On December 14th, GovDataHosting sponsored CMS Industry Day. This virtual event included a great line up of inspiring speakers who are leaders in innovative technologies. A few highlights included cybersecurity discussions on reducing the risk of known exploitable vulnerabilities and how application security solutions can reduce cyberfraud. CMS also led discussions on IaaS and end user services and opportunities to advance health equity in CMS contracting.
A Few Key Presentations:
Charles Henderson, Global Managing Partner and Head of X-Force Software at IBM, presented “Prepare for the Next Wave of Cybersecurity Threats.” He discussed the rising average cost of a data breach, which has reached a record high in 2022, and how the cost a company incurs is passed onto the consumer. According to Henderson, “A.I., automation, and zero trust strategies can go a long way in saving an organization money.” There has also been a 41% increase in ransomware attacks from 2021 to 2022. Not all industries are affected equally; however, and healthcare leads the way in terms of cost. Henderson concluded the presentation by encouraging companies to analyze and test their detection response strategies.
Michael Epley, Chief Architect and Security Strategist at Red Hat, and Andy Krohg, Solution Architect at Red Hat, presented “Avoiding Speghettification in Your Transition to Cloud-Native.” While discussing the biggest challenges facing CMS today, they addressed how security solutions are currently being developed in response to widespread vulnerabilities in systems and increases in supply chain attacks. According to Epley, there are several mandates flowing from President Biden’s Executive Order 14028, “Improving the Nation’s Cybersecurity,” and programs, such as FedRAMP, have been given much needed support at a time when federal agencies continue to face new and imminent threats.
During the presentation Andy Krohg asked, “how do we assure security and compliance while leveraging evolving hyperscale offerings in changing federal landscapes?” “It’s all about a platform approach,” Michael Epley replied. These platforms might be on-premise platforms or self-managed platforms that are deployed into the hyperscale cloud environments that add additional capabilities and fill in the gaps for security controls. According to Epley, “These dedicated cloud services allow agency-specific and government-specific customizations to implement the necessary security controls in their environments and provide the evidence to prove that we do need these security controls.”