The last few years have presented a “perfect” storm for malicious actors to tap into sensitive data.  It’s one thing to opt into something like Facebook and have them lose your data.  It is quite another when a state or federal organization has your data, and it is compromised.  No blame on the citizen in this case.

That is why people who are employed by the state, local, and federal agencies take the concept of securing citizen data seriously. This sense of responsibility is evidenced in the interview between a technology leader from the State of Colorado and a technical expert from Rubrik.

Today’s discussion ranges from best practices for securing data, zero trust in the cloud, realistic concerns, and the realities of a post-COVID world. One of the dominant parts of the conversation is the move to the cloud.

Sterling Wilson from Rubrik details three aspects of a cloud transition that must be considered.

First, which data will be moved to the cloud?  If the data is compromised and transferred to the cloud, you are merely moving a problem from one area to another.  It could be a ticking clock with malware waiting to launch.

Secondly, many don’t realize that when an agency chooses a cloud service provider, there is no implied responsibility to back up that data.  To secure citizen data, technical leaders must realize that this concept must be addressed.

Finally, will the cloud solution provide the same security that you have in your on-premises application?

Access to this data was also presented in the discussion.  Yvette Florez mentions the Fast Identity Online Standard as a common approach that many governmental organizations can take advantage of when seeking to bolster their authentication process.