October - 20188GOVERNMENT CIO OUTLOOKProtecting the Castle: Business' Changing Security Landscapeshe challenge every business and enterprise has, is to protect their domains given the changing environments, enhanced security threats and melding of cloud services. As we are pushed to embrace the cloud services and applications, our data is spread all over the world and we are losing command and control over it; it's the preverbal `surrendering the keys to our kingdom' to the IT gods of the industry. So the question stands, how do we protect our enterprise from the technology sprawl, the cyber threats and general loss of privacy and control? Can everything just be outsourced without concern?As a municipality, any city has the equivalent of running at least a dozen independent, but related companies. If you look at each of the services provided, all the data service needs are essentially the same, but the purposes are grossly different. From public safety, to utility management, to public services, public works, City Administration, tax authority, economic development, Parks-Rec&Tourism, etc. Each of these groups have unique governance, regulatory and operational needs, all requiring tight security and control over the data collected, processed and stored. So as traditional IT services and data management, give way to mobility, cloud and general proliferation of open shares, how does an IT department protect that which has no boundaries any longer?The answer to this riddle is that the City of Rock Hill, SC started a program several years ago to basically take on the Vincent J. Simonowicz, CIO, City of Rock Hill, SCTBychallenge of becoming a Municipal Private Cloud Service (MPCS). To accomplish this task we needed to understand the critical functions of the enterprise, the data and data servicing requirements, the players in the field, along with the means to change the entire architecture and data handling processes within our domain. On the top of this MPCSmaster plan sits the need to fully understand the cyber security environment and provide a solid architecture around segmentation and security isolation.MPCS required the City to revisit the network architecture design, but in doing so first and foremost focus on the security foundation first, instead of just connectivity. To do this there had to be a means to hyper-segment the network, control and isolate broadcast domains beyond the traditional VLAN structuring; so SPB (Shortest Path Bridging protocol) was selected. The layer 2 & 3 Virtual Service network clustering combined with a powerful routing, firewalling The focus should be security and segmentation first; monitoring and control second; and culminate with excellent service deliveryVincent J. SimonowiczIN MYOPINION
< Page 7 | Page 9 >