Migrating to the cloud and optimizing operation in that environment have been top-of-mind for government agencies for some time, but now, as remote work becomes a part of life, these agencies are accelerating their efforts. As the government continues to move towards a cloud-powered work environment, many are leveraging a hybrid IT approach that is proving to be an effective and cost-efficient way for many of these agencies to manage the risk associated with the acceleration of migration. Naturally, finding the right data security and management approach are pressing components for agencies considering the level of sensitivity of the data being managed and the notoriety that follows if a breach should occur.
“Risks revolve around the security of an agency’s data no matter where it rests, whether that’s on-prem, in the cloud, or a combination of both,” stated Richard Breakiron, Commvault’s Senior Director, Strategic Initiatives – Fed, DoD and the Intelligence Community, in a conversation with Government Technology Insider. “Maintaining authoritative providence of the data as well as meeting compliance requirements is crucial, and a hybrid approach allows that level of visibility needed by these government agencies to keep their data secure.” Mission success is dependent on maintaining data’s immutability and source integrity.
While data visibility is undoubtedly an important factor in data security, the ability to monitor and prevent threats with sophisticated diagnostic and monitoring tools is the second part of that data security one-two punch. David DeVries, Senior Director, Strategic Initiatives – SLED at Commvault, explained to us that in order to truly optimize your data security approach, your IT systems need to be put to the test regularly to ensure the right protocols are in place.
“Cloud vendor built-in data protection simply isn’t enough,” DeVries said. “Government agencies need to be able to detect anomalies and handle them swiftly. They need to be able to quickly recover and restore data that’s crucial to their mission. They need to be able encrypt their data at the source. All of these are considerations that need to be made throughout their journey to the cloud. Often this extends in a day-to-day operational mode involving several storage types and locations.”
These specific needs speak directly to the mission of the Continuous Diagnostics and Mitigation (CDM) program from the Cybersecurity and Infrastructure Security Agency (CISA). The CDM program sources tools for government agencies to strengthen their cybersecurity strategy. These tools help continually identify cybersecurity risks and prioritize those risks based on projected impact, enabling data security decision makers to create a thoughtful plan of action in the event of a cyberattack.
So, what happens when (and it’s when, not if) a cyber-attack can’t be prevented? This is where an agency’s robust recovery plan and the regular IT system testing comes into play – and not surprisingly, central to that recovery plan is the ability to recover critical data. A whitepaper from Commvault, titled Secure Your Data, Your Recovery and Your Mission, outlines the steps to building a data security and recovery plan. According to the whitepaper, “True peace of mind comes from having a comprehensive, continuous recovery readiness plan. The last thing you want to do when contending with a high-pressure attack is to stop to figure out which data needs to be recovered in what order. Recovery readiness means that recovery stages are documented, automated, and predictable, and that a recovery plan is tested and rehearsed regularly.”
Data security comes with many different challenges and considerations, especially at a government level, so a plan of action for all phases of a cyberattack is not optional. You can learn more about how to build and maintain your agency’s plan of action for data security here.