Feds Strive to Balance Data Sharing and Risk
Big data and cyber-security have ushered in a new era, and federal agencies are still considering how to best implement these technologies to leverage and protect vast stores of high-level information. A recent study conducted by MeriTalk, a public-private partnership that serves the government IT sector, indicates that big data is critical to enhancing cyber missions but finds that more security controls are still needed. The report “Balancing the Cyber Big Data Equation,” underwritten by Northrop Grumman, explores the symbiotic relationship between big data and cyber-security and examines the steps agencies are taking to unlock big data’s potential while mitigating risk.
“Considered and managed together, Big Data and cyber have the potential to fundamentally reinvent broken and siloed Federal information technology (IT),” the report’s authors note. “At the higher level, this means reimagining and reclaiming government, to fulfill the mission today, and to innovate for tomorrow.”
For an agency perspective on how such a major overhaul gets carried out, MeriTalk interviewed 18 federal IT leaders with big data and cyber security expertise and operational knowledge. Their responses highlight the opportunities and challenges that exist for federal agencies.
All the respondents recognized the value of sharing information across government channels with opportunities ranging from improving operational efficiency (by identifying and reducing fraud, waste and abuse) to improving America’s health. Most agency experts also agreed that in order to proceed with the necessary correlation, dissemination and protection tasks, they would first need to address infrastructure and policy limitations.
Some of the current steps being carried out by agencies to improve information management include datacenter consolidation efforts; shifting to virtual desktop infrastructures (VDI) implementation to enable greater data centralization; deploying cloud hubs, including private clouds and analytics-as-a-service; and classifying risk levels for data analytics capabilities.
At the cutting edge, agencies are looking into data classification schemes, aggregation using discrete networks, analytics that continually monitor transactions and patterns, as well as predictive and automated capabilities that focus scarce resources. Going forward, as technology and policies evolve, agencies will likely benefit from dashboards that aggregate input from different analytical tools.
Big data presents new opportunities to enhance cyber missions, but it also creates concerns with regard to privacy and security. The consensus from IT leadership is that more controls are needed to ensure agencies can protect data, especially as data sets grow. Furthermore, cooperation is essential. Given the realities of today’s budget constraints, agencies cannot continue with a strategy of piecemeal investments; to do so, risks squandering the opportunity offered by big data. It’s also crucial for IT to communicate and demonstrate the value proposition to non-IT audiences.
“There has to be a strategic vision in place, funding to accomplish the vision, along with discipline and accountability to effectively implement the vision,” maintains Joseph Hungate, Principal Deputy Inspector General, Treasury Inspector General for Tax Administration (TIGTA). “The initial design, build, and rollout will take considerable time and expense. The technology that enables large-scale data analytics is rapidly evolving and still relatively expensive. Successive waves of hardware and software innovation in this space will drive out complexity and cost over time.”
The expert advice has been distilled down to four essential points. Although they are aimed at decision-makers in the federal government sector, these recommendations would also be suited to large threat-averse enterprises, including security specialists, retailers and financial services firms.
- Consider the Full Equation: Develop a comprehensive enterprise information architecture strategy that encompasses both big data and cyber. Get serious about datacenter consolidation and cloud infrastructure.
- Re-think Risk: Ensure you are adequately classifying the risk level of your data analytics capability and take appropriate steps to mitigate risks, including considering threats within and beyond perimeter borders.
- Put Data To Work: Invest in the tools to apply analytics to continuously monitor data, in order to enable the predictive and automated capabilities that will ultimately save time and money.
- Show Me The Money: Pilot dashboards that provide mission owners with new insights and help track the ROI for big data/cyber efforts. Mission owners need this visualization to determine where to deploy additional funding to protect critical assets.
“We have the tools to defend against attacks on America’s critical infrastructure; operate communication networks more efficiently; deliver heightened situational awareness to soldiers on the front lines; and combat current shocking levels of fraud, waste, and abuse – ensuring scarce resources are used where they are most needed,” the report’s authors write.
“However, we will only be able to take these steps if we can ensure security and protect privacy. If we fail to grasp this reality, we will limit the potential of Big Data. We will stifle innovation. We will undoubtedly cause unintended consequences. Now more than ever, we need to work together to take the next steps to enable smarter government.”