Page 27 - Cyber Warnings
P. 27
- New technologies and innovations: As the public sector adopts new technologies and
innovations, data security becomes more complex.
Internet of Things (IoT), mobile and cloud create not only more data for hackers to
target, but also increase the surface area for attacks, including more devices,
connections, and networks.
- Legacy systems: A major challenge faced by government agencies is the dependency
on legacy applications and platforms with limited native data security options.
These sometimes decades-old systems may no longer have vendors that supply
patches or otherwise maintain the code, making it vulnerable to hackers.
- Limitations of traditional security: Common cybersecurity measures only protect data
indirectly. For example, firewalls and intrusion prevention systems operate
predominately at the network level.
Likewise, desktop antivirus software works to stop the spread of malware infections, but
none protect data directly.
- Gaps in data protection: Most data-protection techniques shield only stored data.
While helpful when equipment is lost or stolen, it doesn’t protect data when it is in-use.
Data is exposed to attack when it is decrypted and retrieved from an encrypted database
and before it flows through an encrypted link.
- Compliance: Stringent data-privacy requirements make greater data protection.
Agencies must comply with federal standards and regulations such as the Cybersecurity
Act of 2015, DFARS CUI, and the National Institute of Standards and Technology
(NIST).
Why data needs a new approach to protection
In an ideal world, sensitive data travels in well-defined paths from data repositories to a well-
understood set of applications.
In this scenario, data can be protected by armoring the repository, the links, and the applications
using point solutions such as database encryption and SSL network connections.
In real systems, data travels everywhere. Today’s IT environment is a constantly shifting set of
applications running on an evolving set of platforms.
27 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
