A recent roundtable discussion in Washington, DC with Federal IT and Cyber leaders focused on the business drivers, challenges and evolving strategies around cybersecurity in government. After an opening presentation by Jim Quinn, the lead systems engineer for the Continuous Diagnostics and Mitigation program at the Department of Homeland Security, the discussion highlighted the need for data security. Key takeaways included:
- A new emphasis on data-level security across government that puts security controls closer to the data itself, rather than focusing on the perimeter.
- The urgency around data security is increasing, with 71 percent of agencies having been breached, which is a threefold increase from three years ago.
- Need to deal with an expanding requirement to add more and more capabilities to mission systems with the understanding that protecting data is part of the mission.
- Agencies that only focus their time, energy and budget on meeting various mandates are having trouble keeping up with evolving cyber threats.
- While agencies have much flexibility in how they acquire, manage and deliver information and services, they are still responsible for protecting their data. Agencies must, therefore, approach data security at the enterprise level.
- Data security is a matter of law. 44 U.S.C., Sec. 3542 directs agencies to ensure the confidentiality, integrity, and availability of government data.
As I’ve written many times before, organizations need to focus on how to transition to a hybrid IT future. The overall information technology marketplace is also undergoing these dramatic shifts toward data-centric security. Data management has moved from the management of structured data into an environment where real-time analysis and reporting of streaming data is essential.
International commerce is also entering an environment of stricter data management regulations and national data sovereignty laws that, if violated, introduce the possibility of punishing remedies and fines. This rapid progression has also driven a massive change in information technology services. Cloud and managed service providers are meeting this need through the innovative creation and deployment of API accessible, immediately consumable, data manipulation services. Enterprise IT organizations have shown themselves unable to keep pace with the blistering increase in the number and breadth of broader IT marketplace services. It’s also not cost-effective or even desirable for them to try.
With the recent focus on data-level security and year-end budget sweeps around the corner, shouldn’t your agency be looking at how to better store and protect its data? Mandates around IT Modernization and Cloud Computing aren’t going away soon either. With cloud and managed service provider data storage solutions so accessible, your current on-premise solution may be hurting your mission in many ways including:
- High CAPEX driven by significant upfront equipment costs lead to poor ROIs with long payback periods;
- High OPEX characterized by recurring power, cooling and rack space expenses;
- Expensive monthly hardware and software maintenance and support fees;
- Excessive system administration cost and complexity all lead to high ongoing operations expenses;
- Obsolescence concerns caused by storage vendors that regularly retire products and discontinue support plans, often subjecting customers to costly and disruptive upgrades;
- High mission operational risk due to an inability to replicate live data to a secondary data center; and
- Complex legacy storage solutions that are difficult to configure and administer.
This post was brought to you by Wasabi Hot Storage
get free updates by email or RSS - © Copyright Kevin L. Jackson 2016-2018)