State & Local Government (SLG) is quickly adopting to demands of 21st century U.S. citizens demanding e-government (E-GOV) services. With E-GOV comes both the convenience of Internet services necessary to support tech-savvy Cyber Citizens along with the not-so-convenient threat of transactional man-in-the-middle attacks or data theft / loss to profit-seeking malevolent cyber squatters or foreign governments bent on sacking the little guys. Little guys here in the sense that without structured CIA assurance models adopted by the U.S. military or OMB-supervised Federal agencies which have significant budgeting and training strategic IT security defenses.
U.S. SLG agencies on the other hand, not so much sometimes. Consider for example some of the crown jewels and adjoining vulnerabilities at State & Local government cities and counties that make SLG such coveted targets of these profiteering cyber crooks and hacking ne’er do wells.
Take these risks and compound them with the nearly endless array of personally identifiable information (PII) data stores available on these computer systems, and it becomes even more compelling for those interested in selling data on the black market to the highest bidder. This highly sensitive data is found typically unclassified (i.e. no designation for public, private, personal data etc.…) and unencrypted on file shares, USB drives, electronic databases, optical media and on laptops/PCs usually without even basic rights management or file auditing enabled to track access by authorized users.
Finally, the perfect storm emerges once the weaknesses in many SLG communities are exposed by the weak IT security standards or enforcement mechanisms which result out of low budgeting constraints, political boundaries to security enforcement authority, and limited availability of security-trained application developers or security personnel to address detected problems.
Data Breaches in State & Local Government affect our personal privacy, financial information or federal constitutional rights
Data Loss Prevention technologies comes in many forms from Microsoft, but there are a few technologies at different defense-in-depth layers that stick out to help SLG prevent loss of this sensitive data in government.
Technology alone will not make SLG data secure, but if SLG combines these technologies with a good security policies, a security development lifecycle (SDL), encrypted connections (SSL/IPsec) using the doctrine of least privileges access and a top-down security management approach that’s enforceable; then these technologies from Microsoft can assist government is securing its data on premise, in transit and in the cloud.,