Shenefiel: Protecting privacy
Agencies should deploy integrated security technologies to protect sensitive data
- By Chris Shenefiel
- Sep 19, 2005
Protecting sensitive data is undoubtedly more challenging and arguably more necessary during disruptions to government operations. Public trust and, potentially, national security are at stake. As agencies address the stipulations of the federal government's continuity of operations (COOP) directive, they must take special precautions to maintain data privacy
and regulatory compliance throughout disruptions.
What technologies must agencies deploy to sustain confidentiality as they collaborate across organizational boundaries during emergencies? Virtual private networks (VPNs) and IP communications tools are critical, and agencies must deploy multilayered, integrated security capabilities across networks end to end.
As agencies implement the COOP vision of internal/external, continuous communications and collaboration during disruptions, they increase the number of potential points at which sensitive data can be exposed. Consequently, security must be accounted for in every network component that data touches across access and transport infrastructures to every endpoint, including mobile computers.
To protect data from prying eyes, VPNs create secure tunnels through public broadband networks, enabling displaced agency employees to remain productive from home or alternate facilities. In-transit data is kept private via standards-based encryption. Because they can be deployed rapidly, VPNs are suitable for long-term emergencies, such as the destruction of a building, or short-term events, such as snowstorms.
Regardless of whether an agency uses IP communications for day-to-day operations, tools are valuable for quickly, securely restoring communications.
Similarly, implementing manual security processes is too time-consuming in a crisis. Networks must have self-defending capabilities to mitigate security threats before they affect operational continuity. For example, a wide-area network firewall might provide the first line of defense for a network. If a worm gets past the firewall, routers and/or switches will detect the intrusion. If they fail to stop it, the worm could be blocked by branch routers or, beyond that, by security agents on servers or desktop or laptop PCs that are watching for and blocking application or network behavior that violates security policies.
The idea is to amass layers of security that require no intervention by employees, who are then kept free to protect the public and maintain continuity of government operations.
When users access data from home or other outside facilities and when data is backed up to alternate data centers, agencies have ideal opportunities to verify their strategies for ensuring data privacy during disruptions. At the same time, this allows for the controlled flow of information during normal operation.
In doing so, agencies can eliminate gaps in protection, prepare for emergency situations when stakes are highest and achieve the COOP vision established in Federal Preparedness Circular 65. "COOP planning is simply a 'good business practice,' " the circular states.
Shenefiel is manager of federal government industry solutions at Cisco Systems.