Critical Water and Wastewater Data Security

824 views
788 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
824
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Internet based solutionsSaaSEliminate internal threatsSaaS provider can’t afford lax security – would be out of business pretty quick
  • Critical Water and Wastewater Data Security

    1. 1. WaterTrax<br />Critical Data Security<br />Andrew Lewis, P.Eng.<br />Director Product Strategy<br />WaterTrax<br />
    2. 2. Business Environment<br /><ul><li>Sustained, Improved & Secure Water Quality</li></ul>Results<br /><ul><li>Common & New Tech. Strategies
    3. 3. Data Management
    4. 4. Security Systems</li></ul>Improved Operations<br /><ul><li>More testing
    5. 5. More reporting
    6. 6. Training/Certifications
    7. 7. Increased fines</li></ul>Increased Regulations<br /><ul><li>Meet needs of growing population
    8. 8. Aging infrastructure
    9. 9. Water resource issues</li></ul>Infrastructure Improvements<br />
    10. 10. Data Security Threats<br />External<br />Viruses<br />Malware<br />Hacking<br />
    11. 11. The Weakest Link<br />
    12. 12. The Weakest Link<br />
    13. 13. Internal vs. External Threat<br />Estimated External Threat = &lt; 1%<br />Internal Threat Most Compelling Issue <br />
    14. 14. Data Security Threats<br /><ul><li>Internal
    15. 15. Employees</li></ul>Retirement – knowledge walking out the door<br />Employee turnover<br />Complacency / errors / lack of training<br />Sabotage by former and/or disgruntled employee<br /><ul><li>Incident response</li></ul>Lack of multiple backups in multiple locations<br />Lack of disaster recovery plans<br /><ul><li>IT vs Operations</li></ul>Lack of understanding of each others needs<br />Lack of internal IT resources to support operations<br />Improper maintenance / loss of data from maintenance<br /><ul><li>Multiple and disparate data management systems
    16. 16. Non-secure data management tools
    17. 17. Access without partitioning of controls/features</li></li></ul><li>Why Data is Critical<br /><ul><li>Data is the foundation for all informed decision making
    18. 18. Daily</li></ul>Operations<br />Maintenance<br />Confirm compliance<br /><ul><li>Short-term planning (<5 years)</li></ul>Improve water, wastewater and biosolids quality<br />Improve safety<br />Improve efficiency of operations<br /><ul><li>Long-term planning (5-20 years)</li></ul>Timing for adding capacity<br />Timing and type of upgrades<br />Capital planning<br /><ul><li>Secure data = lower risk, better compliance, lower cost</li></li></ul><li>Survey of Water Utilities <br />
    19. 19. Survey of Water Utilities<br />
    20. 20. Paper<br />Paper based systems<br /><ul><li>Not readily shareable or accessible
    21. 21. Requires manual review
    22. 22. No backups
    23. 23. Fire damage
    24. 24. Water damage
    25. 25. Shredding
    26. 26. Loss
    27. 27. Alteration
    28. 28. Erasure
    29. 29. Difficult to meaningfully use data</li></li></ul><li>Desktop Applications<br />Spreadsheets/Access db’s/etc.<br /><ul><li>Not readily shareable
    30. 30. Data entry errors
    31. 31. No audit trail
    32. 32. Desktop malfunction
    33. 33. Error prone
    34. 34. Accidental/purposeful deletion
    35. 35. Multiple copies/versions
    36. 36. Accessibility
    37. 37. No separation of archive from analysis and presentation
    38. 38. Backups?</li></ul>What happened to the data?<br />
    39. 39. “The Water Board Office”<br />“…there must be an easier way to get this information”<br />
    40. 40. Data Management Evolution<br /><ul><li>Pre-1980s – paper
    41. 41. 1980s – Desktop Applications
    42. 42. Excel, Lotus, Quattro spreadsheets
    43. 43. Databases
    44. 44. Isolated and insecure
    45. 45. 1990s – Client Server Applications
    46. 46. Customizable off-the-shelf solutions
    47. 47. Custom-build solutions
    48. 48. Heavily dependant on internal IT infrastructure and resources
    49. 49. 2000s – Software as a Service Applications
    50. 50. Industry specific applications available over the web
    51. 51. State-of-the-art cyber security
    52. 52. External and multiple backups and disaster recovery systems
    53. 53. Readily accessible to key personnel but controlled</li></li></ul><li>Data Management Evolution<br /><ul><li>SaaS has become the preferred software solution
    54. 54. Prevent technology obsolescence and data loss
    55. 55. State-of-the-art security systems in place
    56. 56. Reduce insider threat</li></li></ul><li>Database Security Questions<br /><ul><li>Access
    57. 57. Who determines access?
    58. 58. Who gets access?
    59. 59. What part of the database can they access?
    60. 60. What can they do?
    61. 61. Ability to access key data by key personal anytime, anywhere?
    62. 62. Control
    63. 63. Who can enter and modify the database configuration?
    64. 64. Who can enter and modify the data?
    65. 65. Ability to lock-in data after a specified period of time?
    66. 66. Audit Trail
    67. 67. Who entered the data and when?
    68. 68. Who modified the data and when (what was the old value)?
    69. 69. Database backups
    70. 70. How often?
    71. 71. Where are backups stored?</li></li></ul><li>Tools to Improve Security<br />Data Management<br /><ul><li>Consolidate databases
    72. 72. Automate data entry - minimize fingerprints
    73. 73. Automate data review and verification
    74. 74. Automate alert notification
    75. 75. Quick and easy report generation
    76. 76. Control who has access & what they can do
    77. 77. Make data accessible anytime, anywhere
    78. 78. Create multiple, frequent backups
    79. 79. Store at least one backup off-site
    80. 80. Disaster recovery plan</li></li></ul><li>Data Consolidation<br />Instrument<br />Readings<br />Field Test<br />Kits<br />Log<br />Sheets<br />UTILITY<br />LABORATORIES<br />Chemical<br />Analysis<br />Radiological<br />Analysis<br />Microbiological<br />Analysis<br />PUBLIC<br />REGULATOR<br />MANAGER<br />
    81. 81. Access<br /><ul><li> Competing goal: Wide area use vs. Security
    82. 82. Promote transparency and efficiency
    83. 83. Limit function rather than access</li></li></ul><li>Accessibility<br /><ul><li>Remote data entry
    84. 84. Smart-phones/handhelds for field data entry
    85. 85. Web site for external lab uploads
    86. 86. Web site for plant operator’s logs
    87. 87. Reduce errors – fewer fingerprints
    88. 88. Remote data access
    89. 89. Quickly puts critical data in the hands of decision makers
    90. 90. Faster response times
    91. 91. Increase data security & access = correct and timely decisions = reduced risk</li></li></ul><li>Automate Data Entry<br /><ul><li> Reduce fingerprints
    92. 92. Increase data accuracy</li></li></ul><li>Automate Data Review<br /><ul><li> Ensure data is representative
    93. 93. Reduce risk</li></li></ul><li>Control Changes <br />
    94. 94. Automate Alerts<br /><ul><li> Reduce liability
    95. 95. Ensure adequate response</li></li></ul><li>Manage Alerts<br /><ul><li> Minimizes liability
    96. 96. Promote transparency and efficiency
    97. 97. Encourage best practices</li></li></ul><li>Easy Reporting<br /><ul><li> Ensure compliance
    98. 98. Promote use of the system
    99. 99. Graph trends over time</li></li></ul><li>Back Ups & Disaster Plan<br /><ul><li>Ideally storage should be off site
    100. 100. Ideally use rotational data parceling
    101. 101. Ideally using redundancies
    102. 102. Plan for hardware loss and potential disasters
    103. 103. $M for data acquisition = Need for pro-active measures</li></li></ul><li>New Technologies<br /><ul><li> Mapping of Exceedances of Water Quality Standards</li></li></ul><li>New Technologies<br /><ul><li>Tracking and mapping of Incidents / Complaints</li></li></ul><li>What can you do?<br />Results<br /><ul><li>Make full use of today’s technology
    104. 104. Automate consolidation of data
    105. 105. Automate alerting of problems
    106. 106. Enable fast, easy access to data
    107. 107. Control access without limiting accessibility
    108. 108. Implement an Audit Trail
    109. 109. Implement a disaster recovery plan
    110. 110. Backup system & store it externally</li></ul>Improved Operations<br />Increased Regulations<br />Infrastructure Improvements<br />
    111. 111. Andrew Lewis, P.Eng.<br />Director Product Strategy<br />andrew.lewis@watertrax.com<br />1-604-630-3708<br />1-866-812-2233 x 3708<br />

    ×