Local Government Data Center Security Breach Threats and Costs
This article originally appeared on Aug. 2, 2016, and has been revised to bring our readers the most up-to-date technology information.
Local government data centers are struggling to keep pace with the needs of the agencies and constituents they support, and that gap is increasing with the growing amount of security breaches in today's world. How can agencies approach today’s cybersecurity challenges?
Three overarching needs are consistent across almost every data center effort:
- The need to meet the expanding IT demands of the agencies and constituents they support
- The need to effectively manage IT costs, both tactically when budgets contract and strategically when budgets expand
- The need to address new threats and data center security breaches as network technology evolves
Government IT leaders may deploy commodity hardware and open-source software to address these data center security needs. The low acquisition costs for these solutions are attractive, but unless organizations have a large and experienced IT staff, they can find that maintaining these systems requires too much time and effort, potentially leading them right back where they started.
Managing IT costs through data center consolidation
Data center consolidation is also a hot topic on the subject of managing data center cost. Following suit of the Federal Data Center Consolidation Initiative (FDCCI), local agencies are realizing the spend associated with redundant and inefficient infrastructure, long-term. To reduce space and save on energy, agencies can move to a hyperconverged, virtualized infrastructure. Changing locations can even decrease IT costs in some cases.
The path forward requires more than just hardware consulting and migration project management: It requires a strategic understanding of mission-critical systems paired with an open, vendor agnostic approach to appliance and network hardware that accommodates hybrid solutions to achieve mission goals.
Both growth and cost challenges of today's government data centers work within a much larger and more sinister context as well: data theft and loss. With the internet, the Internet of Things (IoT) and the flood of public data being digitized, the big data explosion requires more storage and larger infrastructure, accommodating bigger files and more powerful networks to transport them — all of which incrementally increase data security risks.
A high-profile security breach can cost billions in damages, putting IT infrastructure under intense (often political) scrutiny. With the number of break-ins and the damage they cause on the rise, data centers are forced to perform a high-risk balancing act: driving more data, accessibility and capability without increasing their agencies' or constituents' vulnerability in the process.
Further, emerging mobile and cloud computing models expose state and local governments to new security risks — risks compounded by the social networking and collaborative nature of today's constituents and government workforce. IT managers delivering new mobile and cloud solutions must plan to mitigate the increased risks of data theft, fraud and privacy breaches that result. Unfortunately, such security plans negatively impact agility, maintenance burdens and IT costs, adding another layer to the existing challenges of data center services.
Risk and IT supply chain management
Even supply chain security is a hot topic, with agencies often asking data center vendors, “How do you secure your IT supply chain management?” Agencies need to ensure the security of network devices from manufacture through installation and deployment, combating instances where something embedded into the device’s hardware or firmware may present a network security compromise. Data center discovery therefore needs to include a supply chain element, defining provenance and tracking the logistical path of system hardware, software, appliances and applications along their entire lifecycle.
Here again, an understanding of the missions served by the data center also requires a holistic and comprehensive security mentality that spans far beyond the walls of the data center or even the firewalls of the network security applications. Risk management must peer back to the creation of data center solutions, as well as forward into its deployment for a mobile workforce and constituency.