are in the process of moving to the cloud should seek to ‘move up the stack’ as far as possible to maximize gains from automation. Dropping manual system administration work for software-driven configuration management or moving all the way to Platform as a Service (PaaS) or Software as a Service (SaaS) solutions should be an active part of every roadmap conversation.” Koenig says government officials can also adopt a web-application-firewall (WAF) solution as part of their Internet-facing cloud strategy. “Anything exposed to the Internet will face automated exploit attempts within a matter of hours, so keeping the bots at bay is important, as more governments deliver their services digitally.” A WAF can help protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. Koenig suggests the following exercise for publicsector IT officials: “Local governments will typically want to assess vulnerabilities across two different axes: criticality (how damaging an exploit would be) and likelihood of breach. If you make a 2×2 matrix and plot your systems, the obvious place to focus is on the high/high upper right quadrant.” The 2×2 matrix is a decision-support tool that provides teams and managers with a visual framework that can aid in prioritizing tasks. According to Koenig, governments should adopt basic DevSecOps (development, security and operations) practices for applications deployed by IT to ensure the stability and security of updates.“This is the first line of defense against supply chain attacks, and it guards against edge-cases where minor bug fixes from an upstream source can manifest as regressions or stability issues in your particular implementation.” He also suggests: “Additionally, organizations that 12 CIVIL AND MUNICIPAL VOLUME 05, ISSUE 09
RkJQdWJsaXNoZXIy MTI5MjAx