By Carolyn Duby, Field CTO and Cybersecurity Lead, Cloudera Government Solutions
As a key component of President Biden’s December 2021 Executive Order on citizen experience, government agencies must be committed to ensuring an effective, equitable and accountable team that meets the needs of the people. By taking full advantage of the power of data, they can target specific goals to achieve this mission. In fact, this was recently codified as part of the Federal Data Strategy, which serves a stated mission to “fully leverage the value of federal data for mission, service, and the public good.”
However, without a thoughtful data security strategy and clear data governance policy, efforts to prioritize data could not only hinder innovation, but ultimately put an organization at greater risk of setback due to a cyberattack.
With so many vectors ripe for exploitation, a strong data governance policy that requires strict data security practices can provide end-to-end protection across a network, serving as a failsafe against unpatched vulnerabilities, insider threats and other less-visible attack methods.
Public Sector is a Target
In response to the increasingly sophisticated malicious cyber campaigns that threaten the public sector, the federal government is prioritizing identifying, deterring and protecting against malicious actors, as outlined in last year’s executive order on cybersecurity.
In addition, Congress and the federal government are placing an increased emphasis on vulnerabilities and software supply chain. The OMB mandate to comply with NIST’s Secure Software Development Framework, as well as the House’s FY2023 National Defense Authorization Act both highlight the recurring issue of software vulnerabilities and call for greater defenses against network entry points.
The recent Uber breach showed how organizations often prioritize securing entry points to the network. However, once the initial layer is breached, security often dwindles as attackers traverse deeper. With this breach, attackers gained access to several internal systems through stolen credentials and manipulated multifactor authentication and were then granted access to a massive amount of information with minimal resistance.
For holistic protection, agencies should adopt data governance and security policies from a risk-based perspective that mandate solutions providing real-time mitigation, such as spotting unusual activity on a network and investigating, as well as ongoing protection through methods like data backup and encryption, so that even in the event of an incident, the data can be recovered. In addition, a data governance committee can ensure the right people are available to enforce policies and standards, as well as solve issues in times of crisis.
Building a Strong Framework Through Reliable Data
The federal data strategy focuses on 10 different principles covering areas such as ethical governance and conscious design, and homes in on leveraging the use of data for the public good by prioritizing data governance, protecting data integrity and leveraging data standards.
Data governance policies should not only ensure data is secure, but also enable trust. Agencies should be able to reasonably rely on policies and solutions that balance privacy, transparency, security and regulatory compliance. They must eliminate bias and ensure internal teams and third-party counterparts can leverage data in a manner that’s equitable and ethical.
Unreliable data can lead to inefficiencies and be complicated by incorrect decision-making that can be counterproductive to the business value it brings. This can also lead to challenges meeting government compliance initiatives like FedRAMP and CMMC 2.0.
It’s simply not possible to solve tomorrow’s problems with yesterday’s technology. To realize the agility required to support digital transformation, agencies must proceed with the technology, attributes and culture required to quickly collect new data sources, build new data products and applications, while delivering actionable insights.
Having a strong framework puts agencies on a path of the highest level of data utilization and can ensure data is secure and reliable. With the framework in place, agencies should look to create a culture that promotes and encourages the use of near real-time data to drive every decision – stale data and information can send teams down an incorrect path that leads to poor decision making and conclusions, while also enabling a cybercriminal to take advantage of the poorly managed data-situation.
A Data Driven Culture
Data has the power to further mission objectives by allowing leaders to act based on thorough insight and information, better serving citizens and influencing the public sector to operate in a way that exemplifies a shared commitment to learning. To accomplish the most ambitious goals and improve citizens’ lives, agencies are increasingly relying on an open AI and ML collaboration that connects research and services with cutting-edge data products.
To fully realize the potential of data, agencies must establish a data-driven culture – collecting and analyzing data in motion to make data-based decisions that support the public good. Creating organizational buy-in to a data-driven approach can be done by creating a diverse culture of support, ensuring transparency so AI-generated decisions are explainable and justifiable, as well as making any automation as measurable as possible.
A solid framework and data-driven culture can simplify the decision-making process and enable decision-makers to implement critical solutions and approaches that ultimately serve the greater good of citizens – But it all starts with strong data governance and security.
About the Author
Carolyn Duby is the current Field CTO and Cybersecurity Lead at Cloudera Government Solutions. With nearly three decades of experience, Carolyn spearheads the digital transformation efforts for Cloudera’s customers and delivers high-performance, data-intensive applications in a variety of industries.