Data Assets are Assets
Did you hear the one about the asset collection vendor that lost your data? Not a joke, and a painful horror story from one of the other data collection companies out there. We are proud to say at DTS and VUEWorks that we have never lost a client’s data… ever! And we do not intend to…ever! Having a strong awareness of the type and value of data that a vendor is protecting has become even more critical as technology platforms continue to evolve.
As cloud computing becomes a more prevalent phenomena daily, major challenges emerge for protecting large asset management datasets, linking through firewalls and displaying information that is compiled across multiple IT architectures and frameworks.
Moreover, In our present climate where public infrastructure is a target – controlling access to data once thought mundane takes one a new level of importance in the era of domestic terrorism. Knowing and protecting the location, criticality and condition of infrastructure is paramount to protecting public safety as well as providing timely and up to date information to first responders.
These data sets are costly to develop, expensive to maintain and represent a significant investment of tax payer funded resources. Protecting this data should paramount when considering asset management as a program, not just a project. There are several considerations that need to be well thought out in scenarios including, but not limited to:
- The need to create a report: Who has access? And access to what within the AMS?
- Sensitive information: How is it protected? How are permissions handled?
- Systems: Who has access to test, staging and production environments? Are they allowed to add/upgrade applications?
- Backups: What is the process for securing backups of both spatial and non-spatial data?
- Hardware: Outdated? Using cloud?
- Security: Improper configuration settings? Inadequate security controls?
It is important to take into consideration data loss prevention. These are processes put in place to address the areas listed above, to ensure that there is a methodology consisting of people, process and technology that protects your data. Consider the following categories and see if your organization has a data loss prevention methodology in place:
- Data Discovery
- Data Governance
- Risk Assessment
- Regulatory and Privacy Compliance
- Data Classification
- Policies, Standards and Procedures
- Remediation Processes
- Training and Awareness