Breaking Down the NASCIO Top 10 for 2023

This post is also available in: 日本語 (Japanese)

The National Association of State Chief Information Officers (NASCIO) recently released its annual State CIO Top 10 Priorities for 2023 survey results. This survey asks 51 state and territory CIOs to rank their top policy and technology priorities for the coming year. 

It should come as no surprise that cybersecurity is, once again, priority #1 for state CIOs. Why? Perhaps it’s because none of the other initiatives on the list (not even hybrid work, legacy modernization or cloud adoption) can succeed without a solid cybersecurity foundation. In fact, cybersecurity directly affects most, if not all, of the nine other priorities on this year’s NASCIO Top 10 list. 

Priority #1: Cybersecurity

Cybersecurity has held the #1 spot on the NASCIO Top 10 list for the last 10 years. In the last few years, we’ve seen a shift in cyberthreats from state-sponsored threat actors to the rise of well-funded, highly motivated private organizations. And, they’re innovating faster than ever before. But, it is possible to beat them at their own game, no matter how quickly they move. With the Palo Alto Networks platform approach to building and operating a modernized, future-proof security framework, you can integrate cybersecurity into every initiative to protect data and ensure continuity of services.

Priority #2: Digital Government/Digital Services

Having a consistent cybersecurity posture is now more important than ever. Most state and local government agencies have a patchwork of nonintegrated, siloed security solutions of various maturity levels across their business networks, endpoints and clouds. But, with data traveling across the IT landscape, it is critical to implement consistent security configurations across your on-premises, cloud and SASE environments.

That consistent security posture should be inclusive of any initiatives around modernization, consolidation or digital government/digital services. Palo Alto Networks takes a holistic approach to cybersecurity across the organization. Instead of applying unique security controls to every new project, you can ensure the same rigorous levels of security everywhere.

Priority #3: Workforce

According to Gartner, a lack of skilled talent is the greatest barrier to the adoption of emerging technologies. Gartner even goes so far as to say that the cloud skills gap in particular, “has reached a crisis level in many organizations.” In cybersecurity specifically, unfilled positions have increased 350% since 2013.

Building a talent pipeline is important for state and local government agencies to overcome the IT skills gap, particularly in cybersecurity. Through our Cybersecurity Academy, we work with educational institutions from high school through college to create a pipeline of cybersecurity talent for the future. Students can take courses on everything, from cybersecurity fundamentals to operating a security operations center.

Of course, automation will also help state and local agencies navigate around the skills gap by harnessing AI and machine learning to protect against an increasing volume of automated attacks. Automation levels the playing field, making cybersecurity more effective and boosting morale. Last month, at Ignite ’22 in Las Vegas, we heard from the State of North Dakota about how they were able to automate 99.999999% of alerts, which enables them to both attract and retain top cybersecurity talent.

Priority #4: Legacy Modernization

Legacy modernization shouldn’t require you to sacrifice your security posture. Palo Alto Networks enables you to keep your legacy systems secure while you plan and complete migrations. Cortex XDR protects legacy Windows, Windows Server, MacOS and Linux systems. And when you apply a Zero Trust strategy in your legacy environment, you can ensure that you’re following the principles of least-privilege to limit access to those specific resources.

After you’ve modernized, the Palo Alto Networks security posture also uses modern and next-generation security controls to help keep your modernized systems safe. Modernized applications generally take advantage of cloud-native deployment methods and APIs, and they are deployed in a way that is more accessible to the end user. 

Palo Alto Networks provides security controls that take advantage of these technologies to better secure your modern applications. With containerized NGFWs, cloud-native API security (more in #6), and an industry leading SASE solution, you can rest assured that your modern applications will have the robust security posture that you've built out for the rest of your environment.

Priority #5: Identity and Access Management

Spoofing an individual’s identity is a leading way for cybercriminals to circumvent security controls in your environment. Multi-factor authentication (MFA) is critical. But, even if your systems don’t support MFA, Palo Alto Networks can serve as your IAM enforcement point before access to the system is even granted, essentially positioning MFA upstream of your applications.

Priority #6: Cloud Services

Today, hybrid, multi-cloud is the norm. Most organizations don’t standardize on just one cloud. Why pick just one cloud? There are business benefits to retaining the flexibility of running your applications and workloads in the best cloud for the job. However, you still need consistent cybersecurity controls across all your various cloud environments. 

This drives the need for a cloud-native application protection platform (CNAPP) that provides consistent security across major cloud service providers. In Palo Alto Networks language, that’s Prisma Cloud, our comprehensive cloud-native security platform.

Priority #7: Consolidation/Optimization

Palo Alto Networks is continuing to have more conversations with customers around consolidation. As our CEO Nikesh Arora recently told Mad Money’s Jim Cramer, “Suddenly, the number one priority, in addition to being secure is: ‘Can you help me do that without increasing costs?’”

By consolidating and simplifying their security postures, organizations can shore up their cybersecurity while reducing their spending on disparate point solutions. Remember the State of North Dakota? In addition to achieving incredible levels of automation, they were able to save $200,000 per year from high-priority analysis and threat remediation alone.

Priority #8: Data and Information Management

Managing data and information has always been a key focus for many organizations, and it will remain an important priority going into 2023. Data loss prevention (DLP) is a critical element of data management, and keeping sensitive data safe and private is more challenging than ever.

Implementing a DLP solution that enforces consistent policies across SASE, on-premises and cloud environments makes DLP easier. The Palo Alto Networks DLP solution provides a centralized DLP dashboard that allows you to deliver data privacy and compliance consistently across your IT landscape.

Priority #9: Broadband/Wireless Connectivity

When we say, “consistent security across all environments,” we mean all environments. With state CIOs focused on strengthening statewide connectivity, expanding rural broadband and deploying 5G, mobile users and devices are more at risk than ever. Palo Alto Networks offers solutions, such as our ML-Powered NGFW for 5G. It is specifically designed to identify infected devices and block known exploits, malware, malicious URLs and spyware in 5G environments. And, we are continuing to strengthen our 5G security offerings.

Priority #10: Customer Relationship Management

Although this is not directly related to a product we sell, many organizations utilize the data they collect from their network, endpoint or cloud security posture to ensure they are meeting their SLAs for security. Palo Alto Networks provides reporting and dashboard capabilities across our products to help your IT and security operations teams understand where improvements need to be made. 

For example, in the Palo Alto Networks security operations center (SOC), our SOC team secures more than 8,000 employees, 20,000 endpoints and 13 data centers against roughly 500 billion threat events per month. 

After modernizing our approach to security operations, we’ve seen significant improvements. Detecting and remediating malicious emails used to take around 30 minutes, now it takes 10 seconds. You can sign up for a SOC tour to learn more about what we do in-house to protect the world’s largest cybersecurity company.

Palo Alto Networks Is 10 for 10

Taking a platform approach to your cybersecurity initiatives is a great first step to addressing many of these concerns through a holistic approach that enables consistency. See why so many customers choose Palo Alto Networks as their cybersecurity partner of choice. For more information, visit our state and local government website, or contact your Palo Alto Networks representative.