistic and integrated solutions out-of-the-box, and new techniques to identify and mitigate threats, and they are all contributing to greater security and resilience.  For example, network segmentation can limit the scope of damage should a breach occur, behavioral-based technology will help flag suspicious behaviors, and advanced cloud security will continue to play an important role in providing both security and agility for IT operations.

As more organizations continue to embrace digital transformation initiatives, and state operations become more digitized, data management needs have exploded, endpoints vulnerable to exploit are now pervasive, and the attack surface continues to rapidly grow. State organizations, as well as private sector enterprises around the globe, will be seeking solutions that move them toward the end goal of the highest rate of risk reduction along with the best value and ROI. State CIOs are taking an industry leading role in achieving these goals by actively making security a top priority, moving ever closer to achieving a security-first mindset. 


Learn more about how Fortinet secures education and learning today with the Fortinet Security Fabric.

If you would like to discover the business benefits of deploying Intent-based Segmentation that includes improving security posture, reducing risks, achieving compliance, and more, read here.

Read more about the Fortinet Security Fabric and how Fortinet is delivering solutions for the Third Generation of Network Security