No organization is immune to cyber breaches. Bad actors with ample creativity and technical resources can pierce even strong cyber defenses. But there are strategies that make effective cyberattacks less likely and that protect data on which government depends. “Breaches will happen. It’s a matter of if, not when,” said Chris Sprague, Principal Technologist with Pure Storage, which delivers forward-thinking security and data protection via a cloud experience. Agencies must practice good cyber hygiene, be prepared to mitigate fallout from a cyber event, and follow federal guidance as it evolves, he said.
Path to Protection
Continuous protection requires a multilayered approach. It involves physical security — guarding access to buildings and the hardware within — and network security, which includes segmenting data and managing its travels, Sprague said. Data encryption is essential, as are backups, particularly if they’re immutable, inalterable snapshots in time.
Similar to photographs, snapshots reflect the moment they’re taken. If a cyberattack, human error, or another circumstance results in data theft, deletion or corruption, a snapshot can quickly restore what’s lost, said Sprague.
An agency also must be able to replicate snapshots offsite. “My snapshot is protecting my data from being changed,” he explained, “but now, that replication protects me in case, let’s say, an earthquake happens and I lose a building. We want both of those [capabilities] in tandem.”
Pure Storage provides them, Sprague said. It also offers a third layer, called SafeMode, that automatically keeps deleted snapshot data in a “bucket,” similar to a Windows recycle bin, that’s purged after a set period of time.
Ransomware attacks often occur because a hacker stole a network administrator’s credentials. With SafeMode, an administrator cannot delete snapshots; backups are safe even if hackers invade an administrator account. That feature differentiates Pure Storage from competitors, he noted.
Trust and Communication
Sprague said that when agencies need their backups, they want a platform that allows for rapid recovery; with Pure Storage, recovery can take just minutes. The technology promotes and supports cyber resilience and zero-trust principles, integrates with new and existing infrastructure, and conserves space and electricity, he said.
That helps agencies maintain business operations. And with extensive data at its disposal, government must be diligent about security.
“If agencies fail to protect their data, there’s a high risk of data breach, which could lead to severe and wide-ranging consequences,” Sprague said. “It could mean outcomes like reputational damage, which would erode the public’s trust, to things like financial loss, identity theft … all the way up to national security threats [and] interruption to our critical infrastructure.” Officials could be held criminally liable.
Intra-agency communication is vital after a breach, he said. “A lot of times in IT, when we have a problem, we put our heads down and try to fix it, and we don’t necessarily communicate with the business side about what’s going on.” But open dialogue promotes transparency and constituent trust. “Things [like trust] erode much faster than they build up,” Sprague observed.
This article appeared in our guide, “The 2024 Cyber Agenda.” To learn more on the cyber outlook for the coming year, download it here:
Leave a Reply
You must be logged in to post a comment.