Safeguarding the future
David Taylor examines the challenges facing police forces in data management and security.
In the past few months, we have seen a number of high-profile data breaches within police forces which have highlighted a challenge that many face – how to ensure data security and management in a complex and highly secure policing environment.
The breadth and depth of data held by police forces has compounded this challenge. With data held in multiple formats and locations, storing, processing and analysing it is time consuming and difficult. If a team is working with phone records, witness testimony, digital data and more, they are already having to move between many different locations, formats and systems. This makes the challenge of identifying a connection or finding evidence much more difficult.
You also have the challenge of cross-referencing across operations. Without a standardised, secure and efficient data storage and analysis platform, you risk missing opportunities to gather crucial intelligence.
Data management and security are not just concerns for the IT team; they are essential for upholding trust, reputation, and supporting legal compliance at a time when threats to such sensitive data are becoming more severe, frequent, and, consequently, a larger public concern.
The key to managing data
At MASS, we have worked for decades in defence and highly secure environments to improve data management, and we have seen the value of building a robust and unified data management approach.
To manage data successfully you must begin with a well-defined data strategy, which details data collection, storage, access, and usage guidelines to build reports that provide accessible and clear intelligence. You then need a set of clear, enforceable policies, backed up by education for the workforce. Policies set clear expectations for data handling, security, and privacy, while education ensures that all personnel understand best practice and potential risks.
Maintaining such a standardised approach simplifies processes, reduces errors, ensures data consistency, and lessens the risk of data mishandling.
Securing data effectively
The key to any security policy is layered defence; no single failure is enough to create a security breach. There should be multiple layers of security measures, each layer protecting the inner ones, so that if one layer is removed or breached, the most valuable, innermost layers are not compromised.
For example, a laptop seized by an unauthorised person will be of no value to them if it has a securely encrypted hard drive.
Securing data effectively requires a dedicated and knowledgeable expert or team of experts with the responsibility and authority to create and enforce a robust security policy aligned to your organisation’s needs. While aspects of security can be delegated, centralised responsibility and authority is critical for the overall implementation and enforcement of the security framework.
Recent breaches have highlighted the risk of inadvertent data publication. To reduce this risk, well-defined workflows and authorisation processes are crucial to ensure that those within the police force who can access and disclose information do not publish sensitive data.
Here, real-world simulations are incredibly valuable. Simulating real-world data penetration scenarios are key to preparing police forces for potential data breaches. By teaching them how to devise quick strategic responses, the repercussions of data breaches can be mitigated to a great extent.
Centralising responsibility, establishing strong policies, and implementing effective workflows are fundamental steps to comprehensive data security.
Data management and security does not stand still. We are continually looking at how trends may impact UK police forces. Our top four include:
- Cloud adoption – The use of cloud storage and computing will grow in importance as it offers scalability, flexibility, easy recovery and cost-efficiency for large amounts of sensitive data. However, balancing data sovereignty against these benefits will be crucial.
- Evolving data privacy laws and regulations – Laws such as the General Data Protection Regulation (GDPR) and Management of Police Information (MoPI), will require robust data governance practices within forces to avoid any kind of non-compliance.
- Artificial Intelligence and machine learning – These advanced technologies will be increasingly incorporated into data management frameworks as they will be able to automate various time-consuming manual processes and potentially detect threats in near real-time.
- Zero trust security – There will be a shift from perimeter-based security models to continuous verification security models to prevent LAN connections being able to access the resources being protected. Access will be granted using Attribute-Based Access Control (ABAC), which involves a matrix of factors including the object being accessed, the user’s profile, the requested operation and the environment from where the request originates. This will make systems more secure and harder to breach.
We believe with the right data management and security, police forces will find much more value in the data they hold, reassurance that the risk of data breaches is vastly reduced and, crucially, efficiencies in how their teams operate.
David Taylor is Senior Business and Data Analyst at technology company MASS.