BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Articles Data Protection Methods for Federal Organizations and beyond

Data Protection Methods for Federal Organizations and beyond

Key Takeaways

  • Some of the most substantial data breaches occur due to human error: theft of hard drives or physical devices misconfigured databases, and mistakes that lead to important data loss.
  • The Federal Data Strategy is a framework describing the US government’s 10-year plan to "accelerate the use of data to deliver on mission, serve the public, and steward resources while protecting security, privacy, and confidentiality."
  • Safe disposal of sensitive data on employees’ PCs and smartphones helps optimize the devices’ performance and data usage.
  • The only reliable way to regain control of your data after a ransomware attack is a valid backup.
  • A well-thought-out backup strategy should include creating backup copies on a daily, weekly, and monthly basis. If malware sneaks unnoticed into daily or weekly backups, you can recover most of your data from a monthly copy.

Data loss or theft is a highly probable and ugly eventuality, which is a problem for those in charge of preventing data breaches. Some of the most substantial data breaches occur due to human error: theft of hard drives or physical devices, misconfigured databases, and mistakes that lead to important data loss involving social security or driver's license numbers, bank accounts of citizens, voting affiliations, and other sensitive data. However, you can prepare for and prevent data loss in the case of a data leak by backing up all critical data. The goal of the backup is to record the data that can be restored.

In this post, we define the Federal Data Strategy framework and explain the responsibilities of a chief data officer (CDO) and the methods to enhance data protection both offline and online for federal organizations. We will take a look at:

  • What the Federal Data Strategy is and why it is important
  • Who should be in charge of data-related workflows in an organization?
  • Which data protection methods can you leverage for a federal organization
  • How you can utilize these protection measures effectively to protect sensitive data

So let’s get started.

Federal Data Strategy: Definition 

According to OMB (Office of Management and Budget), the Federal Data Strategy is a framework describing the US government’s 10-year plan to "accelerate the use of data to deliver on mission, serve the public, and steward resources while protecting security, privacy, and confidentiality."

This framework includes:

  • A mission statement
  • 10 operating principles remaining relevant throughout the strategy’s lifetime
  • 40 best practices that are aspirational goals for 5-10 years
  • Steps to implement the practices

The Federal Data Strategy involves using those points for federal data management guidance and leveraging the value of federal (and federally-sponsored) data. The original action plan was published in 2020, when the COVID-19 pandemic made working from home the "new normal" and set new challenges for data confidentiality and security. The latest Federal Data Strategy Plan update was released in October 2021, wrapping up the successes and lessons learned since the first iteration of the framework.

Chief Data Officer: Responsibility Area

A chief data officer (CDO) is a senior leadership representative who is responsible for the governance and use of data across an organization. What does a chief data officer do? As part of their functions, chief data officers organize and oversee data-related activities, such as:

  • Data governance: monitoring, governing, and consulting on enterprise data
  • Data operations: providing data efficiency, availability, and usability
  • Data innovation: digital transformation initiatives, revenue generation, and data cost reduction
  • Data analytics: providing and supporting data analytics efforts, as well as reports on markets, customers, operations, and products

In many organizations, the responsibilities of CDOs can overlap with those of chief analytics officers (CAOs) and chief digital officers (CDOs). This makes a clear-cut definition difficult to provide. Also, chief data officers can closely interact with the marketing department, particularly with the chief marketing officer (CMO), to ensure efficient data usage for improving sales and relations with customers. 

Data Protection Methods for CDO’s to Apply

The principles and methods of data protection remain the same, regardless of whether the organization is local or federal. And the main principle that the chief data officers and leaders of federal organizations should consider when thinking of data protection methods is thoroughness. 

Check and apply the recommendations for offline and online methods below. These measures, when applied correctly, increase the resilience of your organization’s infrastructure and help implement the elements of the Federal Data Strategy.

Offline Data Protection Methods

Although digital transformation and technological achievements make organizations concentrate on the latest online security principles and standards, offline protection methods remain viable. Implement the following best practices to optimize offline data protection and reduce the probability of a critical data breach.

Safely Dispose of Sensitive Data on Smartphones and PCs 

Safe disposal of sensitive data on employees’ PCs and smartphones helps organizations avoid sensitive data leaks by irreversibly wiping out data from drives. For example, consider using a specially designed application to overwrite hard drives before removing old corporate computers. The same should also be done for smartphones. Otherwise, an organization risks causing data leakage incidents if some dedicated and smart hacker finds those devices and accesses their hard drives.

Shred Redundant Documents

You must also shred all physical documents containing sensitive information. For instance, receipts, credit offers, insurance forms, and bank statements should be made unintelligible before disposal. Otherwise, thieves can glean the sensitive data they contain. Then, criminals can abuse that data to steal identities.

Lock Physical Rooms

Lock up all rooms containing physical gadgets storing critical data. Don't forget to lock away PCs and other offline materials containing sensitive data.

Don’t Write Down Passwords

You need to train all your employees never to write down their passwords. For instance, writing their passwords to shared company computers can accidentally cause a password leakage into the wrong hands.

Use Cameras

A good idea is to use CCTV cameras in your office for monitoring. This way, you can easily monitor for any illegal activity or attempts to access safes or rooms with restricted information.

Protect Keyboards

Training your staff to shield their keyboards when typing in their passwords is also essential. This way, it becomes easier to avoid keyword theft.

Encrypt Hard Drives

Lastly, encode all laptop and desktop hard drives. This encryption will ensure that nobody can access critical information if a laptop is lost or stolen.

Online Data Protection Methods

Online methods also require care and thoroughness to reap the most benefits from them. Follow the recommendations below to secure the organization’s networks and online resources from hacker infiltration.

Don't Overshare on Social Media

These days, social media is the "in thing." Therefore, many enterprises and other federal organizations want to prove to the world that they are "also social." However, the only prudent choice is to share your data on these platforms sparingly and carefully. Otherwise, identity thieves can steal that data and cause trouble for your organization.

Mind Your Passwords

Did you know that a seven-character complex password can be cracked in 31 seconds? While shorter passwords or less complex ones can be cracked almost instantly? Having a weak password is one of the most accessible routes hackers can use to break into your systems. Moreover, avoid synchronizing work email accounts with personal ones because this compromises login credentials, passwords, and access codes. 

A strong password consists of at least 8 symbols, including uppercase and lowercase letters, numbers, and special symbols. Keep in mind that strong passwords should not have any meaning. Don’t use, for example, your pet’s nickname or your child’s birth date as a password unless you want hackers to easily access your account.

Use a VPN

A VPN isolates your traffic to protect you against hackers and spies who aim to steal your details while transacting online.

Implement 2FA

You should also use two-factor authentication as an extra layer to boost your password protection.

Ensure Cloud Storage Encryption

Fortify your online protection by using encryption from a reputable cloud service provider. Check out and ensure your vendor offers local encoding and decoding for your vital information. This way, the service provider will be responsible for decoding and encoding your PC data for secure cloud storage, and nobody will access your data without permission.

An industry-accepted encryption specification that governments and security organizations use is the Advanced Encryption Standard (AES). The reliability of AES relies on the principle of encrypting the data in one block and not separate bits. The most reliable algorithm here is AES-256, which encrypts data in 256-bit blocks.

Another widely used standard to encrypt data is RSA (Rivest-Shamir-Adleman). RSA encryption relies on a public encryption key and a private decryption key on the side of a data recipient. This is a reliable way, for example, to keep personal data private when sending that data via online tools. On the other hand, unlike AES, RSA is not appropriate for encrypting considerable amounts of data.

Double-Check Everyone

An effective strategy is to screen every person you or your employee "meets" online. For example, if they reach out to you claiming to represent a popular organization that you know, avoid providing any sensitive information to them until their association with that organization is proven.

Set and Run Backup Workflows

Remaining one step ahead of security solutions, hackers can bypass any protection system sooner or later. Therefore, a valid backup is the only reliable way to regain control of your data after, for example, a ransomware attack. Organize a process to copy and store your organization's sensitive data in different protected repositories. You can keep the data online for quick access and recovery and offline for long-term retention and increased resilience. 

A copy kept offline can remain safe and usable when your main production site and online backup storage fall victim to ransomware. A well-thought-out strategy also includes backup tiering: creating backup copies on a daily, weekly, and monthly basis. Thus, in case security monitoring software fails and malware sneaks unnoticed into more relevant daily or weekly backups, you can recover most of your data from a monthly copy.

Additionally, modern data protection solutions enable you to make backups immutable. Immutability protects the data in a repository from changes or deletions throughout a set period. Therefore, immutable backups can be used for recovery even if ransomware reaches backup storage.

Find a solution that would help you schedule and automate backup and recovery workflows, enable backup tiering, configure retention policies, and enable backup immutability. That is the only way to ensure timely backup updating and data restoration even in the aftermath of a data loss disaster.

Conclusion

The importance of data protection for federal organizations is impossible to overestimate. Being aware of modern tendencies and challenges in the IT field, the US government introduced the Federal Data Strategy in 2020. This framework combines principles and practices for sensitive data protection improvement at the federal level for the upcoming decade. This guide offers particular methods and practices that the chief data officer can apply to improve data resilience.

Although the guide focuses on federal organizations, the provided data protection methods would work for any organization regardless of size and industry field. Check and apply the recommendations to improve the resilience of your organization’s data and infrastructure.

About the Author

Rate this Article

Adoption
Style

BT