DATA SECURITY
By Dan Panesar, Vice President
EMEA, Certes Networks
www.certesnetworks.com
The public sector faces intense public scrutiny, especially
when it comes to cybersecurity. However, the launch of the
National Cyber Security Centre in (NCSC) in 2016 suggests
that the sector is beginning to take the issue of cybersecurity
seriously, marking the Government’s commitment to making
the UK a safe place to live and work online. And it’s not
just public scrutiny the sector has to contend with, but the
global digital revolution means that changes are happening
rapidly, and technology adoption isn’t happening as quickly
as it should. On top of this, the public sector has numerous
regulatory and information assurance (IA) based obligations
they’re required to fulfil, making some organisations within
the sector too scared to make changes or enforce new
policies for fear of breaking the rules.
Restricted budgets, small teams and intense workloads
can often make cybersecurity a low priority. Rather than
enforcing and developing proactive, robust strategies to
keep the organisation’s data safe, teams end up working
reactively to mitigate threats as they arise. Not to mention
the complex and wide-reaching nature of public sector
organisations, making coordinating the array of essential
services, stakeholders and functions a near impossible task.
Keeping up with digital change
The digital transformation means that traditional
connectivity solutions are being replaced to reflect cloud
deployments, network function virtualisation and the ability
to deploy meaningful orchestration-based management.
To reflect the update of digital and online services, public
sector networks are expected to grow at 15-25% per year;
in order to keep up with this demand, users are becoming
increasingly reliant on both high-speed and high-availability
transport networks, whether they’re MPLS, SD-WAN or 5G, or
a combination of networks to deliver information when and
where needed.
In the not so distant future, dependency on traditional
hardware will become more challenging as additional
capacity means the user may have to continuously
upgrade its network. However, current and conventional
approaches to data protection create numerous challenges,
particularly around scalability, performance, complexity, key
management and key rotation.
Don’t shy away from new technology
The public sector needs to begin embracing new technology;
the prospect of digital transformation should be exciting,
rather than daunting. As a sector with a reputation for
being slow to adopt mobile technology, potentially due
to concerns over its lack of security, there’s a tendency to
instead lock down data and restrict the use of technology
altogether. However, this just isn’t sustainable, and the
absence of mobile technology won’t keep the hackers out.
If changes don’t happen soon, the public sector will
get left behind. To keep up, it needs to recognise that a
How can the public sector keep its data safe
as a combination of networks are used for
accessing information?
digital network with a mix of connected users, devices
and applications, doesn’t need to make an organisation
vulnerable; no matter how complex it may be. Flexibility
and digital agility are undoubtedly at the top of every
government’s agenda, making it essential for organisations
to embrace the technology available. However, instead
of putting adopting technology that attempts to secure
each entity itself, or worse, layering technology on top of
technology with a security solution tied into the network,
organisations need to focus on what’s really important
– and that’s Information Assurance (AI). In order for
organisations in the public sector to really be secure,
rather than securing the network, the focus needs to be on
protecting the data.
An organisation’s biggest asset
Data is arguably an organisation’s biggest asset; it’s the
crown jewels that must be protected, and what the hackers
will inevitably set their sights on when planning an attack. In
reality, a fine won’t be enforced under regulations such as
the General Data Protection Regulation (GDPR) for a breach
to an organisation’s network. The fine comes into play
when a breach results in data being lost or stolen. That’s the
difference between an organisation’s network and its data.
And the fact is, the public sector is quickly becoming a
prime target for hackers. But how can organisations ensure
their data is really protected? Firstly, organisations need
to move to a data-centric, IA security model underpinned
by a robust and strategic security overlay, on top of an
organisation’s existing network and independent of the
underlying transport infrastructure, making the network
itself irrelevant. A software-defined security overlay enables
a centralised orchestration of IA policy and by centrally
enforcing capabilities such as software-defined application
segmentation using cryptography, key management and
rotation, data is protected in its entirety on its journey across
whatever network or transport it goes across. For the public
sector, this means organisations no longer need to fear
technology – each application on the network and the data
it holds will be kept secure. n
www.networkseuropemagazine.com
17