May 03, 2021

Accelerating Digital Transformation With the American Rescue Plan

To make the most of the federal funds, SLED organizations should take stock of what IT assets they have now

By Gary Buonacorsi, SLED Chief Technology Officer, Tanium

With the American Rescue Plan (ARP) Act signed into law, state and local governments and educational (SLED) organizations can receive federal funds to help with operating budgets and investments in cybersecurity.

In Part 1 of this three-part series, we explain why SLED organizations should start the process by taking stock of their IT assets. By reducing waste, rationalizing their IT toolsets and developing a plan to support endpoint devices in a work-from-anywhere world, they’ll be better prepared for the funds.

Getting endpoints under control now, with endpoint management and security tools, will help SLED organizations lay the foundation for the future. It will also give organizations confidence that their ARP-funded investments won’t be jeopardized by problems arising from their employees’ devices.

Preparing for American Rescue Plan funding

Even if an organization had rigorous endpoint management in place for its on-premises operations before the pandemic, it’s worth reassessing endpoint management capabilities. There are many new challenges to consider: remote work, increased cloud adoption, evolving security threats and expanding regulatory compliance.

Remote work is here to stay

In the future, most government agencies and educational institutions will need to provide ongoing IT support for a hybrid workforce. That’s because a substantial number of employees will be working at home or some other remote location, at least part of the time.

In a survey of 500 IT decision-makers in the U.S. and the UK in 2020, PSB Insights, a global research consultancy, found that 65% of decision-makers expect their Work from Home (WFH) policies to continue in some way, resulting in significantly more remote workers than before the pandemic.

This shift is occurring in government agencies, not just private companies. In a survey of federal workers by Federal News Network, conducted at the end of 2020, nearly half reported that they would work remotely every day if they were given a choice. Almost a third reported that they would prefer to work remotely 3-4 days per week. More than half of respondents expected their agency’s support for telework to increase after the pandemic was over.

It’s time to focus on endpoint management and security

Endpoint management and security is a critical component of any IT operations and security plan.

Without visibility into the endpoints employees are using — regardless of whether they are agency-issued laptops or employee-owned devices — SLED organizations will struggle to secure those endpoints and the IT operations that depend on them.

The switch to WFH has increased IT security challenges. Attackers take advantage of remote workers’ lack of firewall protections and susceptibility to phishing attacks using popular topics such as the pandemic, political news and the upcoming Olympics.

On average, 11% of government agency employees succumbed to phishing attacks in tests conducted in 2020. The live version of those attacks can lead to malware such as keyloggers or ransomware being installed on large numbers of endpoints.

Ransomware attacks are becoming even more numerous. Many attackers take their time now, stretching dwell times to 43 days, lurking and exploring networks to find more valuable endpoints before publicizing their attacks by encrypting data and demanding ransom.

Employees working remotely are especially vulnerable to these attacks, which can even spread to internal networks. SLED organizations must strengthen their security defenses for all endpoints, both on internal networks and remote locations such as home offices.

Find and fix endpoint problems before applying ARP funds

While it might be tempting to treat endpoint management and security as an issue to be addressed with ARP funding, a more practical approach is to rationalize endpoints and IT investments now — before ARP funds arrive.

Consequently, organizations can apply new funding more effectively, knowing that the endpoints used by their employees are monitored, managed, updated and secure. Faulty or unsupported endpoints have been removed. ARP funds will be applied only to endpoints that the organization is aware of and trusts.

Rationalizing endpoints begins by gaining visibility into endpoints wherever they are located. In many organizations, about 10-20% of endpoints are invisible to the IT operations team, leaving IT leaders with no definitive inventory of all the IT assets being used by employees.

Without such an inventory, IT operations can’t monitor endpoints for performance problems or security incidents. They can’t schedule endpoints for software updates and patches that would eliminate recently discovered security vulnerabilities. And they can’t budget accurately for hardware and software investments.

Four steps for endpoint management and security

For these reasons, SLED organizations should promptly implement the following four-step process for unified endpoint management and security:

Asset Visibility

Discover endpoints in use, record their hardware and software configuration details, and monitor them for security and performance issues. Answer questions such as: How is the organization currently monitoring configuration drift? How quickly can patches be installed in emergencies?

Tool and Cost Optimization

Reassess the I.T. operations and security teams’ tools to monitor and manage endpoints across different environments. Can redundant toolsets be streamlined? Would switching to a centralized toolset save time and money compared to provisioning each department with its own choice of tools?

Data Privacy

Data privacy is growing in importance for all organizations, both public and private. How is the organization measuring data privacy and regulatory compliance today? Has the organization identified the most valuable data it’s protecting and how it’s being accessed? Are there any data privacy risks that need to be addressed?

Incident Response

Reassess the tools used to detect, investigate, respond to, and remediate threats, including advanced persistent threats that might have been lurking on endpoints for weeks or months. How long does it take the IT team to respond to threats? Is the organization prepared to respond to incidents as quickly and effectively as possible with increased adoption of cloud services and a continuing remote workforce?

Take control of endpoint devices

Bottom line: now is the time to take control of endpoint devices and put endpoint management and security tools in place. There’s no advantage in applying new federal funds to endpoints you should have removed or replaced.

Embark on an endpoint rationalization project today. And when it comes time to apply ARP funding for digital transformation, you’ll be building on a foundation that you have already tested, considered, adjusted as necessary and approved. Then ARP funding will offer an even greater opportunity for you to innovate and strengthen your cybersecurity defenses.


Learn more about Tanium’s offerings for SLED organizations.

Sign up to try Tanium for free for two weeks.