10 MINS READ
The biggest questions need the boldest answers. That’s why we’re using our global scale, technology expertise, and collaborative spirit to move toward a better today and a brighter tomorrow together.
The public sector generates and holds enormous amounts of data. It is critical to the government’s functionality and creates significant challenges and opportunities. The Australian government has increasingly invested in data analytics to improve the capabilities and opportunities to leverage this data in recent years. The global pandemic accelerated this adoption while creating new challenges the sector must overcome, such as data protection.
How has the role of data management changed in Australia?
The role of data management has primarily changed due to the shift toward remote and hybrid working policies. Organisations across the globe have adapted to enable employees to work outside the office via remote access or take company-owned laptops and similar devices home. However, for many government agencies with data classified as critical, employees of some functions have had to remain in office, creating an unusual hybrid model.
The Australian government has always managed and classified data across several categories such as unclassified, official, protected, secret, and top secret. Having these controls in place across most government networks meant they were pre-enabled to allow people to work from home and access the necessary data according to their clearance. Having trust models such as this means that staff can only access data according to the classification of their security status, as they would from an office location.
While the data access part was already taken care of, with the majority of people working remotely, it was the fear of malware, phishing, and spear-phishing attacks that kept government organisations on their toes and made it essential for the employees/end users to be more vigilant in ensuring that the security of their end device is still protected, as if it was in the office.
For better or worse, there is no way back to how it was before. They must find alternative ways to keep data and devices secure and protected.
How is data being protected securely and efficiently?
The Australian Federal Government departments have been classifying data across the four categories outlined above for many years. Data is always protected, either according to the job role or access. Typically, you can only view the data you are classified to see. At the highest classification levels, data and information become compartmentalised. Individuals can only see the information required for a specific job role. Government organisations have typically engaged in back-up routines to protect against data loss through hardware failures and internal threat actors.
The Australian Cyber Security Centre (ACSC) recommends the ‘Essential Eight’, a minimum-security standard that outlines essential processes to protect and prevent data and devices, such as ensuring that when a user leaves an organisation, their rights get instantly revoked. It also recommends the level of patching and cyber security that is required to be implemented by Australian government agencies. These recommendations have helped ensure consistency across the board and supported organisations in developing a level of maturity. Additionally, the Australian National Audit Office can audit organisations’ compliance against the ‘Essential Eight’ annually.
So, even if all the required recommendations and controls are in place, how well they are implemented decides how secure and efficient the data is in any organisation.