That’s the message Kevin Burns, chief information security officer for Massachusetts Office of Information Technology, spotlights in his interview at Government Technology’s Massachusetts Digital Government Summit.
Burns also noted a best practice: Before standing up new a application that's going to host confidential information, he says it's best to use a third-party entity to conduct a penetration test against that code, and make sure that both code and the environment in which it is housed are secure.