Who's Your Data?

Filling their places will be either contractors or new government employees. This creates a great opportunity: phase in policies now about where data resides and who controls it. Now’s a great time to make policies that secure data and match the way newer workers view their data and work product: transportable and transferable.

Not everyone wants to keep everything on their C drive anymore. What’s more, it is time we keep them from doing so with sensible policies published to all and then use rule based systems to do implementation and monitoring for us. Frankly, this will become more a matter of survival and relevancy than of, ‘who owns the data?’

Specifically, there are three actions that almost every IT department can take today:

At some agreed to interval, documents created and files stored across all application systems could be routinely scanned for data types and file types i.e., Adobe, PowerPoint, Excel, Exchange, Oracle, etc. This metalayer index can then be scanned for unusual blips one way or another. This is not Big Brother, this is good stewardship.
‘Seal and no steal’. This is my name for the process of making it such that C drives, thumb drives, DVDs and other portable media extensions are disabled on laptops and some desktops. Policy has to be worked out here but think about it, how often does something have to be transferred any more by physical media vice being sent through the network?

Encrypt what’s at rest. In-line encryption makes it possible for users to experience zero application delay in the work day while all of their work product is encrypted where it is stored, thereby protecting it from unauthorized access or theft by those on the outside and more importantly, those on the inside.

The leaves change, the seasons change and the global climate changes. Down here on earth, lifecycles and work cycles are changing in the federal government and that presents an opportunity and an obligation to secure our data, easily, through policies and technologies available today.