Greg Touhill is president of Cyxtera Federal Group. A retired Air Force brigadier general, Touhill served in several combatant commands including U.S. Transportation, Central and Strategic Commands and led the creation of the Air Force’s cyberspace operations training programs.
A past deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security, Touhill was the first federal chief information security officer in the nation when he was named to the role in the Executive Office of the President in September 2016.
In addition to his role at Cyxtera, Touhill serves on several boards, including those of Cybersponse, Bay Dynamics, ISACA and the advisory boards of Symantec Federal and CSFI. The author of “Cybersecurity for Executives: A Practical Guide,” Touhill teaches cyber risk management at Carnegie Mellon University.
Why Watch: With more than 30 years’ experience serving the federal government in various roles, Touhill has an insider’s view of the mission and resources necessary to support it. His approach to cybersecurity is tempered with intentional caution against relying solely on technology.
“Cybersecurity is really a combination of people, process and technology, and as a practitioner who focuses on cybersecurity, when I’m developing solutions, I’m looking to address all three of those components,” he said. “I want to make sure that I have the right technology aligned with a properly trained workforce and processes that are effective, efficient and secure.”
When he joined Cyxtera in summer 2017, he touted its capabilities as among “the most innovative and effective in the marketplace.”
“The principle of a zero-trust security model as executed by a software-defined perimeter has proven itself to be extremely effective in protecting high-value assets in the private sector,” he said. “Ironically, it’s the technology that was started by the Defense Information Systems Agency and the Defense Advanced Research Projects Agency, yet it’s the commercial sector that adopted it first. I think it’s something that we’re bringing to the the federal market, and it needs to be adopted as soon as possible to buy down our risk to appropriately levels.”
Touhill advocates for federal leaders to continue to adapt and to account for the fact that data is mobile, cloud-based, on premise and in data centers.
“Continuing with the network or perimeter based approach I think is ineffective and a waste or our time and money,” he said. “We really need to shift to a zero-trust security model that recognizes that our information is everywhere.”
According to Government Accountability Office estimates billions of dollars could be saved if the government were to close most of its 10,000-plus data centers. Commercial sector partners, including Cyxtera, are poised to step in and provide capabilities such as Cyxtera’s unique extensible data center or “data center-on-demand,” he said.
“That provides a platform that presents a much lower cost and greater security for the government and gives CIOs and operational communities the breathing space to look at whether or not they want to retool an application for hosting in the cloud, or posture into the cloud at a time and schedule that is more effective for them,” he said.