Each year, Australian government departments and agencies generate terabytes of digital data. Policy documents and reports, budgets, research, and activity schedules are constantly produced and stored for later reference.
This rising tide of data is causing some significant challenges when it comes to ensuring effective security. The data must be protected both from unintentional harm and the ongoing threat posed by cyberattacks.
The challenge has been made more acute by the changes that have occurred as a result of the COVID-19 pandemic. Where the majority of staff have traditionally worked from offices, many are now continuing to work from home.
This means that data must be made available for access from virtually any location. The concept of a secure perimeter is no longer appropriate.
The security challenge of data silos
Often, the task of keeping data secure is made even more difficult because of the way in which it is being stored. Across a typical department, there are likely to be dozens of databases and file stores. Knowing where required data is being held and how it is being secured can become quite a challenge.
These storage silos also make it difficult to be sure that the data shared with others is the most up-to-date version available. Different versions may end up stored in different locations with no efficient way to track which is which.
In an effort to overcome these challenges and improve security, increasing numbers of departments and agencies are adopting a new strategy. This involves the creation of single ‘source of truth’ by combining the currently scattered stores of data into a single data platform.
Often cloud based, these platforms allow data to be located and shared much more easily. Users can also be confident they are accessing the latest version comprising the most up-to-date information available.
Data platforms are also readily scalable. This means storage capacity can be easily increased to match changes in demand. It also removes the need for large investment in hardware resources and the associated management and maintenance costs.
This scalability is achieved by decoupling storage resources from compute resources. This is different from the approach taken by many data bases and data lakes and delivers significant benefits. Users are able to directly access shared data and then use their own compute power to examine and manipulate it.
The role of data governance
As data volumes increase across the public sector, the need also arises for effective data governance procedures. These procedures are needed to ensure that data is held securely and only made available to those with the authority to use it.
One of the biggest benefits of effective data governance is the way in which it supports compliance with regulations. These regulations have set in law just how data needs to be secured and the ways in which it can be shared. This is particularly important when the data in question contains personal details of citizens.
For this reason, data governance is an important part of any security strategy. Once you understand exactly where data is stored, it can more readily be protected from external attacks or internal misuse.
Creation of an effective data governance strategy should begin with the design of a preliminary framework. This involves establishing a core team of stakeholders to undertake the initial work required.
Next, all the requirements and policies need to be clearly defined. Things to consider include the problems you are trying to solve through creation of the governance framework. Once the list is complete, prioritise the items and then start from the top.
The next step involves assessing all available tools and skills. If any gaps are identified, they should be filled before work begins. It may be necessary to bring in additional skilled staff to help with the process in its initial phases.
Once all this has been completed, the strategy is ready to be executed. All data stores need to be inventoried and a full list compiled of all people with the authority to access them. The governance strategy can then be put to work.
A future of data sharing
As well as keeping data secure, rigorous governance also opens up the opportunity to share it both between departments and also, where appropriate, with private-sector organisations.
For example, anonymised health data could be shared with aged care providers to help them plan future investments. Detailed climate and weather data could be shared with construction and transportation companies while agricultural data could be made available to farmers and rural supplies companies.
With the volume of data within the public sector growing at a rapid rate, the challenge of effective governance and security will continue to increase. By making the effort to remove storage silos and create a unified data platform, government departments and agencies will be well positioned to maintain effective security in the months and years ahead.