The new administration has issued a clear mandate for change within government. Success depends on a strong IT foundation that will support transparency, which hinges in part on the ability to rapidly communicate sensitive data while protecting that information from unauthorized access.
Even with successful access controls and hacker-proof network security, it is still far too easy to inappropriately e-mail sensitive data, print financial documents, copy private information onto a portable USB drive or worse. Here are five actions you can take to build a foundation for an effective data protection program:
End-user training is essential, but don’t depend on users to secure data. Many users view security as the IT department’s responsibility. They put mission needs first and expect the IT department to ensure that information security is transparent to their need for access — anywhere, anytime. To counter this, use end-to-end and stored-data encryption.
Consider carefully all notebook computers and USB drives. Encryption technology allows secure portable storage and ensures that files remain encrypted wherever they are transferred. Having convenient two-factor authentication, such as a thumb swipe and a password, is important to securing access. It is equally important to have an enterprise-grade endpoint solution integrated with the overall security architecture. Point solutions that require intensive administration can quickly become too costly to administer.
The central control console should provide device and content-based filtering, while monitoring and appropriately blocking confidential data transfer to any removable storage device.
Powerful DLP technology uses a central console to protect information assets regardless of how that information is stored, secured or communicated. The DLP program needs to provide comprehensive information protection across three areas to truly secure data across the enterprise:
Although powerful tools exist, none can make all data completely secure. It is important that all stakeholders within an agency understand each tool’s capabilities. Agreement is needed on the steps required to prioritize data to be protected and incrementally implement capabilities to monitor, alert, provide content protection and generate compliance reports.
In government, BlackBerrys have become part of the foundation for wireless data security. A reason for their proliferating use within organizations is their enterprise management capabilities for end-to-end encryption, stored data encryption and access control.
Password authentication is made mandatory through the customizable IT policies of the BlackBerry enterprise server. By default, password authentication is limited to 10 attempts. Be careful — the device will erase the memory automatically after the 10th unsuccessful attempt.
It is then not just a matter of calling the system administrator to reset the password. Your smartphone is now useless and will have to be replaced. Users need to know this so they don’t keep trying the wrong password.
A great access control improvement is two-factor authentication using a smart-card reader. The smart-card reader hangs around the user’s neck, holds the smart card and has a wireless connection to the BlackBerry. An option for a physical connection for additional security is also available.