Why Australia needs to overhaul its data management
Australia’s ambitious target of becoming the most cybersecure country in the world requires governments around the country to overhaul how they manage data. Ensuring citizen information is safe requires working with the private sector to leverage new technologies to become more effective and secure.
The Australian Cyber Security Centre, in its most recent annual report, received more than 76,000 cybercrime reports, a 13% increase on the year before and at the rate of one report every seven minutes. Government agencies and departments are not immune from this rising threat.
Federal, state and local government departments and agencies hold vast quantities of citizen data spread across hundreds of systems. Gaining a view of a single citizen across those systems is a significant challenge. Many of those systems were created before the evolution of modern cybersecurity threats and are a prime target for cybercriminals. Recent attacks, such as the breach hitting PNORS Technology Group and the Victorian Government highlight the risk.
As the Australian Government ramps up pressure on the private sector to close vulnerabilities and protect critical infrastructure, the same weaknesses must be addressed across all government data projects, particularly where critical citizen data is involved.
Legacy approaches to data access and management are outdated, cumbersome, expensive and time consuming. Extract, transform and load (ETL) processes are being complemented by data virtualisation technologies that leverage metadata to identify data sources and enable insights to be drawn from data, wherever it is. A unified data preparation studio provides the flexibility to meet different data access and analytics needs. While centralising data may assist government departments when it comes to access, it does the same for threat actors.
Governments have historically had a bias to ETL for reporting. By employing other mechanisms such as data virtualisation, real-time ETL, change data capture, streaming and replication governments can increase their efficiency and effectiveness while reducing risk.
Data virtualisation enables you to query data without extracting it and spreading the risk surface. Governments around the country can leverage virtualised analytics tools to query data, wherever it is at source, in real time, without creating a new threat surface to defend. As well as being considerably faster to manage, this approach is far more cost-effective and doesn’t rely on major capital expenditure. For government departments that are increasingly focused on ensuring costs are managed, this is a major benefit and a dramatically more secure one.
The first step to minimise the risk of unauthorised access is establishing rules around data sharing and access. A networked data platform with in-built AI-based attack analysis will continuously assess the privacy risk. It adds a layer of protection that is currently lacking in many government and private sector data management programs.
Effective data management is critical for data security. Many breaches don’t attack core operational business systems. They attack data stores that are not secured with the same rigour or attention as transactional systems.
Whenever data is copied to a new location to power a reporting system or to feed AI models a new target is created for threat actors. Vast data lakes and data warehouses often created for citizen intelligence programs and to feed AI algorithms are honeypots that attract criminal bees. Techniques such as data masking, encryption, tokenisation and anonymisation can also be used to further strengthen security and keep data away from unauthorised parties.
Data must be stored and handled with care. We must ensure access is limited to authorised parties and that it is not duplicated, which adds to the risk of compromise. Data virtualisation gives government departments and organisations the capacity to leverage data without increasing their threat surface. It allows analytics and applications to use data in a highly secured and well managed way.
Instead of information being locked in departmental silos it can be virtually joined in real time so a single view of a citizen becomes possible. It is a modern secure solution to an old problem that governments have struggled to solve.
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...
Balancing digital innovation and cybersecurity in the public sector
Balancing digital innovation with cybersecurity is not an easy task; however, it is one that...