Data governance: secure and deliver a stronger MoG change
By Jonathan Hatchuel, Director for Public Sector and Enterprise at Commvault
Tuesday, 29 November, 2022
Machinery of government (MoG) changes are a major driver of organisational change and are occurring with increasing frequency at the federal government level to express policy priorities and meet policy challenges. Happening with little to no notice, the Australian Public Service has approximately 10 MoG changes per year, triggering a range of responses from physical relocations to significant change in ICT systems.
With these changes, risk will come for data management, and when overlooked, will lead to potential data vulnerabilities. Bad actors, human error, ransomware and other security threats pose risks to data every minute of every day, making it the new Public Enemy No. 1 for all digital enterprises of all sizes.
Even more so, the recent ACSC report shows that the ‘rapid exploitation of critical public vulnerabilities’ has become the norm for organisations and individuals. With the ongoing cybercrime epidemic being a top concern at a government scale, this compounds the challenges of introducing and monitoring good data management practices.
Given the omnipresence of the modern-day scourge of cyber attacks in Australia, a five-pillar approach to ensure optimal data management can be used as a line of defence to elevate security and deliver a stronger MoG transition. When, how and what can an organisation do in place before and after an MoG change?
The five-pillar approach for maximum data management
1. Underlining the importance of data security
During an MoG, data transferring and receiving entities naturally have different responsibilities. Both must manage an orderly process and remain compliant with legislation on data security. First thing to keep in mind — no enterprise boundary is invulnerable. Protection and recovery from security threats such as data breaches and ransomware are important while controlling access to key data.
Leaders should underline the importance of data security in a way that does not differ in any decisive way from other management tasks, as accountability, governance and teamwork will be your keys to determining the best practice when under attack.
2. Deploying data management and protection
MoGs often brings together datasets that are distributed across multiple geographic locations and environments, with the familiar risks of a cybercrime. This is where contemporary data management tools come into play as it offers full flexibility for a business to protect valuable data wherever it is stored, and whether these data assets are operational, strategic or application specific.
All this comes down to choosing a data management solution that is capable of unifying multiple generations of data, mitigating the ever-growing data sprawl, and to rapidly recover data cost-effectively and at a massive scale. Tools to help identify risks and provide rapid remediation will ensure data availability and business continuity even in the face of a cyber attack.
3. Data compliance and governance protocols are just as crucial
MoG change comes with different data governance procedures and practices, and integrating them is always a challenge as all entities use a combination of systems and processes to govern access to data. Visibility into data access and potential exposure is crucial in helping to adhere to data privacy regulations and other organisational data demands.
Data access protocols must also be compliant with all regulatory or legislative requirements and, importantly, to mitigate data privacy risks. This must be reflected in plans, strategies, policies — and, most importantly, in practice. When getting it right before, during and after an MoG can make the difference between a smooth transition and a protracted clean-up procedure.
4. Transforming data
Data transformation allows enterprises to seamlessly move data when required to do so by MoG changes or to move to support system modernisation and flexible data usage. This includes enabling the shifting of workloads from legacy environments to cloud-native, SaaS as well as repurposing data for different uses, amongst others.
By doing so, it enables business transformation for enterprises looking to expand their ability to leverage their data to rapidly meet new market demands and accelerate growth. After all, effective change management is one of MoG guiding principles where entities are guided to be able to adapt and be responsive to change.
5. Gaining data insights
Artificial intelligence and machine learning have a place to play when it comes to getting insights from data and using them to optimise and automate ICT processes. For example, solutions with AI and ML can gain data insights through pattern recognition to identify sensitive data such as PII and ensure it is appropriately protected.
MoG might request data cost and performance in their various entities integration and migration of ICT processes and systems. Through the application of such solutions, agencies can reduce costs and risk, and facilitate process automation.
Taking steps towards change
Data governance and management are strategic imperatives and an ongoing journey, but never a destination. A single, cross-platform toolset will unify the experience and simplify your complicated data management. Thus, providing protection around data migration, security, compliance and governance, while improving operational efficiency during any MoG change.
While making these adoptions requires investment and training, it will be better for addressing data governance and management issues as businesses run the danger of losing their competitive advantage, as well as operational and cost efficiencies by doing nothing. Take the plunge and deliver the changes your business needs during the occurrence of an MoG.
Futureproofing with the right leadership
Data governance and management must be addressed by the agency or department leadership rather than being viewed just as an IT issue. This can be brought upon by proactive planning and investing in data management systems — where considering the challenges of an MoG is the first step in preventing a data breach’s negative effects.
The reason is simple: merging different data governance standards requires clear leadership and communication procedures to keep everything in line.
In our current ever-changing IT landscape, leaders need to view data governance, integration and protection as being just as important as people integration. Using a combination of rock-solid backup and recovery, as well as advanced threat detection, data governance can be maintained efficiently and successfully to defend against the never-ending cyber attack and reduce downtime and data loss — ensuring everything is business as usual during an MoG transition.
Building secure AI: a critical guardrail for Australian policymakers
While AI has the potential to significantly enhance Australia's national security, economic...
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...