Chris Borneman is vice president of Software AG Government Solutions. With over 20 years in technology and having held CTO, CIO and COO roles for multiple organizations, Chris has focused his career on delivering value to business through technology and building strong relationships.
As citizens and businesses increasingly prefer to interact with the government online, the need for digital change at federal agencies is imminent. With that said, any digital transformation effort needs to ensure the security and integrity of the underlying systems and their integration interfaces must be solidly intact and scalable.
One needs look no further than the 2015 Office of Personnel Management data breach for an example of how poor data integration led to massive security vulnerabilities. In addition to the risk of data escaping, new unauthorized data coming in must be protected as well. Even with so many advances, for many agencies, data manipulation through network intrusion is a top concern.
Note: This article first appeared on Nextgov.com.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The availability of our systems should be treated with the same level of care as we invest in our security. As we transition to mobile digital approaches, our capacity requirements will shift. This means as the ability to access and process information from anywhere and anytime expands, design patterns of legacy architectures must also evolve.
On Aug. 24, 2014, a single rogue Android app took down the National Oceanic and Atmospheric Agency’s national digital forecast system, through which tens of millions receive their weather forecasts each day. The problem was caused when the app developer introduced a defect that changed the polling refresh rate for new weather data, inadvertently causing a distributed denial of service attack. The outage initially went undetected, and once identified, required several additional hours before a successful block could be put in place.
To support the benefits for digital transformation while addressing existing and emerging security concerns brought on through Advanced Persistent Threat, agencies should consider adopting the following seven techniques:
- Ensure all integrations between systems leverage secure, authenticated connections that provide non-repudiation and avoid interim data at rest scenarios. Avoid Extract, Translate and Load approaches. Many legacy interfaces to newer information systems have relied on ETL, but this results in interim files that can be stolen or tampered with.
- Avoid point-to-point integration approaches between systems by leveraging an ESB. Point-to-point integrations increase costs, lowers monitoring and integrity checking, and makes security updates difficult to coordinate and deploy. By implementing an Enterprise Service Bus, agencies can alleviate this complexity and accelerate modernization efforts.
- Develop and manage a system to review all key sources of authoritative information. By doing so, agencies can ensure they remain protected, accurate and secure and prioritize modernizing interfaces to these systems.
- Use service virtualization where possible. Service virtualization provides an extra layer of protection and change management capabilities through interface versioning.
- Implement an enterprise in-memory caching system. Enterprise in-memory computing will relieve the load from database and mainframe connections while improving performance and response time.
- Deploy a reverse invoke gateway for all communications. This will close off all direct communications to internal systems while securely brokering the information between the requestor and the backend systems.
- Require unique registration for every consumer of interfaces. Through this onboarding registration, identification at run-time can isolate bad actors and allow service levels per actor to be introduced. This will ensure that critical systems continue to function and receive higher priority during peak usage times.
Modernization brings an excellent opportunity to improve how we deliver our services and enhance the capabilities within our programs. Using the above techniques can ensure your agency will benefit from secure and successful implementations leveraging approaches and technologies proven in business and government architectures to securely deliver billions of transactions every year.