Dell Software and Market Connections recently launched a study, which revealed that half of government agencies do not address network vulnerabilities proactively, impacting security compliance and the ability to respond to threats.
Both organizations recently hosted a webinar that provided in-depth insight into federal IT governance, risk and compliance (GRC) and how agencies can best achieve continuous compliance.
FedPulse recently had the opportunity to speak with Tim Sedlack, Senior Product Manager at Dell Software, about the findings of the study and much more.
FedPulse: Tell us about why Dell recently implemented a study about Federal IT Risk & Compliance?
Sedlack: We know that federal resources are constrained when it comes audit and compliance requirements. In addition, the entire GRC toolset for the government is being overburdened under requirements such as HIPPA, FISMA and NIST.
As such, we commissioned a study to determine to what extent agencies are using the right tools and software to help with these efforts. We also wanted to uncover insights into how many automated tools are being used, and determine the critical need for the types of solutions Dell offers.
FedPulse: Can you provide us with some findings from the study?
Sedlack: We uncovered some pretty interesting insights. For example, we found that 54 percent of federal IT organizations rated themselves as being “fair” or “poor” when it comes to providing managers and auditors with evidence of appropriate IT controls.
This does not mean that they are not doing their jobs. It just points to the fact that government GRC efforts are now under the gun and that things are moving very quickly and keeping up can be a challenge.
We also saw that the more reactive agencies, those that rated themselves “fair” or “poor” were significantly more concerned about manpower, adherence to security policies and lack of a GRC strategy than their counterparts who are proactive. This indicates a need for tools that will help them manage security and compliance without requiring additional management time.
Most important to us was that 81 percent of respondents cited the importance of having audit-ready, real-time reporting capabilities. Respondents also understood how these capabilities not only ease the compliance process, but also keep agency networks more secure.
FedPulse: Tell us about what you covered in your recent webinar with Market Connections.
Sedlack: In the webinar we introduced why we worked with Market Connections to gain the right insights into the federal IT risk and compliance landscape, as well as better understand customer needs and desires. We also discovered insights into how they are handing GRC efforts to date.
From there, we wanted to draw attention to where they have concerns and how to do internal self assessments, as well as showcase the tools and services that Dell offers to allow them to achieve continual compliance. Getting ahead of compliance is one of the most critical factors that we highlighted in the webinar.
Finally, we also showcased a number from our federal customers who have used our solutions for achieving continuous and automated compliance.
FedPulse: Why is (GRC) software vital for keeping data secure and allowing agencies to be in compliance with federal mandates?
Sedlack: As I mentioned, compliance requirements for federal agencies continue to increase and they need the right tools to manage this process. The right GRC software allows for this process to be fully automated and allows agencies to “get in front” of compliance and to get on solid ground when it comes to achieving the right levels of security.
FedPulse: Anything else to add?
Sedlack: I would like to highlight that Dell offers full GRC lifecycle solutions that help agencies gain full visibility – across multiple resources – into their compliance efforts. This ultimately makes it easier for government auditors to gain the right insights and information for managing their compliance efforts.
We would like to thank Tim for taking the time to speak with FedPulse. To listen to the archived webinar, click here.