When it comes to dealing with public sector data, organizations and governments can never be too careful. With the sheer volume and sensitivity of the data collected, the public sector has a target on its back at all times for malicious actors—there were over twenty-three thousand data breach incidents in the public sector in 2018. Of these 23,000 events, 330 had confirmed data disclosure. With an average cost per data breach in the public sector of $2.3 million (with an average cost of $75 per record), those 23,000 events add up to an enormous financial impact for publicly-funded organizations.
With these numbers in mind, it’s no wonder that until very recently, public sector companies have been primarily opposed to innovation and the adoption of new technologies—after all, when there’s a $2.3 billion price tag every time a security breach occurs, organizations might be largely apprehensive about dipping their toes in the innovation pool.
But thanks to the ubiquity of technology, smart devices, and with private sector companies investing billions of dollars in delivering seamless, frictionless experiences for their customers, public sentiment is now demanding that the public sector attempt to keep pace via digital transformation. People expect both external-facing applications that provide better customer experience and internal-facing applications that allow organizations to be more efficient and stretch public funds further.
So how can public sector organizations balance customer and staff pressure to keep pace with the rate of innovation and the need to remain secure and compliant with vast amounts of customer data?
Walk Like an Encryption
In Ponemon’s annual report on data breaches in the public and private sectors, three top factors were identified for decreasing the risk of a public sector data breach: encryption came in at the top of the list.
Utilizing a trusted partner like Microsoft Azure as the infrastructure underpinning your application ecosystem ensures that data is encrypted both in transit and at rest. Azure supports various encryption models, including server-side encryption that uses service-managed keys, customer-managed keys in Key Vault, or customer-managed keys on customer-controlled hardware. With client-side encryption, you can manage and store keys on-premises or in another secure location.
Microsoft Azure supports both client-side and server-side encryption, as well as extending encryption
Client-side encryption is performed outside of Azure. It includes:
● Data encrypted by an application that’s running in the customer’s data center or by a service application.
● Data that is already encrypted when it is received by Azure.
● With client-side encryption, cloud service providers don’t have access to the encryption keys and cannot decrypt this data. You maintain complete control of the keys.
Server-side encryption is performed within Azure. There are three server-side encryption models which offer different key management characteristics:
● Service-managed keys: Provides a combination of control and convenience with low overhead.
● Customer-managed keys: Gives you control over the keys, including Bring Your Own Keys (BYOK) support, or allows you to generate new ones.
Azure also offers encryption on the Azure storage service, ensuring that data at rest within the Azure cloud platform is encrypted at all times. Data at rest in Azure Blob storage and Azure file shares can be encrypted in both server-side and client-side scenarios.
Azure Storage Service Encryption automatically encrypts data before it is stored, and automatically decrypts data as it is retrieved. Storage Service Encryption uses 256-bit Advanced Encryption Standard (AES) encryption, which is one of the strongest block ciphers available. AES handles encryption, decryption, and key management transparently.
Where Power Meets Security
In response to the growing need for application development and usage within the public sector, Microsoft took the step of creating a branch of their successful PowerApps offering specifically designed for U.S. government organizations. Microsoft PowerApps US Government provides compliance with federal requirements for cloud services, including FedRAMP High and DoD DISA IL2. In addition to compliance, PowerApps offers several features designed to keep public sector application data safe:
● Customer content is physically segregated from customer content in Microsoft’s commercial PowerApps services.
● Customer content is stored within the United States.
● Access to an organization’s customer content is restricted to screened Microsoft personnel.
● PowerApps US Government complies with certifications and accreditations that are required for US public sector customers.
As public sector organizations continue to innovate and introduce new solutions to meet shifting consumer demands and reduce overhead, security will remain at the forefront of the discussion. In order to effectively develop new solutions without running afoul of compliance or data security regulations, public sector agencies will want to partner with a platform with a history of successfully serving the public sector.
Learn why public sector agencies are turning to Microsoft Azure to drive digital transformation by speaking to one of our Public Sector experts today. OnActuate has worked with several clients in the public sector to help plan, drive, and support their move toward more digital technologies, and we can help you too.