Why Government data needs physical protection
James Somerville Smith, EMEA Channel Marketing Leader, Honeywell Security
In a world where data in the wrong hands can be highly destructive, it is vital that every organisation invests heavily in protecting it. Of any sector, this arguably applies to government more than any other.
Protecting the amount of highly confidential, sensitive information governments hold – citizens’ personal records, financial information on businesses, ‘For Your Eyes Only’ national and international secrets – is one reason why all governments have invested heavily in cybersecurity. However, it is vital that the role physical security plays in protecting against data theft is not underestimated.
Even if an organisation invests millions in a state-of-the-art cyber security solution to prevent criminals from accessing its data, they can still be vulnerable to data theft. If an intruder accesses one of the organisation’s sites, anywhere in the world, it is perfectly possible for them to either download confidential information onto a flash drive or steal a device such as a laptop, tablet or smartphone, and access data. Without a robust physical security infrastructure in place, cyber security’s effectiveness is substantially diminished. Last year, a major US insurance company lost thousands of its customers’ data when only three laptops were stolen from its headquarters in New Jersey.
For many organisations – a shop, an office, a hotel – securing the premises using CCTV, alarm systems and access control solutions requires skill and experience, but is ultimately a straightforward undertaking. For a government, responsible for hundreds of often high-profile buildings used for a range of different purposes by millions of citizens and employees, the challenge is much more complex. To add to that, in an economic environment where budgets are tighter than ever, government departments in most countries are continually asked to do ‘more with less’; in short, major capital investment in brand new security infrastructure is off the table.
The sheer number of employees on the government payroll – 5.7 million in the UK alone – operating across so many different sites means it can be difficult to ensure that only authorised personnel are allowed access to sensitive data. As you would expect, the types of classified information that military or defence departments require access to are heavily protected with a physical and cyber security infrastructure. However the more ‘benign’ data sets – national insurance numbers, credit card details, financial projections, health records, house numbers – may sit in vulnerable areas or on vulnerable devices, and can be accessed, sold and then used for nefarious purposes. Physical security solutions, specifically logical security combined with video, can prevent people without an access badge for a certain area from logging onto a computer, and capture video footage if the safeguards are sidestepped.
One of the unique security challenges faced by governments when it comes to protecting their data and assets is the sheer number of contractors working across government. From low-skilled work like cleaning and maintenance, to highly skilled jobs like software development or consultancy services, on any day of the week there are thousands of contractors working on government sites. This represents a significant security risk that only investment in physical security can overcome. By linking access control systems to payroll, HR and visitor systems, governments can ensure that the thousands of contractor across multiple sites can only access the parts of the building that are necessary and appropriate to their role. Crucially, it can also ensure that as their employment ends or role changes, access rights are adjusted automatically.
Another major issue that governments face is the responsibility to protect some of the largest, most high-profile and busiest sites in the world. Consider the security challenges associated with protecting Europe’s major Parliament buildings. At peak moments in the calendar – while tourists are crowding around them taking photos – these buildings are full of politicians and their staff with privileged information on their laptops, tablets and smartphones, as well as computers and servers containing sensitive information. In this context, physical security – access control, but also video analytics and facial recognition technology capable of identifying suspicious behaviour in crowds, and rapidly alerting security personnel to where it is taking place – can play a crucial role in protecting critical assets, including sensitive data.
So if the role of physical security is so critical to protecting people, assets and – crucially – data, then what is stopping all parts of the government from embracing it? In a Europe where the public sector purse strings are drawn tighter than ever, the answer is often money. However, investing in a security system doesn’t have to break the bank. Although security technology that runs over IP is richer in functionality, the best manufacturers and installers will support any government in rolling out an analogue or even hybrid security system if it fits their budget and requirements better. Working with the right partners – both in terms of products and installation – their systems will be future proofed, and can be built systematically over a period of years rather than incurring one big capital cost upfront.
To conclude, while cyber security is a crucial investment in today’s connected world, it is vital that governments across Europe do not under-invest in physical security either. In addition to its role protecting people and assets, it is also an indispensable layer of defence against the theft of valuable data. In a world where one stolen USB drive can lead to significant financial and reputational loss, it’s too important an investment to overlook.