Safeguarding sensitive data

IT administrators adopt new solutions to protect government-hosted information


     "It's unfortunate that sometimes you have to have punitive aspects in order for people to take notice," O'Berry says. "I'm not saying people aren't doing their jobs, I'm saying that I know the state of security, and it's just not an easy thing."

     O'Berry explains that too often, laws are developed in reaction to technology's capabilities.

     "It's that standard situation where policy always drags technology," O'Berry says. "And education drags policy. So essentially it's technology, policy, education. Unfortunately, it should be exactly reverse.

     "So what you have is this giant pendulum that swings way one way, where nobody's protected, and then it swings way the other way."

     O'Berry says the law-making skip from one extreme - of having little or no protection for databases - to having layers or policy regarding protection and notification highlights the scramble to protect.

     "I totally believe in protection for the people, I'm just saying that when the pendulum keeps swinging, you can't find the middle ground," O'Berry says. "And the punitive aspect of it: It's unfortunate that people didn't pay attention to it … six years ago, when they should have."

Safeguarding sensitive data

     Law enforcement management need not only worry about protection and service in its physical community.

     When an instance comes about that highlights a nick in digital security armor, laws are rushed into place to compensate, and in some cases overcompensate for past inadequacies.

     Though O'Berry explains it is difficult to plan for future needs technologically, he says IT administrators will continue to find a way to integrate policy and technology to protect without limiting useful access by taking challenges as they come and adapting.

     He compares the challenge of planning for IT futures to planning a vacation four years in advance - down to the meals one plans to eat.

     "Now that's not practical," O'Berry says. "But that's how people sometimes approach IT. It's this big, monolithic thing; I believe you're going to have to be increasingly more flexible and agile as you go."

Bad apples

     For all of its utility and convenience, the Tennessee Criminal Justice Portal, linked to six of the state's records databases, caused some grief for Tennessee's law enforcement management - arguably, it was some misguided use by authorized users, curious about country music star Gretchen Wilson, which brought the grief.

     A December article in the state's daily newspaper all but decried the $1 million Tennessee Criminal Justice Portal a flop, citing police users who used and abused the Portal.

     Tennessee Highway Patrol Col. Mike Walker says the violation of Portal use policy was first looked into after a lieutenant saw a hit on his personal record and asked the IT department to identify who had accessed the personal information and for what reason. Walker says after arduous review of computer coding and records, management was able to identify who accessed the information and set about its process for auditing the access.

     "My guess is they didn't have a clue that it could be tracked," Walker says. "And the other issue is they probably thought it was kind of like Google; You just go in and you search [during] downtime or whatever. Technology is a tremendous tool, as long as you use it the right way."

     The incident made its way to the press, where some misinterpretation made a mess for Walker and his colleagues. After further investigations by the Tennessee Department of Safety, other agencies connected to the Portal were identified with possible users abusing the resource, including several individuals with the Tennessee Highway Patrol, the Smyrna/Rutherford Co. Airport Authority, State Probation and Metro PD - a total of four agencies - with a combined total of 12 civilian and sworn individuals - out of 350 authorized agencies.

     However, for all the trouble it caused, Walker says the incident lead to some positives: Executives were forced to learn a lot about the Portal, which helped them understand how use is tracked and could lead to a better way of reviewing usage. "We're seeing, developing and working on better ways to audit from an executive's viewpoint and manager's viewpoint," Walker says.

  • Enhance your experience.

    Thank you for your regular readership of and visits to Officer.com. To continue viewing content on this site, please take a few moments to fill out the form below and register on this website.

    Registration is required to help ensure your access to featured content, and to maintain control of access to content that may be sensitive in nature to law enforcement.