In an op-ed piece for Nextgov published Wednesday, Ammon highlighted how IT and security monitoring are traditionally separate roles in many organizations.
Federal leaders should unlearn that setu to gain a better view of an architectureâs vulnerabilities and how best to mitigate the risk, according to Ammon.
âMost security incidents are merely symptoms of a combination of inadequate IT operational security controls, lack of defined and automated processes and lack of attribution,â Ammon said.
Building prevention into any platform will entail full support from the leadership and the adoption of continuous monitoring and least privilege, he added, noting that the formula is contained in the General Services Administrationâs Federal Risk and Authorization Management Program and the Department of Homeland Securityâs Continuous Diagnostics and Mitigation program.
“Departments and agencies should be replicating an existing successful model with least privilege enforcement and full attribution. Failure to adapt will leave contractors vulnerable to more efficient and secure IT operational models implemented by FedRAMP-authorized providers,” Ammon says.