Data loss is one of the public sector’s worst nightmares. Agencies handle personal information, so there is no government that can risk misplacing this data without potentially hurting constituent trust.
The plot only thickens now that most agencies have hybrid workforces mixing on-site and remote employees. With no limit to the cybersecurity perimeters they must defend, how can agencies shield their data from today’s global threat landscape?
GovLoop spoke with two government thought leaders explained why data recovery plans might be the answer. The pair included:
- Brian Gardner, Chief Information Security Officer (CISO) for Dallas, Texas.
- Carmen Taglienti, Principal Architect, Data and Artificial Intelligence (AI) at Insight Enterprises, Inc., a business-to-business (B2B) and IT solutions provider.
Gardner and Taglienti shared three crucial components every data recovery plan needs to help agencies navigate data disruptions:
1. Key Assets Identified
Data is not created equal, and agencies should prioritize protecting the variety that matters the most to their missions.
For instance, the most sensitive information intelligence agencies deal with often concerns national security. These agencies must shield this data and plot out how to recuperate from attacks on it.
“You start to associate a cost with those assets from a loss perspective,” Taglienti said. “The most mission-critical assets will invariably cost the most money.”
While identifying their critical assets, agencies may want to consider the impact losing these valuables might have on their constituents and workforces.
2. Tested Solutions
Practice makes perfect, and government cybersecurity is no exception. After drafting data recovery plans, Taglienti suggested that agencies frequently test their effectiveness.
“Sometimes you crack open the procedures and they do not work,” he said. “You may have dire circumstances on the line to ensure these practices work properly.”
Consider IT networks. With the amount of data worldwide expected to grow, no agency can afford to add more data to IT networks that cannot handle it.
“We’re going to see an explosion in data, especially in government,” Taglienti said. “I’d rather be in front of that trend.”
3. Automated Capabilities
A common refrain in public-sector cybersecurity is that there is not enough talent to go around.
To alleviate the strain on government cybersecurity personnel, Gardner recommended automation. Automation involves machines performing simple, repetitive tasks like software patching with little to no human input. Once implemented, these machines can pay major dividends to agencies’ data recovery efforts.
“It is about reducing their time and stress,” Gardner said. “The machines can go faster than we can.”
The Last Word
While data recovery plans may seem like a major investment in funding and time, implementing them now can save agencies even higher costs later.
“People are starting to understand it is a necessary evil,” Gardner said. “On the backend, when you suffer an attack, the costs can be astronomical.”
This post originally appeared in slightly different form on January 22, 2022