Skip to content

Dec 29, 2021

For State and Local Government, the Road to Cybersecurity Advancements Starts with Good Cyber Hygiene

With Cal-Secure, Gavin Newsom and the California Department of Technology provide a proactive model for state and local governments

By Chris Cruz, Chief Information Officer, SLED, Tanium

Without a doubt, the central theme for 2021 is cybersecurity. The topic is at the top of many legislatures’ minds, and the federal government has issued several mandates and recommendations on how agencies should improve their cyber posture — but that’s also happening at the level of state and local government.

In October, for example, California Governor Gavin Newsom released Cal-Secure, the state’s first multi-year cybersecurity roadmap. This is a great step toward improving the state’s cyber hygiene and vision, as it outlines actionable phases — with measurable success criteria — to foster a world-class cybersecurity workforce, an empowered cybersecurity oversight governance structure, and effective defenses to all technology.

Broken into three pillars — people, process and technology — Cal-Secure fosters a standardization of requirements and efforts, and reduces the overall risk of cyberattacks for state, federal, local, tribal, and private sector stakeholders. This also leads to the development of Security-as-a-Service offerings, implementation of a unified risk management platform, among other initiatives.

In particular, the technology pillar prioritizes defining baseline security capabilities for state entities, fosters cybersecurity through IT modernization, and collaborative threat mitigation — all critical for a successful cybersecurity framework.

Security-as-a-Service solutions that promote standardization across the state and local levels will help California stakeholders meet the goals of Cal-Secure and strengthen the State’s overall cyber hygiene. An enterprise service is needed to support organizations that lack the funding, resources and expertise to align with this plan.

A good model of cyber improvement for state and local governments

California has taken a proactive approach to addressing and enhancing cybersecurity. States with a strong focus on cyber hygiene will likely adopt similar strategies. Preferably, there should be one plan that all government agencies follow to maintain consistency. The more partnerships and common processes that an organization has, the more prepared and proactive it will be against cyber incidents and breaches.

Agencies working to comply with Cal-Secure or a similar initiative should consider:

  • Performing an IT hygiene assessment to assess the level of cyber maturity in meeting these goals and objectives
  • Determining gaps in the entity’s delivery model and developing performance metrics that align with this plan
  • Ensuring security governance that allows for communication within the agency is in place, and leadership is aligned with the state managing the strategy

Agency IT teams and administrators working on a cyber roadmap model should develop a security governance structure that provides a mechanism for communicating and making decisions that involve cybersecurity policy direction.
A structure of this nature helps to standardize enterprise solutions tools that are less complex to operate, providing automated monitoring and control into the enterprise. IT teams will then gain real-time data into the network and help them make informed decisions in an expedited manner to better manage the overall IT hygiene.

How Tanium can help

Cal-Secure’s main priorities revolve around people, process and technology – and Tanium brings an added value to the technology realm. Specifically, under Phase Two of the roadmap’s cybersecurity capabilities, Tanium’s endpoint management and security platform can help California Government stakeholders increase patch management efficacy, asset management, incident response, continuous security response, and cloud monitoring.

Tanium’s risk and compliance management and threat hunting solutions also satisfy the goals in Phase Three of Cybersecurity Capabilities by providing a threat detection platform to limit and mitigate provisions against the loss of critical data.

With a platform solution, governments can bridge the gaps between IT operations and security functions by reducing the complexity of your infrastructure and replacing outdated legacy applications — enhancing overall visibility into the enterprise.


Learn more about how Tanium can help state and local government agencies improve their cybersecurity posture and reduce risk.