NEW - IDC WebcastFree E-NewslettersRSS Feeds | Site Map
Security Resource CentreBusiness Value of TechnologyMunicipal Centre
SearchSearch
Tips
Policy
HR
Registration
Program
Collaboration
Technology
Slice by Program
Policy < External Consultation < Making it happen with information security

Making it happen with information security

By: Nick Lisi (03/30/06)

Over the past three years, homeland security has been a major priority for North America and around the world. On a daily basis, people have been tuning in to hear the most recent information on the war on terror and determine the latest national threat level. Whether it has been Code Orange or Code Yellow, the public understands the scope of threats against our country and our U.S. neighbours and takes homeland security very seriousl, as it safeguards our citizens, borders and infrastructure. Along with the physical meaning of the term, homeland security addresses information security across a wide spectrum of telecommunications, power distribution, public health, law enforcement and vital government services.

Information security consists of ongoing efforts to protect the transmission, integrity and storage of information from both internal and external threats. These threats can range from physical attacks and natural disasters to viruses and worms, hostile intelligence-gathering and even biological attack. Protection must cover data and applications, networks, equipment and facilities, as well as IT and personnel. It must also extend across governmental units and contractors.

A disaster can ultimately cripple our ability to deploy military, first responder and law enforcement resources, maintain vital services, issue drivers licences, and even collect taxes. At the same time, security and other reviews have highlighted gaps and weaknesses in capabilities to protect computers, communications and data. To address these shortcomings, government units must take immediate steps to identify information security threats, protect IT resources and ensure continuance of operations.

Both the private and public sectors are now emphasizing information security. However, information security in the public sector is complicated by both the ramifications of an attack and an abundance of disparate heterogeneous systems within and among government units.

While the private sector can limit access, many government units are required to provide access to public services. The drive toward intergovernmental and departmental information sharing, especially among law enforcement agencies, also makes it harder to balance access and security. Information superiority, or the gathering, analyzing and sharing of relevant information, facilitates the timely and effective deployment of our defence resources. In order to meet these demands, organizations are turning to an information infrastructure solution, honing in on three critical elements b consolidation, control and continuity b to more efficiently deploy and manage resources while quickly responding to adversity:

Consolidation: The consolidation of servers and storage allows for significantly higher utilization rates. Consolidation reduces the amount of storage a company needs to buy and manage and allows staff to spend less time juggling complexity and more time driving the business forward.

Control: An IT organization's ability to manage complexity through centralized storage management enables it to "automatically" control its many devices, quickly execute tasks and assign processes across the entire heterogeneous environment. Leveraging powerful management tools to simplify storage administration will determine whether or not an organization can meet or exceed its agreed upon levels of service.

Continuity: Protecting information assets through robust business continuity can reduce the risks inherent in having numerous points of control and back-up devices. Once the above consolidation and control capabilities are in place, continuity steps in to measure and protect information while guaranteeing the safety and security of both local and remote information.

A networked storage solution sets up a single unified infrastructure that accelerates the flow of information and breaks down any barriers between diverse technologies and stove-piped infrastructures.

What's more, it can enable IT managers to build an infrastructure that will ensure survivability and resilience by including:

Information centricity: Allows for the consolidation of information throughout the enterprise into central locations, enabling IT managers to leverage information, rather than merely managing technology. Without consolidated and shared information, an organization cannot fully meet its goals and objectives.

Heterogeneous connectivity: Unlike traditional server-based storage, an advanced information infrastructure stores, retrieves and connects to data from all major computing platforms including: both mainframe and open systems environments, networks, file servers, web servers and management interfaces.

Cascadability: Enterprise storage is cascadable, meaning it can be re-assigned over time so that it is a re-usable and non-obsolete resource, ensuring that information can be utilized b even when applications or other IT equipment are discarded, upgraded and replaced.

Information management: A common information management environment simplifies tasks and provides a centrally managed point of control. For example, it enables seamless backup and restore capability, and delivery of user performance data for every platform, while driving the standardization of IT processes throughout the enterprise.

Information sharing: Advanced software intelligence bridges stove-piped mainframe and open systems environments, allowing information to be shared without depending on traditional IP network based techniques.

Information protectionand survivability: Enterprise storage provides reliable mission continuance protection and continuity of operations against planned and unplanned outages through diverse features. This ensures maximum protection and virtually 100 per cent data availability. Together, these attributes can provide the ability to leverage a single enterprise infrastructure resulting in one way of sharing, protecting and managing information. It will help drive standardization to reduce cost, complexity and redundancy without sacrificing the flexibility to support mission critical applications. And through a flexible architecture, it has the ability to change and evolve based on requirements while eliminating the costly replication of data, equipment and training.

An information infrastructure can help government agencies manage their network-attached storage (NAS) and storage area network (SAN) environments with a unified view of all their information assets. They can then manage more information, more simply, at lower cost b and respond more quickly to changing needs.

Whether an agency's data storage devices are from a single vendor or multiple vendors, it can consolidate all agency data into a single, centralized system. Such a system means that information can be accessed no matter where it resides, regardless of whether it is a centrally located database or a remotely connected laptop computer.

This paradigm shift from processor-centric to information-centric computing provides many benefits critical to data protection. Advanced data storage networking technology can be used to create a heterogeneous storage environment that embodies these attributes and reduces the friction of information access.

One of the key questions asked is "How many copies of information are needed to ensure its survivability?" The answer lies in an infrastructure's capacity to replicate large quantities of information without affecting production access to the source. Through replication solutions, an infrastructure can function consistently across a wide range of operating environments and databases, at the same time as supporting local and remote wide area replication with minimal bandwidth requirements.

Commercial-off-the-shelf (COTS) solutions are readily available that provide application independent, differential, remote replication.

Government managers must also keep their eyes on the future. Advancing initiatives, architectures and technologies will deliver new security capabilities as well as threats. As with private industry, the public sector must prepare for the increasing adoption of web services and wireless technologies. Managers must also prepare to deliver the information security required by demands for the inter-governmental collaboration that breaks down inefficient organizational silos and reduces the intelligence and other gaps among various government units.

While important first steps have been taken to review government information security and address vulnerabilities, more must be done.

Information protection must become a part of agency culture and be incorporated into almost every initiative. Some are even recommending that security compliance be part of every personnel evaluation. Static security policies must be replaced with initiatives that continuously improve b and test b capabilities to protect, mitigate and recover from attacks. 064280

Nick Lisi (lisi_nick@emc.com) is managing director of EMC Canada of Toronto, a supplier of products, services and solutions for information management and storage.

Bookmark on:del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!
Have something to say about this article?
Add a new commentLetter to the Editor
Find an inappropriate comment? You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields
Policy < External Consultation < Making it happen with information security
Blog Spotlight: Sandford Borins
Sandford Borins

As Professor of Strategic Management at the University of Toronto, Sandford Borins brings InterGovWorld.com readers exclusive insights into how and why the public sector is changing. You'll find new perspectives and questions, observations and objectives, lessons and answers. Cover to Cover, the blog by Prof. Sandford Borins, appears every Thursday.

Inside Cover to Cover

Unified Communications
Data Defence

Unity is a word often heard in the public sector, with myriad agencies and departments looking to foster collective thinking around some of today's most pressing issues. The word, however, doesn't usually get mentioned in the same breath as technology. That's a situation, though, that might soon be changing, thanks to a new software platform known as unified communications.

Inside the latest issue of CGR

More Resources
Driving innovation through effective service management
Driving innovation through effective service management
This white paper discusses how a service-oriented governance framework can help ensure that IT decisions are consistent with business vision, values and strategies-and that IT delivers maximum value to the business. Complimentary with registration.
Download it now
IT Service Management Solutions and the service desk
IT Service Management Solutions and the service desk
This white paper presents the capabilities of IBM Tivoli CCMDB, and describes how Tivoli CCMDB extends the value of the service desk and integrates other essential ITIL processes in support of IBM Service Management. Complimentary with registration.
Download it now
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Hereb�s how to get back on track
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Herebs how to get back on track
You might have long ago abandoned your efforts to achieve full PCI DSS compliance, but herebs a report that offers some helpful ideas to get back on track again. It highlights the five bsticking pointsb that typically hinders PCI DSS compliance progress and suggests how to get unglued from the mess.
Download it now
Advertisement
2007 Salary Calculator
Knowledge Centres at a Glance
Policy
Open-source group sues Quebec over MS purchase
Registration
Vetoed data breach bill goes to Schwarzenegger again
Program
Four-year-olds in Montreal will use laptops in kindergarten class
HR
Obama wants to keep tech jobs in the U.S.
Collaboration
One Laptop Per Child teams up with United Nations lead agency
Technology
Comcast sets bandwidth cap at 250GB a month
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
Prepare for a more efficient SAP implementation: Take data issues off the critical path
Unlock the potential of data with the right data warehouse solution
IBM Multiform Master Data Management: The evolution of MDM applications
read more white papers
New blog entries
Thoughts of the day
Rate my public servant? Right on!
Customer feedback, citizen feedback: Two contrasting stories
Le Francais dans les Airs: Digitizing a Legacy
Stand up for Canada's public service: An open letter to Kevin Lynch and Len Edwards
While Austan Goolsbee is no Austin Powers, maybe Stephen Harper is Doctor Evil
This week's top stories
Most popular stories of the week
Demographics pose pressing dilemma: Renew or reinvent
Aussies take their cue from Canada on breach notification
Recording everything in the workplace soon to be in vogue, say researchers
Government of Alberta launches public health action plan
Putting e-mail intelligence to work
Readers write back
Comments from Intergovworld readers
Canadian governments engage in e-waste clean up
Federal privacy chief urges law revamp
Seven ways to kill innovation
Ontario Ministry of Health modernizes data transfer system
Toronto pet owners safe from Patriot Act
Government to government
Inside the public sector machine
Public utility's bare insecurities
Online crime fight needs more than law enforcement
Environment Canada opens up to open source
Government overconfident on security, says analyst
Shared services raise governance challenges
Government to business
P3: Public-private partnerships
Advocates say online privacy policies need work
GTAA gets its cabling challenges under control
Open source gaining traction in U.S. government, says survey
Government needs to be stronger advocate for health IT, say experts
Canadian governments engage in e-waste clean up
Government to citizen
e-Government service transformation
Canadian governments engage in e-waste clean up
Canadian municipalities sign up for eUniversity
Exclusive: PWGSC launches recruitment campaign to bridge baby boomer gap
Feds fend off cyber crime with funding schemes
Wi-Fi growth fuels video surveillance adoption
Blogs
Browse Blogs By:
Blogs by Topic
Blogs by Author
read all InterGovWorld Blogs
WiFi Hot Spot Finder
Upload Centre
Upload Your Documents
Contribute and share with your peers by uploading:
- Initiative updates
- White Papers
- Job Links
- Events
- Other
Upload Centre
Download Centre
Most popular downloads:
Download More Documents
Download:
- Initiative updates
- White Papers
- Job Links
go all downloads
Subscription Services
Manage your InterGovWorld.com account!
Change your account information, password, e-mail address, and existing e-newsletter subscriptions.
Change or update your existing subscriptions
Change your e-mail address
Site Feedback Survey
Tell us what you think of InterGovWorld.com!
take the survey
FUN SurveyFUN Survey
Take the one-minute Family Unit Networking survey!
Take The Survey
IT Salary Survey IT Salary Survey
Take the IT Salary Survey '06 Today
Take the survey now!
Career Resources
InterGovWorld provides links to resources for government job seekers and current employees, including: current job postings, job search strategies, career options and training, and employee rights, provided by all levels of government from everywhere across Canada.

How to apply for a job in the federal Public Service
Public Service Commission of Canada
Provincial and Territorial government job opportunities
Service Canada
City and Municipal jobs in Canada
Jobs in Canada
Identify and research your career options
Service Canada
HR planning and accountability
Public Service Human Resources Management Agency of Canada