This blog is an excerpt from GovLoop’s recent guide, Cybersecurity, Analytics & More: The 8 Government Health IT Trends You Need to Know. Download the full guide here.
As digital transformation continues to push government services and citizen interactions online, safeguarding content and data in a landscape filled with laptops and mobile devices is a new challenge. Recent federal information security policy guidelines are recognizing this threat and influencing how state and health agencies should address these data security concerns moving forward. As a part of comprehensive cybersecurity plan, agencies should adopt multiple, dynamic protections that travel with data wherever it goes.
A key element to any multilayered cybersecurity strategy is data-centric security, which consists of protecting the native file format itself. This helps ensure that data remains secure wherever it travels or is stored. To learn more about data-centric security, GovLoop spoke with Adobe’s Kumar Rachuri, Director of State and Local Government Solutions, and Steve Gottwals, Technical Director of Security, to see why health agencies and departments need to think about adapting a data-centric approach for the self-service systems they deploy.
Rachuri explained the current landscape of self-service portals deployed at the state and local government level or in health agencies and departments. “For organizations with external-facing services, self-service portals and online forms are a key part of user interactions,” he said. “In today’s government environment, online interactions are increasingly common. Many organizations have successfully extended paper-based forms processes to online digital forms and self-service portals, whether internal or external-facing.”
However, this initial success in moving to digital services has created a new set of potential concerns. As the breadth of online services expands, how can health departments and organizations effectively create, publish, track, manage, and secure their and their users’ sensitive data?
“A dynamic, data-centric approach is a new best practice that is being driven by federal cybersecurity policies and standards that have an impact on health and human services data, particularly personally identifiable information (PII),” said Gottwals. He also pointed out that a strong federal-state partnership in defending government networks is aided by cybersecurity tools and resources available to state governments through the General Services Administration (GSA) Continuous Diagnostics & Mitigation (CDM) Blanket Purchase Agreement. CDM is a dynamic approach to fortifying the cybersecurity of government networks and systems.
“With data-centric security, no matter where the data goes, it carries protection” Gottwals explained. Data-centric security targets and uses technology to help protect the data itself, regardless of its location—inside or outside the firewall and on any device. It adds another critical layer of fortification to existing security measures. “It also encrypts the native file format itself,” he said. “This helps ensure data remains more secure wherever it travels or is stored.”
This is important, Rachuri said, because it addresses the issue of data that’s not just static, but from when it is created. “Oftentimes, government can overlook the security of the data once it’s in motion,” he said. “If you think about any information you gather from a data perspective, what do you do with it?You put it in a document, or you put it in an email, and then you send it out to people. You communicate that information out to providers or the doctor’s office. The data is always in motion. It doesn’t just sit in a datacenter.”
To implement this across a government organization it is important to implement three key criteria:
1. An ability to remotely deliver dynamic policy and access changes on the fly without having to revoke and renew document access.
2. Continuous auditing and reporting, regardless of location.
3. Use of digital signatures to confirm the identity of each person or organization who signed a document, and that it hasn’t been altered in transit to help ensure authenticity and integrity.
Adobe has been helping customers protect sensitive data and documents for over two decades, and today they continue to do so through robust digital rights man- agement (DRM) combined with real-time data analytics that provide a powerful audit trail on document interactions.
With Adobe digital rights management solutions, “Organizations are adding an extra level of protection at the data layer, beyond their existing network and device mitigations,” Gottwals said. “It’s the data itself that gets encrypted, so it continues to help protect documents independent of storage or transport.”
Download the full guide here.