Data Drivers: The Road to Secure Data-Driven Operations

Whether it's sending an email or downloading a PowerPoint file, for federal agencies today, data is being generated at every turn. Moreover, as agencies adopt greater levels of technology, like Internet-of-Things devices, computers and mobile endpoints, data is proliferating at breakneck speed.

This data stands to be incredibly valuable for agencies, offering government the ability to tap into new tools like artificial intelligence and analysis that can provide government leaders insights with the information they need to make more informed decisions. But to effectively capture and use this data, agencies will need a medley of secure storage solutions.

“Data is spread across multiple locations, in different formats and different software and different databases,” says Jason Kessler, a security solutions architect at NetApp. “Not knowing what they have, where it is, and who has access is one of the biggest challenges for government agencies when it comes to securing this information.”

“Data driven government is needed now more than ever,” says Chris Rohland, solutions architect at Presidio Federal. “From partners, processes and tools, the culture of data-driven decisions is at our fingertips, we just have to leverage it and help our customers do the same.” It’s evident that government agencies must understand that data security is crucial, because while data is a boon, it’s also a prime target for malicious actors. A recent report for NetApp highlights that over 2020, data exfiltration attempts jumped by 133%. Not to mention that remediating a breach can cost upwards of $1.85 million. To stop threat actors from exfiltrating data, public sector organizations need to have a comprehensive understanding of where their data is so that they can protect it appropriately, says Kessler.

“If you think of all of the different breaches and ransomware, those attacks are going after the organization's data,” he says. “Being conscious of what that data is, to make sure that it's properly secured and protected, is important.”

The federal government has taken steps to help agencies understand how to better protect their data via recent frameworks like the Cybersecurity Executive Order and the National Institute of Standards and Technology’s Special Publication 800-53, both of which lay out key actions government agencies should take in order to secure their networks and dataways.

“Security isn't even a ‘why’ anymore. It's a necessity in today's age,” Kessler explains.

Despite the near universal support for tapping into and protecting data, government procurement cycles are notoriously lengthy. As a result, agencies often enter a vicious cycle where they continually adopt outdated technologies.

Enter Commercial Solutions for Classified, or CSfC, a program akin to FedRAMP that aims to remedy the procurement woes and help agencies adopt modern IT tools that can help them solve today’s challenges — not yesterday’s. Under this program, agencies are able to select from a list of verified cybersecurity vendors and solutions, including NetApp's ONTAP data management software — one of the first enterprise-grade solutions to be added to the list, according to Rohland.

What differentiates NetApp ONTAP from its competitors is that it was crafted with security in mind from the start. According to Kessler, imbuing the platform with the proper security controls was paramount. Additionally, aside from the inherent security controls found within the native offering, the team works to create secure, customizable solutions.

“We're bringing in features that agencies and organizations can use to customize the fit in their environments,” Kessler says. “We have capabilities such as secure multi-tenancy. . . we can isolate our network connections and have built-in firewalls, and then we can have built-in capabilities around encryption at rest, as well as for encryption in flight.”

In addition to secure multi-tenancy, NetApp's core products come with anti-ransomware built-in, says Kessler.

“In the event there is a breach, and there is malware that gets initiated in the environment, and that creates ransomware, the detection of that ransomware can either be detected really quickly or possibly mitigated before it even spreads,” Kessler explains.

Taking each of these specific security capabilities and then combining them into one offering, like NetApp ONTAP, helps create a comprehensive defense-in-depth approach to security.

“For NetApp, it's about building a layered security approach that can help protect devices, networks, and people from malicious threats that are increasing and coming in at a rapid pace,” says Kessler.

And with hybrid work environments quickly becoming the new normal and the number of interconnected devices increasing, a defense-in-depth approach will be crucial to creating secure, data-driven agencies.

With hybrid work environments becoming commonplace and the threat landscape becoming more complex by the day, CSfC solutions — like NetApp ONTAP — can help agencies address common digital transformation challenges and securely share data across organizations, but these migrations aren’t without its challenges.

“Turning the fast and ever-growing volumes of data that agencies have at their fingertips into a true strategic asset comes with a host of new challenges that organizations typically don't expect,” says Rohland.

For example, organizations may recognize the need to rebuild existing data or invest in capturing new data points. This is due to an antiquated approach to data, consisting of barriers and blockades where data exists in silos. A true multi-cloud solution should provide a comprehensive glimpse into an organization's data while empowering agents to deliver data-driven solutions.

“At Presidio Federal, we work alongside leading-edge partners, like NetApp, to design innovative, best-fit solutions to assist with these challenges that will integrate directly into agencies existing IT environments,” says Rohland.