City of Boulder: National Leader
With $4.8 million in budget, the City of Boulder's IT department consists of 40 employees that provide industry-leading solutions to citizens and staff. Services and access are provided through a citywide, high-speed infrastructure encompassing multiple office locations. In addition to the sophisticated infrastructure, the IT department is responsible for the deployment, development, and maintenance of critical City operational systems. Though a city government handles public information and operates under open records laws, many of these systems contain private information. Ensuring the confidentiality and integrity of information (police, personnel, HR records, etc.) is essential to the ongoing operation of any business, including a city. Through the Looking Glass
Having a large IT footprint provides many opportunities for technology variation as a result of operating needs. In addition, the varying levels of staff experience and knowledge can make achieving a secure IT infrastructure an intricate and multifaceted challenge. "Applied Trust's security assessment and reporting helped to highlight areas of our IT security that had not been adequately addressed."
-Christopher Puccio, Director of IT, City of Boulder | Beginning with minimal environment information, Applied Trust presented a bird's eye view of the security profile of the City's IT infrastructure. With this starting point established, Applied Trust then took an in-depth look at the individual infrastructure issues identified, seeking root causes, prevention strategies, and dependencies. Throughout this process Applied Trust worked closely with City IT staff to ensure there was no impact on the City's day-to-day business. The vast number of vulnerabilities and corresponding patches that are released almost daily complicates the ongoing maintenance of deployed systems. Applied Trust's deep technical knowledge and experience in this area has helped to target the City's most critical vulnerabilities, allowing City IT staff to concentrate on other priority issues. Not Just Servers and Routers: Secure Practices
The implementation of technology-based solutions is no minor task. Oftentimes the technology being implemented takes center stage over more fundamental operating concerns. Just as technology vulnerabilities are exploited, practices in using technology can pose as great a risk to an organization. By examining human interactions and information flows, Applied Trust was able to identify areas of improvement to secure daily operations and complement the City's use of technology. | Working Together: Securing IT
Often in the case of third-party auditing activities, internal staff members feel threatened by an outside set of eyes. Additionally, outsourced staff are typically very task-oriented, thus preventing a deeper, more fundamental involvement with daily operations. Applied Trust works closely with organizations' IT staff members to identify network vulnerabilities and to prioritize mitigation of these vulnerabilities, ensuring a more secure, efficient network environment. "Applied Trust's collaborative approach involved our staff during every step of the process and exposed them to new ideas and processes that we are now implementing. In addition, we have improved our security knowledge and skills to help ensure long-term adoption of a thorough security strategy."
-Christopher Puccio, Director of IT, City of Boulder |
