D-CSF-SC-23 approach - NIST Cybersecurity Framework 2023 Certification Updated: 2024

State and local governments continue to be under siege. Research from CrowdStrike shows that between July 2022 and June 2023, government was the second most frequently targeted industry by nation-state adversaries looking to compromise systems. This research also shows that government and academic sectors were in the top 10 of industries targeted by both nation-state actors and e-criminals. Highly sophisticated cyber adversaries frequently target state and local governments to exploit vulnerabilities, disrupt critical systems and exfiltrate sensitive data.

Making matters worse, many state and local governments lack the budget, expertise and skills to effectively defend their rapidly expanding IT infrastructures against these attacks — both the sophisticated and the mundane. Thankfully, to combat these increasing threats, public sector entities have begun to embrace a new, synergetic approach: the whole-of-state approach. This allows organizations to be more collaborative with cybersecurity that protects citizens, data and digital infrastructure to better strengthen their cyberdefenses in a coordinated manner.

Click the banner to learn how your agency can increase its ransomware recovery capability.

Why a Whole-of-State Approach Is Needed

Historically speaking, the most pressing mission requirements for governments have taken priority over upgrading security operations. Ensuring that state and local governments deliver on their commitment to constituents will always be the top priority. Many times, this means that the premium placed on modernizing cybersecurity programs is reduced when compared to other parts of daily operations. The task of implementing proper cybersecurity standards remains a challenging endeavor for organizations in today’s complex threat landscape.

State governments house a multitude of entities, each possessing distinct cybersecurity requirements, budget stipulations and infrastructures. Unifying these diverse components under one cybersecurity framework requires an understanding of their differing needs, technologies and operational setups.

Enter the whole-of-state approach, a strategy that unites the complex and vast ecosystem of networks and systems under a single, standardized framework of policies, procedures and controls. To effectively safeguard operations and constituent information, state governments need a comprehensive approach to cybersecurity. Whole-of-state cybersecurity is a collaborative effort across state and local government to protect citizens, data and the digital infrastructure that keeps these organizations operating freely. This approach recognizes the varying needs of different entities — such as technologies and operational setups — to establish a high level of protection to thwart attacks and fortify security posture. Perhaps the most important component of this strategy, and potentially the most beneficial outcome, is the open communications framework that allows these disparate organizations to join in the fight against an unrelenting adversary community.

EXPLORE: How state and local agencies can establish zero trust.

Managing Change Through Cybersecurity Challenges

Considering the multitude of benefits, many assume that governments are quickly implementing this new approach to transform their defenses. But they face an array of organizational and operational complexities that are standing in the way of successfully adopting the whole-of-state approach, including:   

• Operational silos. Each entity within a state government (agencies, departments, municipalities and school districts) usually has its own IT infrastructure, which means it will have distinct cybersecurity requirements to comply with government regulations and ensure secure systems. For many agencies, unifying these diverse components under a homogenous cybersecurity framework requires an understanding of their differing needs, technologies and operational setups, which can be difficult.
• Financial constraints. Agencies frequently encounter fiscal limitations, compelling them to carefully distribute resources across numerous projects. Without ample funds, leaders are forced to prioritize select projects over others. This tradeoff often finds cybersecurity strategy on the losing side of the decision.
• Legacy systems and infrastructure. State and local governments frequently rely on outdated systems that they’re unable to upgrade due to budget constraints. Legacy technology typically lacks effective security capabilities and the latest software updates, rendering them susceptible to cyberthreats and requiring supplementary measures for protection.
• Evolving threat landscape. Modern threat actors are only becoming savvier in their tactics, requiring security practitioners to leverage more sophisticated defenses. However, with the industry facing a skills shortage and it becoming more difficult for government entities to attract and retain talent, agencies must have a proactive cyber approach. Leveraging modern IT enterprise security tools and concepts such as multifactor authentication, Software as a Service applications and proactively hunting for threats within the network puts power back into the hands those who defend against pervasive cyberthreats.

The Whole-of-State Works for All Agencies Involved

The whole-of-state approach simplifies these challenges to address cybersecurity concerns holistically by building on the skills of existing personnel or recruiting specialized talent while unifying the efforts of government entities to minimize redundancies and optimize processes through shared resources. The results include streamlined security operations with clear communication channels, alignment on common objectives and governance structures, and reduced compliance burdens on individual entities.

State governments are already starting to reap the benefits of the whole-of-state approach. Last year, New York started a $30 million shared services program aimed to assist counties with cybersecurity across the state. Additionally, the state’s new cyber strategy also calls for state agencies to implement zero-trust architecture, a critical part of defending IT infrastructure to radically reduce lateral movement during malicious cyber attempts. Although this improved coordination is just the start of a whole-of-state approach, it highlights how state governments should be assessing their cybersecurity posture.

It’s also clear that state governments of differing political persuasions are looking to similar legislative approaches to help further standardize their efforts. Utah was one of the first states to pass legislation focused on zero-trust principals that is standardized across executive branch agencies. California also introduced its own version of this legislation this year.

READ MORE: How state and local governments are addressing threats with zero trust.

This bipartisan legislation marks the start of implementing a whole-of-state approach across state and local governments throughout the country. However, it’s just the tip of the iceberg: Zero-trust principals (where every request to access the system must be authenticated, authorized and encrypted) and endpoint detection and response tools are but a small part of a healthy security posture. To truly create a resilient enterprise, governments must adopt holistic security solutions that minimize the attack surface, incorporate a variety of EDR capabilities and leverage threat hunting to ensure the safety of their networks. And, considering the overwhelming rise in identity-based attacks — a threat vector that is sure to grow moving forward— we should hope to see identity detection measures woven into the fabric of these new security models. If executed successfully, state governments, local governments and educational institutions will be empowered to stay ahead of cyberthreats, strengthen their defenses and protect essential services and citizen data.

It’s clear that state and local governments will continue to be targeted by both bad actors and nation-state threats. With that in mind, it’s important for organizations to embrace this new way of thinking about their cybersecurity practices to prepare for the evolving threat landscape of the future. By using a whole-of-state strategy to centralize security management, leverage advanced threat intelligence and deploy robust endpoint protection capabilities, state governments can create a more secure environment for their operations while fostering collaboration and resilience across all entities within the state.

On The Record

Marius Haas is driving Dell EMC's storage blitz in fiscal year 2019 with plans to win market share from competitors including Rubrik, NetApp and Hewlett Packard Enterprise by doubling down on storage investments and channel enablement.

Haas, president and chief commercial officer for Dell EMC, is responsible for Dell's growing $43 million global channel organization as well as the company's go-to-market strategy.

In an interview with CRN, Haas talks about the company's storage blitz, market differentiation, new stand-alone storage quotas for partners, and the channel call to action for the new year.

What's the call to action on storage and the all-flash attack mantra for Dell EMC?

It's pretty darn simple. Our client business is on fire, in a good way, not a bad way. Our server business is probably on a trajectory again this quarter to gain 500 basis points a share, which is now going to be three quarters in a row, but we feel as though we have not been on the same trajectory in storage. We have eroded share and we are saying, 'Enough is enough.' It now needs to be real clear that we expect our team members and our partner ecosystem to really rally around the storage business. There are competitors out in the market and for some reason, in some cases, they have done better than we have. So we're taking an approach around, 'Hey, we're going to take a refuse to lose approach in the business that we used to have 36 percent share in and we no longer have that.' We are changing our compensation models internally to ensure that the focus is there on storage, in addition to the other areas, but it was a little diluted this past year. So that's one on our side.

What can partners expect now from Dell EMC with this storage charge?

We are going to be very prescriptive on our product positioning, which had been a question from the partners around, 'Hey, you created confusion as to what do you lead with and where.' We are going to force that conversation from our side to get crisper and crisper, create the battle cards for our partners around how do you position our solutions vis-a-vis the competitors, and why our value proposition is stronger. We are going to clearly put the dollars behind it to make sure it's economically attractive for our partner ecosystem. We're going to put the training programs with it as well and we're going to make sure our sales makers are very focused on it.

What are some storage investments you're making to drive growth?

We are adding gross about 1,200 people to our mix. All of that is within the storage ecosystem. We clearly need to make sure that we have the right resources to go in the right depth, to have the right architecture conversations, that also enable our partners to sell the full broad breadth of the portfolio into all markets aggressively -- from high end all the way down to the low end. We're now at almost 1,000 just for commercial alone around the world. We're going to keep adding more and more and more. It will all be done by the end of our fiscal year, which will be end of January.

Who are these 1,200 people and what is their job?

They'll be in place around the world. They'll be components that are what we call DCSEs -- data center solution sellers that are predominantly focused on storage. Then underneath that are also inside support team members for, for example our partners, as well as specialty leads for every single one of our product lines within the storage portfolio. So we can go deep and we can go wide on storage on the outside as well as on the inside.

How big of an increase is that 1,200 to Dell EMC's overall storage team?

Roughly around a 20 [percent] to 25 percent increase.

What impact will these 1,200 people have on partners? Are they going to hit the ground running?

Absolutely. There's always a productivity ramp that you need to assume with it, but we've got all that in place as part of our on-boarding as well as aligning of the team members to the right territories and to the right partners. We clearly anticipate from what had been over the last year or two years, we've had a slight share loss, we want to pivot that to a share gain and then we want to pivot that to a clear premium to the market on a growth trajectory standpoint. All of that we want to get done next fiscal year.

What about the internal and partner compensation? How much money are you putting there?

On our side, what we're creating is an environment that is specifically for storage to make sure that every single seller has a specific storage-only quota, in addition to a server quota, in addition to a client quota, as an example. Whereas before, for example, we had a combined blended quota of servers and storage. So you can have your attainment just by achieving your server quota. So we are getting real precise around the expectations of our sellers to say, 'Storage is critically important. You're going to be driving it.'

We got a phenomenal storage team that came to us with the EMC acquisition. Now what we want to do is turn that into an engine that is just going to drive extremely hard... We're also going to create training programs, enablement programs, MDF funds and back-end rebates commensurate with our ambition to clearly have an aggressive share gain plan next year.

Can you put any color around that storage quota?

I'll give you an analogy. We want to be anywhere from 5 to 10 points premium to the market in our high end and midrange parts of the storage business. So translate that into a plan that we're going to deploy among our team members to go achieve that... For example, let's say the midrange market is expected to grow at 1.5 percent to 2 percent, we want to be 5 to 10 points above that. We want to grow midrange in the neighborhood of 6 percent to 10 percent.

Where do you get the share?

We are going to take it from others. There's no doubt. That's why you have to create a clear incentive for partners that there's a reason to come to Dell Technologies. It's not only because we're the strongest in storage, but we're going to be the strongest in servers, the strongest in clients, the strongest in virtualization -- the full profile presents an opportunity for a partner to really bet big on Dell Technologies. And in order to incent them to do so, we put money on the table.

Who's the most vulnerable vendor out there in the market when you look at your competition?

If our expectation is that we are in a gain-share, grow-at-a-premium-to-market, we have to go after all the core competitors. We're looking at NetApp, Hewlett Packard Enterprise, Veeam, Rubrik -- then you expand into the hyper-converged infrastructure ecosystem, you can imagine the list there.

What about product positioning and where do Dell EMC partners need to place their focus?

When there was positioning confusion, what happened was everything doesn't go at the pace you want it to go because you just don't know what you ought to be driving, what you lead with. When we created that clarity in the midmarket saying, 'Hey, in these use cases, we want to be real clear that we want to be driving our SC [Series] portfolio.' We literally made that pivot not that long ago from a positioning standpoint. I look at the quarter to date today, my SC [Series] growth is 20 percent subsequent to that move and making sure all the team members inside the organization -- what we call our Technical Sales Reps that are inside that support the outside -- all are very much incented to be driving that same positioning, that same alignment, that same compensation model. You make that flip and all of a sudden you saw that engine revving very quickly. So when you eliminate ambiguity and are clear on the positioning on a workload basis to say, 'In this scenario you go in and run this play' -- boom, you win. So we already have the data to say, 'Got that right, let's do more of it.'

Do you think you took the eye off the ball in storage?

I don't think it's an eye off the ball. I think it's focus. When you have an organization that has a portfolio that's this big, then all of a sudden you ask that same organization to sell and promote a portfolio that's twice or three times the size and you don't do enough differentiation that will drive the behaviors through the compensation engine -- then they'll go the path of least resistance. Now that we have almost a year under our belt, we're realizing, 'OK, now how do we get the focus back on the parts of the business that are clearly important for us?' Losing share is unacceptable, so what are all of the actions we're going to take to make sure we're in a position of strength and align all our team members and align all of our partners to help in that journey?

Declaration Of Independence

Steve Pataky has been head of sales at SonicWall for the last two years, and that's enough time for the channel veteran to have seen some sweeping change.

When he came aboard, SonicWall was two years into its life as part of the Dell family. Last November, the company was spun off as part of the sale of Dell's software business, essentially returning SonicWall to its roots as an independent, private equity-backed firm to the cheers of those who fondly remembered the company's partner program and preferred it to Dell's.

Now, SonicWall is not only independent, but also counts Dell EMC as its largest and most significant customer. The relationship is complex, but Pataky says all parties can be winners. What follows is an edited excerpt of CRN's recent conversation with Pataky.

What's SonicWall's relationship with Dell like now?

Well, obviously, we spun out Nov. 1st, and it's an interesting transition for us. You go from being a division inside of a division inside of a division to being an independent company once again. It's very significant, and we get to reconstitute our channel. Under Dell, we were just one very small piece of the PartnerDirect program while retaining Dell as both our most important and most strategic partner, our most substantial go-to-market partner, as well as our largest customer worldwide. Thankfully, Dell consumes our technology to protect themselves, and that's part of our ongoing effort to continue to secure Dell and as EMC comes into the picture, also look to secure the EMC piece. It created a huge opportunity for us to continue to focus on them as our largest customer.

How big an adjustment has it been?

We've reconstituted our approach to enabling their sellers and their channel. As we separated from PartnerDirect with our SecureFirst program, we wanted to make sure the partners connected to Dell, wanted to continue to work with Dell because they have relationships, that they still saw a viable way to procure SonicWall through Dell. That's what we've been consumed with, and like everyone else, maneuvering through the transition, the distractions, the processes and infrastructure.

When you got spun out, SonicWall partners were fired up. Have you seen that enthusiasm, and have you been able to recruit new partners to the fold?

We saw some building excitement in the market. The Medallion program, which was the former SonicWall program, was very well respected, and there were some great elements under PartnerDirect. There were some elements of the Dell program that I really liked. The principle was to respect the past, but not be burdened by it. Let's do something that's right for the next generation of SonicWall and right for the market in the security space. That's what went into SecureFirst. It's like throwing a party and wondering if anybody's going to come. We were just overwhelmed with the response.

Has that made getting partners over to the new program easier?

We have over 10,000 partners worldwide. That was what we set out to do. We knew day one we had to have a program because our partners needed something to migrate to. Having done big partner program migrations, I thought it would take us about a year. Inside of two quarters, we not only migrated our 10,000 partners, we had over 2,000 new partners sign up with us. It was the fastest migration of a channel I've ever seen. It's one thing to just sign up, but we saw like a 70 percent increase in deal registrations. So this new, independent SonicWall is really resonating.

They signed up and got to work.

They signed up and got busy. They brought their opportunities to the fold. At the same time, we took a lot of pain to say to the Dell guys – and we got some of the more significant Dell partners to onboard with SonicWall – all my meetings are with big Dell partners. What's our go-forward strategy? How do we still enable you to leverage security to pull through a lot of Dell opportunity and let you do that inside the Dell program? Our strategy is always go deeper with a few guys who can scale with a broad channel and distribution. My field team is very focused on those partners that can scale. They can engage with Dell and engage security as, we think, a catalyst toward a bigger conversation.

Have you been able to take new partners away from your competitors?

Absolutely. The new partners we're getting are a combination: It's net new because there's a lot going on around this company and they want to check it out; there's a natural curiosity about what's happening. I also think some of the new partners are partners that somewhere in their history transacted with us, or were just what I would call an 'unmapped' partner. They were buying our technology through distribution and we didn't know them. Now they're coming back into the fold. Some left us. Some voted with their feet after various changes in the company, including going to Dell, and we're pulling them back into the fold, as well.

So Dell EMC becomes one of the keys to SonicWall's growth?

When you step outside the company, and you're no longer a division, it forces you to polish up your value proposition a little bit, and say, are we really on message and on point with what matters to Dell? It takes a lot of confidence, but you realize that if I enable what [Dell] is trying to do, I'm going to move a lot of SonicWall in that process. That's what we're focused on right now. How are we really leveraging security as either a catalyst to get a conversation going, because it's pretty easy to talk to customers about security, or you're having a conversation around storage, or networking or the data center and inevitably you have to answer the security question. Whether it's on the front end or the back end, we spend a lot of time trying to reconcile our value prop for those Dell sellers, whether they're badged Dell or they're partners.

Do you see certain lines in the EMC portfolio that stand out opportunities for you, or are you considering the entire portfolio?

We're mapping that. Obviously Dell's message to the market is: "Hey, we've got a very broad portfolio and we've got to enable everybody." For us, it's about understanding that value prop and where can you really be a catalyst. I think we're going to find certain opportunities that rise to the top faster than others, and maybe in certain markets. Our footprint with small business, small enterprises and distributed enterprises like education, you think about the combination of Dell desktops and security for education, that becomes a really integrated play. There will be parts of the portfolio that serve the markets we excel at, and we want to make sure that that's well understood.

What are you seeing in the security market that presents opportunities for you?

We had a new CEO come onboard who knows security really well. We stood up the new partner program, we launched SonicWall University and we've also launched our first new SonicWall global marketing campaign, the Fear Less campaign. It's a little less doom and gloom than you see out there. It's focused on three particular threat areas that we think customers and the channel need to think about: Ransomware, encrypted threats and email threats. Still, more than 70 percent of threats that come into the enterprise, come in through email. Our orientation is around first, understand the threat. Before we talk about a process or technology, let's understand what your risk is and where you're vulnerable. Then we can talk about different solutions, and our Advanced Threat Protection is really our secret sauce, it's our multi-engine sandboxing technology. We were a little late to the market, but everybody's got single-engine and the bad guys know how to evade it. We've got three.

How have the bad guys changed?

The bad guys, we're talking about organized crime, nation-states. It's really well-funded and well-organized. Malware-as-a-service. You can go on the dark web and buy malware-as-a-service. I want to launch an attack on somebody, let me just download the malware. That's a really insidious landscape to live through. YOU have to think differently about what they're going to do, the countermeasures. That's working for us. We can talk about those three threat areas with credibility because we've got a technology that sits behind it that will work.

Where do you see the market moving, and how does Dell EMC play there with SonicWall? Can SonicWall be complementary with something like [VMware's] AirWatch?

I think mobility continues to be another huge area, if you think of all the threat factors. We're looking at how we can fit into that space right now. We compete with a bunch of different access vendors, but we think there's differentiation in how intelligent you make that access point. There are things you can do. There are policies you can enact at that level that present all kinds of interesting opportunities for companies like Dell and for the channel. I think mobility and securing it a different way with a different level of management becomes a really big opportunity for us. Virtualizing our technology, our firewalls, is on our roadmap, and that's going to open up all kinds of markets. And with the whole 'trusted advisor' idea, who's more trusted than Dell? The ability to have some kind of managed offering, or embedding offering to not only bring the technology to the customer, but to secure them and help them fear less, that's another battleground that's going to happen.

Are you gaining any traction with other hardware vendors?

One of the things that's on our roadmap that we've been talking a lot about is our API strategy. We own our roadmap, we don't have to compete for R&D dollars. We have a major effort to get our final APIs up and running, and we're working with a short list of substantial other guys out there. We're listening to our channel and our customers on what would be valuable, and a lot of it fits into the managed service space so big managed service providers can interface with a firewall in a different way and that would help them deliver better security, probably more efficiently for them.

What do your APIs mean for managed service providers?

With security, management matters a lot, and we've taken the perspective that there's a difference between management and reporting, and a lot of it tends to get mashed up together, especially at the firewall vendor level. For us, we think there's a tool set in our management platform that's very specific to just managing firewalls and deployment, but then there's a whole other level of reporting. We have over a million networks protected. We've sold over three million firewalls. That's more than a lot of our competitors combined. We have a massive amount of threat intel that comes back to our cloud for that. How do you package that and leverage that to help business understand their threat landscape? You're going to see a lot of focus in the future on management and reporting and packaging that stuff up differently to help a managed service provider that's helping 500 small businesses. We have some partners that have 2,000 customers under management. Small businesses. How do I leverage that reporting in a different way to help protect them?

As far as mobility and drilling down on management and reporting are concerned, how important is scalability to SonicWall?

Now that we're independent, scalability, density and capacity are important. We're the best at deep packet inspection, and you want to always have enough capacity to turn that on and not degrade the performance of the network. You need to turn on deep packet inspection to inspect all your SSL traffic and since so many of the bad guys figured that out a long time ago, bad stuff comes in through encrypted traffic. It's akin to saying I locked my front door, but my back door is wide open. Having enough horsepower in your firewall so you can turn that deep packet and inspection on to close and lock the back door too, that's what's needed for ultimate protection.

Have you seen a lot of interest in the SonicWall University training program?

It's off to a really fast start. It's a much more viable way to educate a channel of our size on security. And they can use the content to train their customers. It's a massive number of sales reps and SEs to train. It used to be here's the training, get certified and the shelf life is usually about two years. People come in and they have to re-certify, and they ask if they can test out. Look how fast security is moving, how fast it's changing. What we figured out was we need to have a different approach coupled with how fast the landscape is moving. SonicWall takes a different approach than the typical here's your training, get certified, good luck approach. We have continually refreshed content to educate on the cyber-security space, the fundamentals. Understanding the latest threats. It's a dynamic platform that says you can earn your accreditation, but we'll also tell you every time new content hits the site. It's online, it's free, it's 24/7. It's role-based, whether you're a salesperson or an SE. Everything has an assessment so they can progress through and earn accreditation.

Advertise With Us

We have various options to advertise with us including Events, Advertorials, Banners, Mailers, etc.

Get in Touch

Download ETCIO App

Save your favourite articles with seamless reading experience

Get updates on your preferred social platform

Follow us for the latest news, insider access to events and more.