Re-imagining Government Data Centers: Part 2 of 2
Part one of this two-part series outlined how the massive growth of data in recent years has dramatically impacted the functions of federal government[BD1] data centers — putting a premium on storage and data security, while working within budget constraints.
Federal agencies seeking to improve data center performance are encouraged to follow a two-step process to determine their needs. Step one addressed in the previous post discussed scoping the needs properly, while step two focuses on information security.
Mission-critical step 2: Implementing data security
Given the enormous amounts of data discussed in the previous step, your next concern is how to keep it secure[BD2] . Among the organizations surveyed in Verizon's 2015 Data Breach Investigations Report, the public sector was the leader in the number of security incidents, far ahead of both the information and financial services industries.
Moreover, , the Ponemon 2015 Global Study on IT Security Spending & Investments concluded that “cyberattacks have increased in frequency and cost to remediate” and “data breach costs associated with detection and escalation increased.”
With the increasing number and sophistication of threats, there is no one-size-fits-all process to manage every data security issue. However, some of the key components to consider incorporating in a federal government data center security program will include:
Threat identification — This includes protocols for asset management, vulnerability assessments and risk management. Perhaps most important for federal organizations, instituting governance will ensure that your data is in compliance with regulatory mandates.
Data protection — Safeguarding information comes down to controlling sensitive data and establishing limits regarding when and where it can be accessed. The processes and procedures include encryption, integrity protection and data-loss prevention techniques.
Detection security — Continuous monitoring, particularly through next-generation firewalls, can provide real-time alerts on cybersecurity threats, including anomalies and intrusions. Pre-empting and mitigating security risks saves time, money and resources.
Response security — Incidence response planning, communications and infrastructure can assist in identifying an attack, containing the damage and restoring the integrity of the network and systems. For cloud users, sandboxing and software as a service may be prudent approaches.
Threat recovery — No system or sensitive data is 100% immune from security breaches, terrorist attacks or natural disasters — and in the event of a catastrophic event, you want to be able to maintain continuity for your employees as well as citizens. Enhancements to security can include a distributed backup architecture, federated deduplication of data or cloud storage.
“Despite the new technologies and trends in security, nothing has really changed. The buzz at 2015 RSA Conference is still on outward-facing threats and point solutions. Don’t look to any one security vendor to solve your challenges; it can’t, and there is no “Easy” button here. While trends may influence your security strategy and provide new technology approaches, you’re still going to need: 1) a security program that addresses people, process, and technology, and 2) a road map for continuing to improve your security maturity. Improving the security program requires a risk-based approach that goes beyond a technical focus and brings together information management, risk management, brand protection, privacy, data governance, compliance, and third-party relationship management. Prioritize building and retaining customer trust to better engage with the business and build a compelling business case for security investment,” according to Forrester Research's Top 11 Trends S&R Pros Should Watch: 2015, published October 15, 2015.
The bottom line on data security
Data centers and security are inextricably tied, whether you are discussing agency-based computer networks or the imminent sprawl of mobile device usage. When seeking the correct solution for an agency, you'll need to consider not only current usage patterns (in the case of data) and threats (in the case of security), but project forward to how they can be adapted in the future. By embracing the best available technologies, and seeking the advice of subject matter experts in each field, you will position yourself and your department for ease of use, compliance and positive end results.
How Insight can help
At Insight, we have a long track record of helping federal agency data centers source and integrate the best platforms and systems to handle their storage and security needs. Our goal is to enable, enhance and deliver in a way that allows federal employees to fulfill their mission: to do their jobs well and efficiently in order that their constituents can enjoy the benefits.
Partnering with Insight means tapping into our significant experience in managing technology and being a trusted advisor for the government sector. To learn more and discover best practices for improving data center functionality, download our free whitepaper, “Exploring Your Options: Reimagining Government Data Centers.”