With such a large user population and multiple entry points, Subbarao Mupparaju, CIO of the Financial Information System for California, leads the department against many threats. On Tuesday, Mupparaju spoke about the department's security efforts during the "Securing California" panel discussion, part of the daylong California Tech Forum in Sacramento.
“Fi$Cal is unique; it’s one of the largest systems in the state and is used by most state departments,” Mupparaju said.
Fi$Cal took time to “decompose security” to look at key issues that all agencies should consider, according to Mupparaju.
“You have to think security even more carefully, right from the time you are architecting systems,” Mupparaju said.
The audit revealed areas to be protected in all agencies:
- Malware defenses including defense against ransomware
- Data protection through encryption and replication
- IP filtering including a GeoIP filter to prevent external nation-state access
- Data and application integration
- Monitoring and journaling to compare changes to data and access
- ID and access management
- Tech recovery to speed the recovery process when an attack occurs
The department is considering creating a third data center.
"Security is pretty broad, and pretty deep," Mupparaju said.