Earlier this month, I wrote an article for CIO Review, "Government IT - The Data Debate," on the information security challenges faced in the government sector. Nowhere is there a more regulated space within which IT must work to protect large amounts of sensitive data and guard against security incidents that may put the data (and the organization) at risk. All on an ever-diminishing budget, of course.
I spent the early years of my career at a university working on IT projects with state agencies involved in federal programs, so I'm no stranger to the challenges IT faces in the government sector. When it comes to data breaches, governments are under the most public scrutiny, so the prevention of leaks is vital. Many government agencies work with confidential personal information (academic, financial, medical), so protecting this data is not only of legal and regulatory concern, but also a matter of good stewardship.
In the article, I share my experiences in helping secure government data. Given the proliferation of devices and the mobility of employees, it's now more difficult to identify and protect the data in use, particularly given how creative employees are at trying to circumvent rules meant to protect data. The first step is identifying: what data is in use, where it's stored over its lifecycle (online, backups, archives), and who uses it (using monitored access controls).
By understanding these data security parameters, managers can prioritize security improvements based on those areas with highest risk. Data protections should include:
The final part of my article looks at some of the more recent challenges to the government sector, including cloud services, social media and BYOD, as well as my insight on the risks these could introduce.
There are many products and technologies that can help secure data, though in the end it's about more than technology, it's also about the strategy that supports these technologies. I'd love it if you offered your insights on my article here.