How to improve cybersecurity and workflow by consolidating systems

On this episode of CyberChat, host Sean Kelley is joined by Dr. Paul Tibbits, deputy chief information officer for the Veterans Affairs Department and program e...

Cyber risks transform at such rapid speeds that antiquated systems cannot keep up with security needs. While many businesses and institutions have focused their efforts on upgrading their existing systems, innovators have concentrated on building new programs and IT solutions to combat modern-day threats.

On this episode of CyberChat, host Sean Kelley, former chief information security officer at the Environmental Protection Agency, is joined by Dr. Paul Tibbits, deputy chief information officer for the Veterans Affairs Department and program executive officer for the Financial Management Business Transformation (FMBT,) for a discussion about FMBT’s present and future functionality.

Tibbits explains how FMBT will implement federal best practices in finance and acquisition by replacing old systems with a new one. Eventually, all financial management systems will fall under one umbrella. Instead of multiple systems talking to each other, all data will live in one location.

“We’re going to a more modern system with stronger security controls built into it. We’re going to a cloud environment,” Tibbits said.

Are there cyber risks when consolidating all financial systems into one managed service?

“We are cognizant of all the controls that are relevant to our cloud environment,” Tibbits said. “So I would say our cybersecurity posture, based on where we’re coming from, if anything, is going to be better than it was before. We’re reducing risk, not adding risk.”

In other words, the system was built for the security standards of today rather than when the original assessments were put into place.

“The staff that I deal with are all very excited about moving the VA forward, being actual participants in the VA, [and] efforts to modernize itself including the movement to manage services,” Tibbits said.

Tibbits noted their enthusiasm, in part, is likely due to the potential for improved productivity
“It is, for the first time, that I have come across a cybersecurity notion that actually facilitates workflow,” Tibbits said.

Using the medical field as a real-world example, tagged data can disseminate through the system to expedite work more efficiency. For example, if a provider knows which patients are scheduled to come in at various times throughout the day, the system can take the provider’s information along with the necessary patient data and pre-fetch it the night before, rather than waiting for the provider to manually do it. This speeds up the patient experience and keeps the provider’s schedule on track.

Another way a single management system helps improve productivity is one sign-on to access it. Providers no longer have to memorize dozens of passwords, since all of the systems are in one location for easy access.

Giving numerous individuals access to that much sensitive data also risks a security breach. That is why Tibbits stresses the importance of role-based access control for risk mitigation from a cybersecurity perspective.

As long as user roles are properly classified and data is properly tagged “only the right person, can get to only the right data, at only the right time,” Tibbits said. “It can both strengthen cybersecurity and facilitate workflow.”

Top Takeaways

  1. Today’s heightened cybersecurity needs lead to new innovations for more efficient programs and IT solutions to combat modern-day threats.
  2. Outdated networks comprised of multiple systems talking to each other are being replaced with cloud-based, single-system solutions.
  3. New single-system solutions facilitate workflow and improve productivity by housing all the data under one umbrella.
  4. Single management systems improve cybersecurity because they were built to meet contemporary standards, and implement role-based access controls.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories