Fairfax County, VA needed the ability to register residents to pay their taxes online and provide management for applications in the courts used by both residents and county employees. These needs needed to be met in a way that didn't sacrifice security for usability and recognized that some of the most important tasks for security required automation. The county also wanted to build a solution that avoided vendor lock-in by supporting standard protocols. Finally, the system had to work within the County's existing technology stack without requiring the hiring of specialized resources. In this case study we'll explore how the County implemented the MyFairfax system to achieve these goals from usability, DevSecOps and integration standpoints. We'll discuss several of the challenges we encountered along the way and how we over came them.
The information provided in this presentation does not reflect the stance or opinions of Fairfax County. They are my observations and opinions.
Key Takeaways:
1. How to approach a hybrid access system between residents and employees
2. How to build an automated solution that keeps libraries up-to-dates as vulnerabilities are patched
3. Building a hybrid cloud solution that runs on-prem but uses cloud based services
4. How to overcome challenges in mixed technology stacks
It is no secret that IT infrastructures are well underway in their transition to cloud-based deployments, whether SaaS or IaaS. But what about security controls? With some security controls, such as email, web, and identity management, deploying via the cloud is becoming the standard approach, but what about endpoint, SIEM, network monitoring, and other more traditionally on-premises areas? With security, nothing is easy! Also are we at risk of simply recreating on-premises security controls as equivalent silos in the cloud? Would that really maximize efficiency and efficacy? Isn't this change in architecture an opportune time to rethink and refactor how security controls are designed, deployed, and managed? In this panel, the panelist will delve into the changing nature of security technical controls and will look into the future of security and the deployment of them via the cloud. How far can we go?