Data security at scale: How IT modernization impacts cybersecurity and data access for the U.S. Department of Defense

Public sector organizations have more data at their disposal than ever, but enacting cybersecurity and data management policies for one of the largest organizations in the world presents a new challenge for their IT and security teams.

As more and more of the public sector enact large-scale digital transformation initiatives, government organizations must find new ways to manage massive amounts of data securely while maintaining compliance. With new mandates from the Biden administration to enhance cybersecurity best practices in both the private and public sectors, organizations like the Department of Defense (DoD) face new challenges to their data management and communication practices. 

Lauren Knausenberger, Chief Information Officer for the Department of the Air Force, recently sat down with FedScoop to discuss how the DoD is building a broader IT modernization strategy, from the technical challenges they’ve faced to their strategy for tool adoption. Read on for some of our key takeaways about data security and management in the public sector and beyond. 

Managing datasets at scale is a growing challenge

During her tenure as CIO, Knausenberger has championed the IT modernization of the Air Force, including the digitization of huge amounts of data. Digital access to essential documents has ensured that teams have the information they need to act more quickly and effectively when every moment matters. But ensuring that those datasets were transferred to digital formats was only the first step in a long journey. 

“The technical solution to getting access to that data is not the hardest part,” says Knausenberger. “The really hard part with all of that data is governance and security. We want to make the data accessible to as many people as possible, but when you make that data accessible to everyone, the level of classification rises.” 

Big data means data portability is more significant than ever 

Data portability and operability — the ability to access and move data between different systems, including applications, programs, and storage providers — has become a major consideration for organizations like the Department of Defense. When third-party systems don’t allow users to move their data easily, data management can become both time-consuming and costly. 

In the case of the USAF, data may be spread between multiple cloud and on-premise storage providers, and keeping storage costs in check means minimizing the movement of data between various repositories. Knausenberger notes that her team is working on an API strategy to ensure that data can be accessed by the people who need it, when they need it, regardless of where it’s stored.  

Balancing scale and flexibility empowers technical teams to work more effectively

According to Knausenberger, one of the key challenges of managing tooling at scale has been making sure that teams still have the ability to use software tools purpose-built for their specific workflows. For large enterprises and organizations, enabling those technical teams to choose and deploy tools quickly is key. In the past few years, Platform One has adopted a new approach to software evaluation and approval, allowing teams within the Department of Defense to adopt new technologies more quickly. 

“Time and time again, studies have proven that high-performing teams need to have some level of tool choice, and they’re probably going to make those choices a lot faster than an enterprise of 750,000 globally can make,” says Knausenberger. For example, the Department of Defense uses Microsoft Teams for general communication, but technical and operational teams with specific tooling needs have also adopted Mattermost to collaborate on mission-critical workflows

Knausenberger states that rolling out these DevOps tools at an enterprise level from the start helps ensure that teams have the functionality they need without compromising on security or compliance concerns. 

A strong cybersecurity strategy is at the core of digitization initiatives

Adhering to individual cybersecurity practices is important, but having an overarching cybersecurity strategy that governs and organizes these practices is even more critical for large public sector organizations. Public sector organizations can be especially vulnerable to cyberattacks, and an active, well-executed cybersecurity strategy is essential for stopping these attacks. 

Knausenberger says that having clear, specific security goals in mind is essential for successfully implementing a security strategy: “Zero Trust has become the buzzword that nobody knows what it means…we’ve actually been very specific about exactly what we mean when we say Zero Trust.”  The Department of Defense’s Zero Trust strategy is on track to be fully implemented by 2027

Learn more about IT modernization strategy at scale

To learn more about how the Department of Defense is tackling digitization, watch Knausenberger discuss “Building a Broader IT Modernization Strategy” from FedScoop.