This interview is an excerpt from GovLoop’s recent Guide to Government’s Critical Cyberthreats. This research guide explains the various cyberattacks government endures and provides steps to safeguard your information systems.
Given the abundance and sophistication of cyberthreats, it’s inevitable that agencies’ information repositories will be targeted and likely breached. But according to Austin Adams, Vice President of Public Sector at Alfresco, that doesn’t mean there is no hope for government cybersecurity.
“As long as we accept that as the reality, then we can begin to grapple with solving the problem,” Adams said.
That’s what his team at Alfresco, a leading provider in content management and security, does – it grapples with the inherent insecurity of government content. But rather than taking the traditional approach of creating robust perimeter defenses, Alfresco creates content-focused security strategies that support agency productivity and collaboration.
Adams explained that content is a critical vulnerability to many government agencies. “When I look at the current layout of most organizations’ content, there are significant challenges,” he said. “They’re swimming in content, much of which is not secure.”
He likened many existing content management strategies to an unorganized basement. You aren’t quite sure what’s in there, whether it’s worth keeping, and who has access to it.
SECURITY THROUGH ORGANIZATION
Alfresco helps agencies organize that basement by ensuring that all content is “tagged, secured, searchable, and stored for the appropriate amount of time and in the right places within the enterprise.” Rather than trying to hide data behind a perimeter defense, Alfresco’s platform enables the agency to organize data and removes any content that isn’t necessary to the organization.
This strategy provides two clear benefits to cybersecurity. First, deleting nonessential information minimizes the attack surface by eliminating unnecessary repositories of sensitive information. Second, it allows security professionals to focus on what truly needs to be secured, rather than managing larger expanses of unorganized content.
“We create an organized, clutter-free basement, where you have transparency and a more capable environment to provide security to,” said Adams. Alfresco also ensures that retained content is secure by automatically storing it in a secure and organized platform.
Adams cited the Department of Defense task tracking systems as an example of where this automated security is essential. Every task completed by DoD personnel is tracked according to supervisory regulations. Those task orders, which often contain sensitive information, are then recorded and stored.
“Most business process management solutions will say they can do DoD task tracking,” Adams said. “But it’s an after- thought about where the content is stored, how it’s stored, how it’s secured, and how you ensure government compliance. That’s not an afterthought for us. It’s inherently baked into the way that we deliver solutions.”
SECURITY WITHOUT SACRIFICING USABILITY
Alfresco’s solutions ensure that content is appropriately safeguarded, no matter where it resides in an organization. But while Adams impressed the need to secure content, he also said agencies shouldn’t sacrifice content usability or accessibility.
“The way that people thought about security in the past has been about creating that outer wall,” he said. “But, I don’t know a government agency that doesn’t have huge portions of its focus on enabling seamless external collaboration.”
Because organizations often share content with external stakeholders, as well as citizens, it doesn’t make sense to ensure static security that won’t follow content as it leaves the network perimeter. Instead, agencies should ensure security follows content to whatever person or place it is sent, while confirming that access control is appropriately maintained.
“Security should enable content to be shared inside of the context of approved business processes,” Adams said. “What we’re trying to do is put content in motion, within the context of a business process, while providing security throughout that process.”
He offered the example of police digital evidence recordings. Video content from a body or dashboard camera needs to be transmitted from the field to a central repository. Then, it may need to be shared with the justice system or private representation for prosecution purposes.
Securing that content in a traditional content database leaves it open to a variety of vulnerabilities. Alfresco’s ability to offer true content management of video and audio ensures that data security and chain of custody are preserved. Doing this at massive scales, in a cloud setting sets Alfresco apart.
Adams concluded, “The goal is to deliver content to the right people at the right time, and to insure that they’re getting what they need. No more and no less. And we have to make sure it’s secured from the person who creates it to the person who consumes it. Users can’t interrupt their business processes to assign security protocols. It has to be built in to the solutions they use.”
By applying a security solution that organizes and prioritizes content in a transparent way, and then applies that security throughout the entire associated business process, agencies can empower their content, rather than simply securing it.