March 3, 2022

-
min read

Cybersecurity at the Tactical Level: The Importance of StateRAMP

Here in the United States, we often focus on the cybersecurity readiness of the federal government. The reality is that state and local government departments are just as, if not more vulnerable to cyber attacks.

Nearly one quarter of their employees use personal devices for work, where security teams have little visibility, enabling threat actors to execute phishing and other malicious activities. These risks will only continue to grow as in-person services continue remotely. To close these security gaps, both federal assistance and clear cybersecurity standards are critical. 

Much needed monetary support was recently provided by the federal government as part of the November 2021 $1.2 trillion infrastructure bill. In terms of effectively meeting security objectives, this is where StateRAMP comes in. The nonprofit organization, with representatives from state and local government leadership, industry experts and private businesses, accelerates security adoption by proactively identifying vendors.

Lookout is honored to be part of this movement, as our Mobile Endpoint Security solution was recently included as part of the inaugural StateRAMP vendor list.

The StateRAMP compliance verification is modeled after FedRAMP and requires an independent third-party audit delivered to the StateRAMP Program Management Office for review. With its Moderate Impact rating, the Lookout solution has met 325 security controls required to handle sensitive, unclassified data and safeguard critical government systems.

To ensure the entire nation is cyber ready, we need to shift our thinking. This blog breaks down what has changed in the security climate and why StateRAMP is a key part of the solution.

Digital services and telework are here to stay

During the COVID-19 pandemic, both the public and private sectors shifted services online and sent employees home to work remotely. Interactions between state and local governments and their constituents that used to happen solely in person, whether in education, public safety or social services, are now carried out over the internet, using cloud services and mobile devices.

While this has made our lives as citizens a lot more efficient, saving us trips to renew driver’s licenses or visit a doctor from the comfort of our home, it has also created new threat vectors for attackers to exploit.

The nature of cyber infiltration is that it only takes one successful attempt for an attacker to gain access to the department’s infrastructure, move unchecked throughout government networks and gain access to sensitive data.

Rather than tackle these new gaps in isolation, state and local governments need the resources and expertise of the federal government and the private sector. This is why it's great to see the creation of the StateRAMP Authorized Vendor List.

StateRAMP accelerates the adoption of critical security measures

The StateRAMP certification could not have come at a better time. As governmental organizations adjust to a less centralized working environment, they need to rapidly onboard new security solutions.

With a robust private-public partnership behind it, StateRAMP leverages the National Institute of Standards and Technology (NIST) Special Publication 800-53, a widely accepted catalog of security and privacy controls for information systems and organizations, to approve security providers.

Mobile and cloud technologies have pushed the boundaries of how governments can serve its constituents, but it requires new security strategies and technologies. By leveraging a pre-approved list from FedRAMP, it enables governments to embrace digital transformation while safeguarding its teleworking environment.

Visit our website to learn more about Lookout Mobile Endpoint Security and how it can protect state and local government organizations.

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
  • How an integrated endpoint-to-cloud security platform can detect threats and protect your organization

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
  • How an integrated endpoint-to-cloud security platform can detect threats and protect your organization
Collaboration

Book a personalized, no-pressure demo today to learn:

Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.