There is a rising star in the world of IT and cybersecurity, it has been on the rise for years, even decades, but recent events have propelled it to even grander heights. Having a grasp on this element can make cybersecurity more effective and provide a better level of operation for any agency. However, its use remains somewhat of a mystery as government IT learns what to do with it, and perhaps more importantly how to safeguard it. We are, of course, referring to data, the functional lifeblood of the modern hybrid workspace.
Data has developed somewhat of a second life, in no small part due to the COVID-19 pandemic encouraging hybrid-work strategies, but how has it reiterated the importance of secure government IT? In a recent podcast from DLT, Chris Roberts, Federal Technology Director at Quest, spoke at length about the many changes that have occurred through the federal government and what it means for the importance of data moving forward.
Recent actions from the Biden administration have placed outsized importance on bolstering the nation’s cybersecurity, and part of that is addressing the risks of data breaches. In this environment, the storage and protection of data are poised to become a central component of any and all cybersecurity plans into the future. But as Roberts notes, this will require radical changes to how agencies collect, process, and secure data.
“Data is a double-edged sword,” Roberts began, “We have this habit where we tend to collect more data than we actually need” resulting in what some in the industry refer to as “Digital Exhaust.” Storing this much data is, itself, a tough order, but adding on top of that the need to protect it all makes the process even more complex. “New federal legislation governs how we manage data across all platforms where it’s stored, and particularly who has access to it.”
This legislation was not developed on a whim, with the EU’s GDPR gaining supporters across the Atlantic, there are many questions about what US citizens can expect in terms of privacy and security of the information they provide. Given that the government has adopted a digital transformation mindset and has begun to move some operations to the cloud, there are even more concerns about the safety of data. “If you put data into a cloud, well now it’s your job to ensure that you’ve got the right rights and privileges around that data.”
Roberts offered up the following three pieces of advice to secure government IT data as effectively as possible:
Adopt a zero trust approach
Zero trust is one of the most effective and efficient ways to secure government IT data. Its role in the future of any effective cyber safeguard is without question, but it bears repeating that agencies need to work into their mandated plans some form of zero trust, or the least-privileged model as it was previously referred.
“It is unavoidable,” Roberts noted in regard to zero trust, “[With the level of activity from adversaries] in both the private and the public sectors, we are at the point where it is a national imperative.” There is also an element of responsibility that Roberts refers to, noting that up until recently many have treated cybersecurity as “something someone else is going to handle,” but now “everyone has to consider security as part of their job.” Zero trust ensures that no matter what level an employee is at, in the event that their system is compromised the data they have access to remains behind further levels of security.
Teach your employees cyber-literacy
The cloud is easy to simplify but there are a lot of nuances that are lost when referring to it as “a spot where data is saved off-prem.” In the world of the “knowledge-worker” helping employees to understand IT infrastructure can be a useful tool in helping them to be safer. Roberts points to, specifically, understanding how data is stored in the cloud as a prime example.
“One of the aspects of the cloud is that there can be multiple tenants, these are public clouds where non-sensitive data can be stored.” For more sensitive data, sorting in specific “secret” clouds is of utmost importance. “You can protect [and secure government IT data] by ensuring it is in a specific cloud, and limit access to it for specific applications,” but saving data in the wrong place can result in easy breaches. Hybrid workers must be made aware of the different servers they have remote access to, and boosting cyber-literacy is one of the many ways to bolster their knowledge.
Modernize your infrastructure
Part of the issue with working to build a new, more robust cybersecurity infrastructure is the need for new and modernized tools. Roberts notes that this doesn’t refer to just servers or other large boxes that are stored in the basement but can include software as well. “Modernization can apply to infrastructure… but also applications.” As extreme examples of software in need of modernization, Roberts referred to a code written in 1974 which remained in use until very recently, and an agency that still used tapes to store data.
“Modernization can apply to both hardware and software, but the real question to ask right now is when do you modernize?” Roberts noted that the rapid iteration of IT tech can make it more challenging to invest the financial resources to upgrade. He stressed that agencies should be more concerned with meeting their needs and requirements first, and in that process looking at their options for solutions and whether they accept iterative upgrades easily.
Roberts insights into the role that data plays are further discussed in the podcast available at the link below, but ultimately, data’s importance is without question. Safeguarding it while in storage, and ensuring that operations can use it when needed, form the thrust of the modern requirements for agencies. Thankfully there are many cybersecurity professionals out there ready to help find the right solutions for the right challenges.
To listen to the full podcast, click here.
To learn more about how Quest solutions can help secure government IT data, click here.
