Ranking and prioritizing data based on its criticality to the mission is key to a secure and intelligent data strategy, according to comments from Department of Homeland Security data leaders and a new white paper from Commvault, a data management software company.
Immigration and Customs Enforcement Chief Data Officer Ken Clark said “knowing your data” helps build the framework for a savvy cybersecurity strategy.
“It's important to really know what your data is and your sensitivities,” Clark said at an ATARC event last week. “In my area, we're dealing with law enforcement data, some of which is classified. With 853 requirements and FedRAMP certification, that's all important — but really, back to basics, know your data.”
Commvault recommends federal agencies and companies ask three questions when evaluating their data within the context of cybersecurity:
- What happens when we lose our network?
- What key operations must be protected with true “fail safe” environments?
- What must be restored first if a major event occurs?
“Remember, ‘less is more’ should be your guiding principle,” writes Commvault Director of Strategic Initiatives Richard Breakiron. “Use prioritized planning to get rid of the non-essential data and information and processes. Look for ways that can be an automated process to manage the scale.”
DHS Chief Data Officer Support Patricia Hammar believes an intelligent data strategy not only boosts security, but also interoperability.
“As we've grown we've been able to really manage data at a lower level so we have more access to specific elements, fields within the data (and capabilities),” she said during the ATARC webinar last week. “It allows us to minimize our releases so we can share more effectively. The only way I know how to share is the entire file or dump, that never increases sharing. If you can just share elements, you can start to tailor that and give people what they need and nothing more. With a minimization technique and access control, you can maximize use with your data, especially when you deal with sensitive data.”
Federal agencies that run lots of “fire drills” can make sure they’re ready for a cyberattack. But sometimes fire drills aren’t enough.
“Intelligent data management requires integrated threat and anomaly detection to support security and business integrity, and operational preparedness,” Breakiron wrote in the white paper. “Integrated threat and anomaly detection, in this case, is an augmentation to the defense-in-depth approach — it is not meant to be a specific cyber sensor. Still, it works instead as a best business practice.”
Breakiron also warned against relying too much on software backups in the event of an attack.
“While backing up data has always been a core to recovery readiness, ransomware attacks now target these copies,” he said. “Bad actors recognize that without holding the backup data hostage with the operational data, they lose their leverage.”
To mitigate this concern, Breakiron recommends using the NIST Cybersecurity Framework to evaluate software solutions that advertise backup isolation so that if one backup fails, a federal agency can restore another.
Sometimes data security is at odds with digital transformation, but Breakiron believes the right solutions and the right mindset and cultural environment helps integrate the two.
“Providing data security while providing maximum flexibility for ‘ease of administration’ of software is a constant tension point in digital transformation,” he wrote. “Securing data and providing protection for concerns such as privacy, theft, corruption and deletion, whether by internal, external threats, either malicious or accidental, are critical elements of data readiness.”
But managing data with a risk-aware mindset requires a big culture shift.
“I know there's always challenges, but the toughest challenge I’ve experienced is how you're going to change behaviors, and the human aspect of data and data use,” Clark said at the event. “We're trying to get collective action across multiple partners in the enterprise and looking at data stewards and such. You have a balance, the technology pieces and non-technology pieces, but you're really trying to get that behavioral change not only at the individual level but at the interagency level. That's really important.”
As DHS improves data management, readiness and security to facilitate interoperability between components, Hammar thinks the department can solve bigger interdepartmental problems that it was unable to address before.
“We have a good opportunity right now with the change in administration,” Hammar said. “We had the same data we had, mostly, a year ago, but some different questions are being asked of the data now. It's a good education time for senior management to say we're going to use this data in a different way than it was being used maybe a year ago. You're asking a new questions but someone's going to ask another new question in three months. It helps us explain to them why it's important and ask different questions for it.”