As most law enforcement management can attest, the public safety mission to protect and serve isn't limited to the community streets.
When government data are concerned, the threats multiply beyond the walls of its physical jurisdiction and encompass the ubiquitous unknown of the cyber world. The necessity of the various government databases is rarely contested, but the larger question mark regarding government databases is how to protect them. Factoring in the many essential mobile workstations in patrol vehicles as well as laptop units that can't be kept behind constant lock and key, how can management protect data without limiting its utility?...Or can they?
Instead of keeping physical hardware under lock and key, IT administrators like Nick Mohamed at York Regional Police (YRP) are able to use a smartcard-based, key-like device to ensure the identity of the officer and protect the information on already fully encrypted laptops and other computer workstations.
In recent years, a federal mandate forced Canadian police agencies to strengthen network and access security in order to access its main federal database which holds the nation's criminal records, among other data. The new standard of security forced agencies like the YRP in Ontario, Canada, to revamp its information security, including implementing a new user authentication process.
In 2005, once YRP established the specifications it would need to comply with Canada's strong identification and authentication (I&A) requirements, it had to find a way to be sure the individuals accessing the network were in fact themselves and that they were cleared to enter network areas.
York reached out to its network security provider for 10 years, the Mississauga-based NCI (also in Canada), to come up with a strong I&A strategy to evaluate potential technologies and proffer an opinion on the best solution. Representing YRP's best interest, NCI's vice president, Ryan Krukoski, says it weeded out solutions based partly on the solution manufacturer's willingness to show insight into a product's future direction and its receptivity to suggestions.
"We were tasked with this idea of evaluating our solutions and trying to build what constraints and criteria the solutions needed to have as well as being forward-thinking and [looking] at where the companies are taking their solutions over the years," Krukoski says.
The end result of that evaluation and testing in 2005 was that the smartcard-based eToken solution from Aladdin Knowledge Systems, headquartered in Chicago, best fit YRP's needs, was a good long-term strategy and has since proven itself say Krukoski and Mohamed, the assistant IT manager and civilian senior officer with YRP.
In order to sign on to the York network, officers must insert a thumb-drive-like device - an eToken. This eliminates the need for network usernames and passwords, which was an element of the Royal Canadian Mounted Police mandate that YRP must comply. ETokens provide two-factor authentication (2FA), password and digital identity management, which in addition to full-disk encryption and internal and external firewalls, Mohamed feels York's system is better protected. "We're very vigilant in our security and we're very proactive in our approach to security management," Mohamed says. "A breach is something that we hope will never happen so we do everything possible to protect ourselves from it."A safe digital ecosystem
Information technology system directors are mindful and diligent about safeguarding sensitive data. But it's not only the moral code of IT managers that dictates the sensitive, valuable data are protected.
Since 2003, when California passed an historic data breach law, many states have followed suit enacting similar laws to protect consumer's rights and personal data privacy.