Securing California: Revelations from Fi$Cal's Internal Analysis

Fi$Cal, California’s fully integrated budgeting, accounting and procurement system, has both on-premises and virtual systems to serve the 15,000 people who will ultimately use the system.

With such a large user population and multiple entry points, Subbarao Mupparaju, CIO of the Financial Information System for California, leads the department against many threats. On Tuesday, Mupparaju spoke about the department's security efforts during the "Securing California" panel discussion, part of the daylong California Tech Forum in Sacramento. 

“Fi$Cal is unique; it’s one of the largest systems in the state and is used by most state departments,” Mupparaju said.

Fi$Cal took time to “decompose security” to look at key issues that all agencies should consider, according to Mupparaju.

“You have to think security even more carefully, right from the time you are architecting systems,” Mupparaju said.

The audit revealed areas to be protected in all agencies:

• Malware defenses including defense against ransomware
• Data protection through encryption and replication
• IP filtering including a GeoIP filter to prevent external nation-state access
• Data and application integration
• Monitoring and journaling to compare changes to data and access
• ID and access management
• Tech recovery to speed the recovery process when an attack occurs

Fi$Cal itself has already implemented tech upgrades, malware protection services, monitoring and auditing of business transactions. AT&T correlates all journaled data and provides a 24/7 security center to assist when a breach occurs. This also offers continuous threat intelligence to the department.

The department is considering creating a third data center.

"Security is pretty broad, and pretty deep," Mupparaju said.

This story was originally published by Techwire.