Solving the data conundrum

Virtru’s Sébastien Roques-Shaw on how a Zero Trust, data-centric approach to security can help unlock the power of data in the public sector.

Posted 31 October 2022 by Christine Horton

For public sector organisations undergoing digital transformation, one of the most pressing challenges is ensuring data protection and privacy compliance. At the same time, they must allow more straightforward digital collaboration to maximise efficiencies, reduce cost, achieve environmental benefits, and increase customer engagement – via email, file sharing, SaaS apps, and cloud services. It’s a delicate balance and seemingly challenging to achieve.

Digital transformation is changing the landscape of business as we know it. As the broader economy rapidly digitises, the expectations placed upon public sector organisations are shifting to focus on digital communication and collaboration. The benefits are vast: modernise legacy processes, accelerate efficient workflows, strengthen security, and increase agility. Yet one question arises again and again when talking about shifting systems and processes to the cloud: how secure will my data be?

Answer: your data is as secure as the processes and technology you put in place to protect it. There will always be a requirement to layer in technology to provide added security to protect against breaches – malicious or otherwise – but there’s a common misconception that in order to secure your data, you have to lock it down or jump through complicated workflows to access it.

This is the data conundrum: Data is meant to be shared, but it is too valuable and useful to be locked away. In the public sector, sensitive and personal data needs to move between teams, departments, trusts, and the public themselves to help secure health services, housing, financial support and more. Digital systems are already revolutionising the way public sector organisations operate, but many have yet to find the balance between maintaining data security, privacy and compliance while encouraging wide scale digital collaboration. This is where a Zero Trust, data-centric approach to security can help.

Adopt security that travels with the data

Think about where your data is stored, how you share it and where it travels–email, file sharing and cloud environments. Every application amplifies the risk of a data breach without the right protection in place.

If you implement a data-centric security strategy, you can protect the data itself with object-level encryption. This essentially wraps each file or message with its own distinct security policy that follows it wherever it goes–inside and outside of your organisation.

Another benefit of data-centric security is that the data is only accessible by those it is intended for. Because the protections are attached to the data, it is the data that defines access, not the application or network or device. This makes data sharing far more manageable, especially when shared with distributed workforces and members of the public who may sit outside the traditional network perimeter.

Eliminate unnecessary friction

Many organisations respond to the data conundrum by introducing hurdles to data-sharing, and as a result, user experience and convenience are sacrificed in the name of security. This is because conventional wisdom dictates the more steps involved in accessing shared data, the more secure your data will be. But not necessarily.

In fact, when you introduce unnecessary hurdles to your teams, they’re more likely to circumvent the processes you put in place – cutting corners and potentially putting your data at risk.

Look for solutions that give you the best of both worlds: Strong security and simple ease of use. You’ll want security tools that can be integrated natively within the apps your teams use every day, such as Gmail and Microsoft Outlook, so that users can easily encrypt emails and apply controls in the click of a button. In addition, look for solutions that allow the recipients to easily verify their identity so they can access emails without the need for creating separate credentials.

Think Zero Trust

Zero Trust isn’t new, and implementing it is not an easy task; but taking the principles and applying it to how you protect data itself is a quick and relatively easy way to get started.

By adopting an open standard such as the Trusted Data Format (TDF), you can easily apply Zero Trust security controls to encompass common information assets, like emails and files, which frequently contain sensitive and risky data. As the data owner, you have complete control over your information – even after you have shared it. Revocation, expiry, and disabling download can all be easily applied even after that data has left your organisation.

Solving the conundrum

Data is connected to humans, and when we protect the data, we’re also protecting people. When data is intercepted by a bad actor, there are real-life echoes of professional and personal consequence. It will take an unconventional approach to protect data as a currency of the modern digital world. That approach will require us to zoom in instead of out by focusing on the data itself instead of only protecting endpoints, users, devices, or networks. After all, the data is our most precious asset.

Solving the conundrum starts with the data and everything else in the Zero Trust framework will follow suit.

Sébastien Roques-Shaw is director of partnerships at Virtru.