Protecting Data at Its Core

May 20th, 2016 | Posted by Sarah Jones in Guest Blogs | Member Blog Posts - (Comments Off)

This week on NVTC’s blog, Richard Detore of GreenTec-USA discusses the deep concerned over recent cyber-attacks and offers a solution to prevent data damage.


picforblogEveryone in the cybersecurity field – both inside and outside of government – is deeply concerned over the kind of cyber-attacks that hit federal agencies such as the Office of Personnel Management (OPM) and private companies such as Sony. Rightly so, government agencies and private companies continue to make large investments in cybersecurity.

This sense of urgency extends to America’s key infrastructure, as underscored last October when President Obama issued a Presidential Proclamation on Critical Infrastructure and Resilience. In that proclamation, the president noted that

“Our Nation’s critical infrastructure is central to our security and essential to our economy. Technology, energy and information systems play a pivotal role in our lives today, and people continue to rely on the physical structures that surround us. From roadways and tunnels, to power grids and energy systems, to cybersecurity networks and other digital landscapes, it is crucial that we stay prepared to confront any threats to America’s infrastructure.”

Last year, in testimony before the Senate Armed Services Committee, Director of National Intelligence, James Clapper, noted how cyber-attacks threaten public and private sector interests:

“Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial-of-service operations and data-deletion attacks undermine availability. In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity…instead of deleting it or disrupting access to it. Decision making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.”

And in his most recent appearance before the Senate Armed Services Committee, Clapper stated that “Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact.”

According to a recent study published by the cybersecurity firm Tripwire, 82 percent of the oil and gas companies surveyed said they saw an increase in successful cyberattacks over the past year. More than half of the same respondents said the number of cyberattacks increased between 50 to 100 percent over the past month.

Last year, federal investigators uncovered the fact that Russian hackers had penetrated the U.S. State Department in a major cybersecurity breach that gave Russian hackers access to the White House – including the President’s schedule.

Other threats, such as ransomware, are now on the radar screen of key policy makers in Congress, as well as the U.S. Departments of Justice and Homeland Security. Ransomware encrypts a computer user’s information, and hackers then demand payment – usually in the form of crypto-currency such as Bitcoin (which is extremely difficult to trace) – to unlock the information.

In fact, in recent years several police departments have fallen victim to ransomware and have had to make payments to the hackers. One typical example happened in Maine when two police departments were hacked into. To date, the perpetrators in these cases have not been apprehended.

Obviously, protecting and securing data at its core is a key component of cybersecurity efforts for both the public and private sectors. While it is important for cybersecurity efforts to focus on improving detection and enhancing firewalls, one approach that may often be overlooked is better protecting data at its core.

picforblog2Until recently, it was not possible to fully protect data at its core –the hard drive. In 2013, Write-Once-Read-Many (WORM) disk technology was developed and successfully installed that now, for the first time, allows government agencies and private companies to safely secure and protect data at the physical level of the disk. Any and all data stored on a WORM disk cannot be altered, overwritten, reformatted, deleted or compromised in any way within a computer or data center. The WORM disk functions as a normal Hard Disk Drive with zero performance degradation from its additional built-in capabilities. These capabilities prevent data damage from any form of cyberattack.

This new breakthrough combined with encryption makes it impossible for hackers to steal data or render it useless by attacking the stored data, or disks.

In addition to advances in malware and firewall enhancements, comprehensive cybersecurity efforts should take a close look at technologies that protect data at its core. Such efforts will impact the public and private sectors in profound ways.

Richard Detore is a NVTC member and CEO of GreenTec-USA, a technology company based in Reston, VA.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

John Wood of Telos Corporation provides an inside look into the Virginia Cyber Security Commission, established by Gov. Terry McAuliffe in 2014.


Shortly after taking office in 2014, Gov. Terry McAuliffe signed an Executive Order establishing the Virginia Cyber Security Commission “to bring public and private sector experts together to make recommendations on how to make Virginia the national leader in cyber security.”  It was my privilege to serve as a member of the Virginia Cyber Security Commission for the past two years, and I want to commend my fellow commissioners for their contributions, particularly Co-Chairs Richard Clarke and Secretary of Technology Karen Jackson, as well as our executive director, Rear Adm. Bob Day (Ret.).  With the Commission’s two-year authority ending this spring, it’s a good time to look back on what was accomplished and to see what’s next.

Being on the Commission was an eye-opener in many ways. The Commonwealth faces numerous and evolving challenges in the battle to secure state and local government networks, and to help protect the private sector and citizens of Virginia.  I was incredibly impressed with how open and honest our discussions were as we explored many complex issues.  This includes not only commissioners but the Governor’s appointees and other state employees who were party to our discussions – they were remarkably candid with us about the serious threats Virginia faces in cyber space and what actions are needed. We heard from and worked with representatives from state and federal law enforcement, the Virginia chief information officer, and other state government information security professionals. It was refreshing to hear such blunt assessments of our vulnerabilities – there was no “bureaucratic” caution, probably because the threat is so real and so immediate.

The Commission served to shine a bright light on the challenges facing Virginia. We made a number of recommendations that led to subsequent actions by the Governor and General Assembly, improving Virginia’s cyber security posture.  Moreover, our activities have better positioned Virginia’s cyber security sector to be a vibrant national leader. These results are consistent with the Governor’s desire to “grow this key industry, keep Virginia’s cyber assets safe and create new, good jobs here in the Commonwealth.” 

I urge everyone to read the report issued last summer by the Commission.  It notes some of the recommendations that were already accepted by the Governor and adopted by the General Assembly, such as new laws to help prosecute cyber crime and put in place other policies to better protect Virginians.  More importantly, the report raises a number of issues that require further work.  The effort must continue – there is much to be done, and Virginia’s public and private sectors must continuously work together to illuminate the changing threats we face and to swiftly take appropriate actions to address them.

It was gratifying to see how easy it is to get things done when people work together to find consensus.  The Commission explored problems and made recommendations, and the Governor and General Assembly took action.  That’s the way government is supposed to work.

At the same time, I saw how difficult it is to get things accomplished when competing agendas battle for the same limited pool of resources. That was my biggest disappointment.  In our report, we identified a real need for dedicated funding to promote collaborative cyber security research and development between the higher education community and private sector. That course was endorsed by the members of the General Assembly’s own Joint Commission on Technology & Science (JCOTS), which recommended $5 million to fund this effort. But this bi-partisan recommendation was set aside in Richmond, at least for now, because there were simply too many R&D agendas fighting for the same pool of money and attention.  I am hopeful the Governor and General Assembly will return to this because I firmly believe, as do many of my fellow Commissioners and the members of JCOTS, that collaborative R&D will be a key element in our drive to grow the industry and make Virginia THE leader in cyber security.

One final note: cyber security does not recognize man-made, political boundaries.  In that light, we in the technology sector should be looking at where other companies and other states are making investments (like in R&D), and see where we might do the same. Similarly, I hope the Commission’s work will set an example for other states, and help to chart a path for Gov. McAuliffe to pursue greater cooperation among the states.  I know he is interested in making intrastate and interstate cyber security a major focus during his upcoming term as chairman of the National Governors Association, and Virginia’s cyber security leaders in the private sector should support his efforts in any way we can.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle six: comply with all applicable laws and regulations - then exceed them. 


There are a LOT of laws and regulations out there that govern data handling and privacy. They vary according to where you conduct business. The European Union has the strictest set of laws that are built on the principle of human rights. The United States has what’s called a sectoral approach, that is different laws are set for different sectors – like HIPAA for healthcare, Gramm Leach Bliley for Finance, the Cable TV Privacy Act, the Electronic Communications Privacy Act and on. In the US, 47 of 50 states also currently have data breach notification laws, all of them slightly different. Asian countries adopt data protection laws and sectoral laws. Many Latin American countries have constitutional guarantees, data protection laws, and sectoral laws. Yikes! It’s a lot to comply with – and just to keep things fun, laws and regulations are changing and updating all the time.

Realistically, marketers are not going to know every legal requirement that impacts their organization. But you should at least be aware of the basic principles of what’s allowed in the places you do business, then coordinate with Legal (I know, I know!) on how to stay out of trouble. This discovery can also happen through a process called a Privacy Impact Assessment, mentioned in my previous post.

Observing laws and regulations must be standard operating procedure. But just being compliant really isn’t enough to enhance your position in a fickle and frenetic market. Think about it this way – do you want your child to just stay out of trouble at school, or be a leader in the classroom? Where’s the attention going to go? You sure don’t want to stand out in a bad way – like being one of the 256 app providers who violated the privacy terms they contracted with Apple.

Going beyond the legal minimum and making extra effort will help your business differentiate as a trusted source. Simplified privacy policy language will help. Minimizing data collection and retention (yes, you CAN get rid of stuff!) will help. So will being transparent at all times about your practices and behaviors. Use creative ways to tell the story to your customers and stakeholders – through vignettes, through messaging, through customer service scripts – put it out there. Earning trust marks like TRUSTe really sends the message that you take data stewardship seriously.

Your customers expect you to comply with the law. They want to feel like you care and are proactive about protecting their data. I firmly believe that the great majority of people want to do the right thing; it comes back to mindfulness and balance between enthusiastic pursuit of business objectives and a bit of thoughtful restraint.

Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!
Brand Reputation in the Era of Data – Principle 5: Practice Customer Empathy

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle five: developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors.


Hand in hand with getting your own house in order to secure customer data is developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors. This can be reflected in the marketing practices you adopt, the way customer data is collected and handled, and the attitude and values that are expressed and embodied from leadership through the ranks.

Several respondents in our qualitative feedback study emphasized that organizations’ observing privacy policies internally was very important to them. While most every organization has an external privacy notice (understandable or not), many companies lack a robust internal privacy policy, data management policies, or even clarity of their privacy mission and position. It is important to thoughtfully define these, then train your people, in a resonant and memorable way about these corporate values and an employee’s role in them. Reinforce the training with an ongoing internal awareness campaign. Help your team remember that behind every purchase, tweet, post, click and share is a human being and all that entails. Anyone who has something or someone to protect can understand that.

This is a foundational aspect of your organization’s personality and reputation – how do you want to be seen and regarded? Are you the respectful company? The service-oriented company? One who customers see as sneaky or arrogant? One who is so consumed with innovation and speed that they forget there are real people who will be served or potentially harmed by your invention?

Consider incenting or requiring those who work with other’s personally identifiable information, whether it belongs to customers, employees, partners, students or anyone else, to get certifications. This can help them more deeply understand the implications of what they’re working with. A colleague of mine likened this to how massage therapists are trained to respect the bodies of their customers, with their reputation and careers dependent upon following those protocols.

A best practice is to conduct what’s called a Privacy Impact Assessment (PIA) to evaluate risk in both existing and intended practices and services. There are online resources to offer you guidance (shameless commerce warning: Dialog can help with these); you will need some understanding of the legal and regulatory environment in which you operate. Then, when you objectively understand the level of risk, you can consider adjustments to your practices or plans if necessary. Those who may decline to participate should be made fully accountable for any consequences – financial or otherwise.

Acculturating a sense of responsibility and empathy, with policies to back that up, will go a long way toward solidifying your organization’s reputation as a trusted vendor. And that translates to the bottom line.
Brand Reputation in the Era of Data: 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships
Brand Reputation in the Era of Data – Principle 1: Empower Customer Control
Brand Reputation in the Era of Data – Principle 2: Be Clear and Accountable
Brand Reputation in the Era of Data – Principle 3: Do Everything You Can to Protect Customer Data
Brand Reputation in the Era of Data – Principle 4: Mind Your Partners!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle four: protecting data when it is passed on to others in your value chain.


Here is the Fourth of 8 Principles for Responsible Data Stewardship That Won’t Kill Your Customer Relationships, based on Dialog’s recent research.

While the last post discussed getting your own house in order around protecting customer data, equally important is protection of that data when it is passed on to others in your value chain.

Consumers regularly agree to share data with a particular organization for immediately known purposes – a purchase transaction, registering for a site or service, downloading an app. There is an abstract understanding that their data is shared. But the specifics of with whom, how and for what are vague to all but the most attentive, usually those who work in a marketing capacity. I recently heard a statistic that a data broker will have about 1500 pieces of information on an average individual! I didn’t know there could be 1500 things about me to be tracked. Who knew I was so interesting?

This vague concept of ‘they have all of my data’ is unsettling, leaving people feeling powerless and hoping that nothing harmful will befall as a result. It is perhaps the greatest area of concern for our study respondents. Legal requirements are normally that the data owner has bottom line responsibility (read that the one who could be sued in a breach), so it behooves you as a data collector to integrate strict data management terms into your third party contracts.

But beyond that, it’s how the data is used and monetized – and we all know this is the holy grail of marketing – that respondents find troubling. One respondent noted that “3rd party access to my search history is completely inappropriate.” Another noted that “if you got my data from somewhere else, tell me where you got it from.” Some of the other concerns expressed included not allowing an individual’s identity or data given for one perceived purpose to be used by entities that have control over other parts of their lives – insurance, credit, employers, housing, civil litigation, healthcare providers, surveillance or profiling, divorce court, political parties, or the news media, except as allowed by law. Data collectors should therefore carefully consider legal requests vs. legal requirements.

One suggestion was to have and observe universal standards on collection and distribution of sensitive and potentially harmful medical and financial information. There are already laws about these domains, but data analytics can get pretty accurate at some of these situations using other non-regulated data.

But some respondents also took a Buyer Beware stance, saying that data voluntarily given and captured through public means is there for the taker, and consumers can always choose not to participate in a transaction. Better to educate people about what is being harvested about them and how it is used. Perhaps improving privacy policies would be a good start. But it can be challenging to get that message across when data is handed off to anonymous 3rd parties whose very existence or purposes are unknown to average people.

With the Internet of Things, this situation will grow exponentially, creating further issues of securing data at the points of collection, transfer and curation x 1000 – and the implications for Big Data crunching that will come from it. Bottom line – mind your partners. Privacy protections need to be contractually obligated with third parties, but prudence dictates you avoid sharing with those who perpetrate the creep factor, especially when contributions can be traced back to you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Top Technology Trends for 2015

March 17th, 2015 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

This week on NVTC’s blog, Davis Johnson, senior director of Public Sector Sales and Business Development at Riverbed, shares his top tech trends of 2015. 


Technology has always been, and will always be an ever-evolving landscape. A decade ago the trends and policies we saw in the private sector greatly differed from those taking shape in the government, but heading into 2015 it is clear that those siloes have been broken down.

With a national focus on cybersecurity, increased usage of the cloud, and a push towards consolidating IT resources to improve efficiency and save money, we can expect the lines between these groups to continue to blur.

Federal CIOs Will Achieve A Broader View Into Cyber Threats
Unless you have been living under a rock you have probably heard about the Sony hack. If you haven’t, chances are you have heard the President at one point or another talk about cybersecurity and its growing importance as it relates to our national security. In fact, at a February 2015 Stanford University appearance the president signed an executive order requesting public sector IT join forces with the federal government and the military in an effort to strengthen overall security across both groups. During this same meeting the president highlighted some alarming statistics—one of which being that overall cyber threats since he took office in 2009 have impacted more than 100 million individuals and businesses.

Given the importance, and emphasis being place on cybersecurity by both government leaders and businesses, it is safe to say that the cyber conversation will only increase, and evolve in the coming years. With that evolution will come increased usage of tools that allow agencies and companies to look across their entire network for abnormalities and catch suspicious behavior before it escalates. These visibility tools will allow network operators and CIOs to see who is accessing what information and when, and if that information is protected or should not be viewed by the user, allows them intervene before any potential leak or hack occurs.

Analytics will also play a major role in future of cybersecurity by offering increased visibility and proactively alerting security teams to potential suspicious activity.  Currently, Intelligence Advanced Research Projects Activity, which conducts research for the U.S. intelligence community, is using public information and Big Data in an effort to actually predict cyberattacks before they occur. This proactive vs. reactive approach is something we can expect to see more of as the public and private sector solidify and sharpen their cyber processes.

The Cloud Will Continue To Mature
Within the government there has been a notable shift from debating on whether or not to move to the cloud, to picking which cloud option best suits an agency’s needs. While Gartner’s “Private Cloud Matures, Hybrid Cloud is Next” report states that hybrid cloud is today where the private cloud market was three years ago, we can expect to see agencies weighing all of their cloud options in 2015 and beyond.

In fact, one cloud option that has long been popular in the public sector and is now gaining popularity in the government is the public cloud. With the Defense Information Systems Agency’s newly released guidelines, the Department of Defense (DoD) now has a clear outline for what they are able to place in the public cloud, as well as what must to be housed within a virtual environment, among other things. With these guidelines we can expect to see a deeper conversation and openness to public cloud offerings within the government and information from both sides housed in the same place.

IT Center Consolidation
With increased virtualization throughout the government, data center consolidation will continue to a hot topic in 2015 and beyond. By consolidating data centers agencies have the ability to reduce costs, improve their security and streamline overall IT processes. In fact, a 2014 U.S. Government Accountability Office report found that of the 24 agencies participating in the Federal Data Center Consolidation Initiative, 19 agencies collectively reported achieving an estimated $1.1 billion in cost savings and avoidances between fiscal years 2011 and 2013.

While there are obvious benefits that data center consolidation brings, the shift also means that applications are now hosted farther away from employees or federal workers that rely upon them every day. That distance, and the increasing complexity, require networks to keep pace. So federal CIOs and companies will look for tools to assist in consolidating their datacenters over the next few years. These tools will be ones that empower visibility into app and network performance issues, and those that help solve bottlenecks to make sure workers have access to the apps they need so productivity doesn’t suffer. To ensure that consolidated data centers are providing maximum benefits for IT leaders on both sides, we can expect to see them implement optimization tools moving forward as data center consolidation is definitely here to stay.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS