At a recent Association of the U.S. Army event, Lt. Gen. Bruce Crawford, the Army’s CIO, outlined a new strategy to modernize the Army’s IT. The strategy is intended to better leverage its considerable information assets securely and rapidly against our nation’s adversaries. The strategy is vital given the alarming rise in advanced IT and other strategic warfighting capabilities by our adversaries, including a cadence of cyber-attacks against defense and other Federal agencies. Lt. Gen Crawford stressed the importance of making data visible, accessible, understandable, trusted and interpretable. Nobody in the security, data management or IT professions would disagree. In fact, there is recognition across Government for the need to make data more secure, accessible and understandable. Recent laws like The OPEN Data and 21st Century Idea Acts, establish requirements similar to those outlined in the U.S. Army’s new strategy.
Risks Associated with Legacy Data and Software
When speaking to agency CIOs and CDOs about the benefits of managing data smarter, meaning in a manner now codified in law and reflected in the new U.S. Army strategy, they typically say that implementing these kinds of changes will occur when major new systems are funded and come on-line. As a nearly 40-year former Federal executive responsible for evaluating the efficiency and effectiveness of IT and data management at five different agencies, this approach may focus too much on cost and not enough on the existing risks to data associated with certain legacy Content/Data Management (CDM) software solutions. The costs associated with losses due to exploitation can be significant. The focus should be on fully and promptly securing the data that makes agencies run. HR, financial, records, policy, regulatory and general case management data are essential to mission.
Despite increased budgets for agency security, such as Insider Threat and Counterintelligence (IT/CI) programs, exploitable vulnerabilities remain. That is why deploying a layered approach to protecting business enterprise data is imperative. Integrating that data into a single user-interface will make it more accessible and understandable. Effective IT/CI programs ensure that computer systems are properly configured and accredited, security patches are up to date, system administrative access rights are carefully managed and monitored, and the ability to download and remove sensitive data without authorization is prevented. These are great capabilities, but no program is without its vulnerabilities. Legacy CDMs are vulnerable to insider threats. When all those security efforts fail or are non-existent, unauthorized users can access and remove sensitive data anonymously. Without a mechanism to identify and report the unauthorized access, the exploitation goes unnoticed. I’ve seen statistics that the U.S loses anywhere from $300 – $600 billion annually to intellectual property theft. This risk can be effectively managed.
Reducing Risks Associated with Legacy Data and Software
Legacy CDM software solutions do not monitor user actions. This includes unauthorized access to data and downloads. They are typically “coded” solutions and any changes to them are expensive, if you can find someone knowledgeable and capable of updating them. In comparison, COTS CDM software solutions can be configured to monitor and report user activities and can serve as an integral part of a layered security strategy with many fringe benefits to Federal managers. They can serve as a last defense that passively, but vigilantly, augments IT/CI programs. Agency cyber firewalls, security monitoring and auditing efforts are not perfect and can create a false sense of security. Further, many agencies are in the process of upgrading hardware systems but are leaving legacy software in place. These legacy systems are exploitable by a clear and present insider threat. Moving from a legacy coded solution to a COTS configurable solution that features monitoring and reporting is inexpensive, when considering the cost of losses due to exploitation. COTS configurable CDM software solutions can bring many cost savings and mission efficiencies to Federal managers beyond security to protect data. They can migrate multiple sources of legacy data seamlessly into one user interface! Thank you, Lt. Gen. Crawford, for emphasizing the importance of data trustworthiness and interoperability.
Next Phase Solutions, LLC Offers a Tested Configurable CDM Solution
Next Phase Solution, LLC (NPS), a woman-owned small business (WOSB), offers software architecting, design and consulting, and deploys configurable CDMs. We provide unclassified and classified Federal COTS CDM software solutions that are configured to help Federal managers protect sensitive mission data. NPS uses discovery methods and modeling that assist managers envision a more efficient way to automate data driven business processes and obtain demanding data analytic objectives. NPS can seamlessly integrate multiple legacy data systems into one interface, while securing all data at rest and in transit. Our solution is 100% developed in the USA and is cloud/or on-premises friendly. Proof-of-concept solutions are configured to evolve with changing project requirements and customer needs and at lower costs. On GSA’s Schedule 70 (IT), registered with the SBA and in SAM with appropriated NAICS Codes, Next Phase Solution, LLC, is ready to assist your mission. Call us at (407) 440-1411 or reach out through email at firstname.lastname@example.org