The key to secure digital transformation
- By Paul Martini
Digital transformation is finally gaining traction at municipal government agencies. Technologies are streamlining notoriously tedious bureaucratic processes and making government services easier to navigate -- especially for the increasing number of “digital natives” who expect civic engagement to take place electronically.
However, robust online government services often require citizens to provide personally identifiable information, and municipalities must make sure that valuable information doesn’t fall into the wrong hands.
Unfortunately, recent events have highlighted the fact that securing citizens’ data is an uphill battle even for large cities that are experienced in managing complex IT systems.
Atlanta, for instance, is still working through issues caused by hackers who held the city’s computer systems hostage by encrypting the personal and financial data of city employees and elected officials. Although the city refused to pay the bitcoin ransom, it paid more than $2 million to repair the damage and shore up its systems -- a costly outcome that could have been prevented.
Similarly, Baltimore officials recently took the city’s automated 311 and 911 dispatch systems off-line for more than 17 hours after it was discovered that hackers had gained access to the systems. Officials had to manually log incidents, which slowed response times and put residents in need of emergency services at risk.
Those two examples aren’t taking place in a vacuum. Public institutions overall are inadequately prepared to address risks from constantly evolving cyberthreats. In some cases, public officials who do not understand the scope of their municipality's cyber vulnerability are making budget decisions that affect the funding required to establish proactive policy.
Governments must be sure they are evaluating vulnerabilities from the ground up and across the organization. For instance, many employees remotely access government information from their personal smartphones or office-issued tablets or laptops. When those devices operate outside the municipal network, they can fall victim to a virus or bad actors in less secure environments and then bring those threats into the municipal network when they connect again.
Legacy technologies and operating systems also pose a threat. An outdated fax machine, for instance, might not have the same defenses that newer devices have, opening the door for bad actors to use those tools to access municipal networks.
Local governments seeking an enterprise solution that’s effective in securing large quantities of personally identifiable information across distributed networks should consider cloud-based cybersecurity solutions. They require fewer resources to manage and patch than older security appliances do, which means IT teams can instead focus on detecting and responding to incidents.
In addition, security teams must have a holistic view into all devices and users on the network and assurance that each of those entities enjoys the same protections. If governments do not have a uniform and consistent approach to cybersecurity, costly remediation from attacks like those suffered by Atlanta and Baltimore will eat up budgets that could be devoted to creating robust digital environments for civic engagement.
Public networks should be prioritizing cloud-based solutions as part of their digital transformation. The tools are not only easier to use and access, but they can be more effective than appliance-based solutions at a lower price point, allowing teams to prioritize security without having to balance it with on-site maintenance.