By Sergio Ortega Cruz, Worldwide Industry Solution Manager, Public Safety and National Security at Microsoft
Former US Secretary of State Dean Rusk once said that “If you protect your paper clips and diamonds with equal vigor, you’ll soon have more paper clips and few diamonds.”
Though he was talking about national security, this same concept is true when it comes to cybersecurity. I often hear government customers say they are reluctant to move data to the cloud because they’re worried that it could wind up in the wrong hands. Yet the reality is that for most government organizations, only 20 percent of information requires a top-security classification. Of the remaining 80 percent, the vast majority is public, non-classified information. Despite this fact, many governments apply similar restrictions to all their data sets, whether they truly need to be classified or not. In a nutshell, governments are managing their paper clips with the same vigor as their diamonds.
By implementing a data governance program, governments have the opportunity to thoughtfully and methodically categorize all their data sets, classifying information that’s truly sensitive, while making public information more easily accessible to the citizens they serve. Armed with a cohesive data strategy, government IT administrators can more accurately determine what data truly needs to be kept on-premises, and what can be transferred to a more cost-effective public or hybrid cloud environment.
One of the major benefits of data governance is reduced costs. On average, it costs a whopping 10 times as much to manage classified versus unclassified information. From the way that classified data is stored to the special security credentials of the personnel managing it, classified information eats up a lot of resources. Indeed, the US government alone spends more than $11 billion per year to protect classified data—not including the CIA, the National Security Agency, and other spy agencies.
By better classifying and managing their information, governments can also operate with greater transparency. Government information is a public asset, and governments that rapidly disclose information to the public increase trust and accountability. They also encourage greater public engagement and collaboration. As the trend toward open government continues, government agencies that systematically categorize their data can create high-functioning communities in which citizens quickly obtain access to the information they need.
Government agencies at all levels are starting to see the benefits of data governance. Indeed, Government Technology has called it “the public sector’s next big frontier.” Yet often the question is where to start. While a holistic approach is desirable, organizing and classifying an entire organization’s data all at once can quickly become overwhelming. A better approach may be to focus on a specific process or area of the organization and start from there. What information do you consider public now? What data are you providing when there’s a request for information? What information isn’t classified by definition?
By clearly establishing the value and risk level of different data sets in a single part of the organization—including where that information is stored and how it is accessed and used—government leaders can develop the right sets of policies for the right sets of data. And they can then branch out from there, eventually extending their data governance program to the entire organization.
In the end, an effective data governance program provides the opportunity for governments to secure their diamonds without paying the unnecessary costs of protecting their paper clips. And that’s a win-win for government agencies striving to reduce costs while better serving their constituents. For more guidance on how to implement a data governance initiative, please see Microsoft’s Data Governance webpage.
# # #
Sergio Ortega Cruz has more than 18 years of experience in the public safety industry. As Worldwide Industry Solution Manager, Cruz has worked with customers in police and intelligence agencies, ministries of public safety, attorney general’s offices, and federal courts, Armed Forces among others. Cruz has a bachelor’s degree in engineering, cybernetics and computer science from LaSalle University, and a master’s degree in business administration with a specialization in marketing and strategy awarded by the University of Warwick in the United Kingdom.