Earlier this month, the Federal Communications Commission (FCC) voted to stay data security requirements for high-speed internet companies, which would mandate the providers secure customer information against hacking and unauthorized use. At the state level, data privacy and security remain top of mind for government officials.
In fact, states championed Data Privacy Day earlier this year. Launched in 2014 and held annually on Jan. 28, the day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection, according to the National Association of State CIOs (NASCIO). In protecting the digital information of ever-more technology-oriented citizens, state and local officials can garner trust in government and create a culture of security throughout public organizations and private businesses alike.
Here are a few ways state and local governments can look to prioritize data privacy and security on a daily basis.
As citizens’ lives become increasingly digital, more compromising information is gathered and shared by governments on their behalf. To help ensure privacy, six states have already turned to CPOs to help assess data security, said Amy Glasscock, a senior policy analyst at NASCIO.
“When you look at the sort of information that states are collecting, there’s a lot of sensitive information that the states do hold from their citizens. This kind of goes hand in hand with cybersecurity as well. Every state now has a CISO [chief information security officer], so when there is a breach of data, it’s a security issue but also a privacy issue,” says Glasscock.
CPOs can help to evaluate internal policy and education around data, assess the security implications of new technologies, and help create consumer awareness on privacy issues.
Weak passwords are at the heart of many data breaches, but there are ways to encourage stronger passwords or introduce other authentication methods to help protect citizen data.
Security vendors such as RSA Security, Symantec and CA Technologies have been working to drive down the cost and complexity of multifactor authentication and creating technologies state and local governments can implement, such as smart cards or fingerprint and retina readers. Moreover, Intel Authenticate, built into the 6th Generation Intel Core and Core vPro processors, allows for a way to incorporate more secure authentication into the hardware.
These technologies should of course be combined with best practices, including gradually rolling out new authentication methods, architecting layers of security control, introducing more effective single-sign on technology and providing for mobile security.
When state leaders are on the same page about data security and strategy, it can help prevent data mismanagement. By implementing appropriate data governance procedures, states can increase security, control and privacy, according to NASCIO’s official guide on data management strategies.
Think of this process like a sporting event. The overall goal, along with the rule book that the players must follow is something everyone must agree to and understand. The rulebook (process) is defined by the governance organization while the players (people) must follow those rules. You can think of the equipment (technology) being there to help the players follow the rules and play the game to the best of their ability. Imagine a baseball game where there are no rules, no consistent way to keep score or any way to anticipate what is going to happen. The resulting game would be chaos.
While the cloud can provide greater flexibility and cheaper storage for state agencies, protecting data that moves freely between mobile devices and the cloud is proving to be a bugaboo for state and local government IT leaders.
“Consolidation and sharing of services will drive needs to improve identity management, governance and optimization,” NASCIO President and Connecticut CIO Mark Raymond told StateTech.
But governments can look to protect data by embracing some best practices in cloud adoption, including developing a migration strategy that aims to identify and mitigate risks.
As mobile devices like smartphones, notebooks and tablets enter into the daily grind for city and state workers, their networks present new areas of vulnerability for attack and a new way for hackers to access data. Justin Dietrich, CISO of Santa Clara County, Calif., says that thinking strategically about security starts with devising new safeguards for networks and data centers, StateTech reports.
“With mobile devices, the concept of having a perimeter defended by firewalls and other technologies is gone,” he says. “You have to bring protection to the endpoints and to data. We have to understand where every bit and byte is going and why it’s going there.”