Cybersecurity for Government: Four Basic Requirements for Keeping Data Safe

CybersecurityBy Tom Rascon, NetApp Chief Technology Officer, Defense and Intel Solutions

In the past few years, the same kinds of security breaches faced by private organizations have become common in the public sector. Government agencies are now under a near constant state of cyber-attack.

And it isn’t just James-Bond-style espionage—stealing the latest technology secrets from government research labs. The data being sought is often mundane but no less important. In one of the most highly publicized breaches, intruders hacked into systems operated by the U.S. Office of Personnel Management. They  gained access to 21 million records for current and former government personnel—including mine.

I joined NetApp as CTO for Defense and Intel Solutions after a 20-year career in the U.S. Army. In my last military assignment, I was responsible for the design, operation, and maintenance of various secret and top secret networks. My job now is to advise customers on all things related to storage, including cybersecurity. What I’ve found is that when our government customers talk about their data security challenges, the conversation invariably turns to one or more of the following requirements:

 

  • I need to know what data I have and where it’s stored.
  • I need to encrypt data to prevent unauthorized access.
  • I want to use analytics to identify abnormal patterns.
  • I need to move data securely, especially in cloud environments.

 

Where’s My Data, and How Much Do I Have?
If you don’t know what data you have and you don’t know where it is, the job of protecting it gets a lot harder. When I talk to a new organization, I start by asking where the customer’s data centers are located, how much raw capacity they have, and how much of that capacity is used.

If the answers aren’t readily available, I often recommend using a tool that can provide quick insights into data repositories and storage systems across complex multivendor environments. NetApp® OnCommand® Insight (OCI) is one such tool, and a short demo is often all that’s needed to fill in the missing details. Because OCI is agentless, multiprotocol, and multivendor, it quickly discovers and reports on all storage resources. Once you have a baseline in place, OCI alerts you as things change.


Keeping Data Safe with Encryption
In government and defense IT environments, it’s common to have data archives sitting in a facility somewhere that are seldom if ever accessed. IT teams have to be able to protect this type of data from unauthorized access. Encryption is a critical line of defense for your archived data, and our FAS systems can help protect it through NetApp Storage Encryption (NSE).

NSE implements full-disk encryption using self-encrypting drives. Because encryption and decryption take place on the drive itself (after data is written or before it is read), NSE operates seamlessly with features such as deduplication and compression. All NSE drives comply with National Institute of Standards and Technology FIPS standards, preventing unauthorized access to encrypted data at rest. It’s an easy way to be sure that data is protected while maximizing storage efficiency and ROI.

All NetApp data storage products, including NetApp FAS, E-Series and EF-Series, NetApp AltaVault™, and NetApp SolidFire®, support some form of encryption at rest.


Using Big Data to Enhance Security
Another proactive security practice that’s becoming popular is the use of big data analytics to look for changes in data access patterns and other anomalies. NetApp works with an ecosystem of partners to address these needs. For example, we’ve partnered with Splunk for security information and event management (SIEM). The combination of Splunk software and NetApp E-Series storage supports threat detection and response, insider threat detection, compliance, user behavior analytics, and more.

Splunk gathers log data from across your operation (servers, storage, network devices, and so on) in a central repository. In large organizations, the rate at which data must be ingested and analyzed is quite high, which is one of the reasons E-Series storage—with its massive I/O bandwidth—is ideal for this activity.


Secure Data Movement
For the organizations I meet with, cybersecurity requirements extend beyond protecting against data breaches. Today, it’s also about addressing changing employee needs and evolving mission needs.

Younger employees expect to be able to access data with greater freedom than in the past. Military and intelligence officers increasingly need 24/7 access to secure communications and data, no matter where they are on the sea, on land, or in the air. That translates to a need to provide secure access to data—from any device, anywhere.

As a result, there’s an increasing need to move data quickly and securely. The stated desire of both the U.S. intelligence community and the Department of Defense is to support cybersecurity while moving to the cloud. To meet this need, NetApp offers a secure Data Fabric that seamlessly knits together and enables data movement among on-premises and private cloud implementations, cloud service providers, and hyperscale cloud providers.

You can learn more by downloading the ESG white paper NetApp Data Fabric and the Essential Data Security Controls for Hybrid Clouds.