• Save
Critical Water and Wastewater Data Security
 

Critical Water and Wastewater Data Security

on

  • 1,184 views

 

Statistics

Views

Total Views
1,184
Views on SlideShare
1,178
Embed Views
6

Actions

Likes
0
Downloads
0
Comments
0

4 Embeds 6

http://www.watertrax.com 3
http://www.lmodules.com 1
http://www.slideshare.net 1
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Internet based solutionsSaaSEliminate internal threatsSaaS provider can’t afford lax security – would be out of business pretty quick

Critical Water and Wastewater Data Security Critical Water and Wastewater Data Security Presentation Transcript

  • WaterTrax
    Critical Data Security
    Andrew Lewis, P.Eng.
    Director Product Strategy
    WaterTrax
  • Business Environment
    • Sustained, Improved & Secure Water Quality
    Results
    • Common & New Tech. Strategies
    • Data Management
    • Security Systems
    Improved Operations
    • More testing
    • More reporting
    • Training/Certifications
    • Increased fines
    Increased Regulations
    • Meet needs of growing population
    • Aging infrastructure
    • Water resource issues
    Infrastructure Improvements
  • Data Security Threats
    External
    Viruses
    Malware
    Hacking
  • The Weakest Link
  • The Weakest Link
  • Internal vs. External Threat
    Estimated External Threat = < 1%
    Internal Threat Most Compelling Issue
  • Data Security Threats
    • Internal
    • Employees
    Retirement – knowledge walking out the door
    Employee turnover
    Complacency / errors / lack of training
    Sabotage by former and/or disgruntled employee
    • Incident response
    Lack of multiple backups in multiple locations
    Lack of disaster recovery plans
    • IT vs Operations
    Lack of understanding of each others needs
    Lack of internal IT resources to support operations
    Improper maintenance / loss of data from maintenance
    • Multiple and disparate data management systems
    • Non-secure data management tools
    • Access without partitioning of controls/features
  • Why Data is Critical
    • Data is the foundation for all informed decision making
    • Daily
    Operations
    Maintenance
    Confirm compliance
    • Short-term planning (<5 years)
    Improve water, wastewater and biosolids quality
    Improve safety
    Improve efficiency of operations
    • Long-term planning (5-20 years)
    Timing for adding capacity
    Timing and type of upgrades
    Capital planning
    • Secure data = lower risk, better compliance, lower cost
  • Survey of Water Utilities
  • Survey of Water Utilities
  • Paper
    Paper based systems
    • Not readily shareable or accessible
    • Requires manual review
    • No backups
    • Fire damage
    • Water damage
    • Shredding
    • Loss
    • Alteration
    • Erasure
    • Difficult to meaningfully use data
  • Desktop Applications
    Spreadsheets/Access db’s/etc.
    • Not readily shareable
    • Data entry errors
    • No audit trail
    • Desktop malfunction
    • Error prone
    • Accidental/purposeful deletion
    • Multiple copies/versions
    • Accessibility
    • No separation of archive from analysis and presentation
    • Backups?
    What happened to the data?
  • “The Water Board Office”
    “…there must be an easier way to get this information”
  • Data Management Evolution
    • Pre-1980s – paper
    • 1980s – Desktop Applications
    • Excel, Lotus, Quattro spreadsheets
    • Databases
    • Isolated and insecure
    • 1990s – Client Server Applications
    • Customizable off-the-shelf solutions
    • Custom-build solutions
    • Heavily dependant on internal IT infrastructure and resources
    • 2000s – Software as a Service Applications
    • Industry specific applications available over the web
    • State-of-the-art cyber security
    • External and multiple backups and disaster recovery systems
    • Readily accessible to key personnel but controlled
  • Data Management Evolution
    • SaaS has become the preferred software solution
    • Prevent technology obsolescence and data loss
    • State-of-the-art security systems in place
    • Reduce insider threat
  • Database Security Questions
    • Access
    • Who determines access?
    • Who gets access?
    • What part of the database can they access?
    • What can they do?
    • Ability to access key data by key personal anytime, anywhere?
    • Control
    • Who can enter and modify the database configuration?
    • Who can enter and modify the data?
    • Ability to lock-in data after a specified period of time?
    • Audit Trail
    • Who entered the data and when?
    • Who modified the data and when (what was the old value)?
    • Database backups
    • How often?
    • Where are backups stored?
  • Tools to Improve Security
    Data Management
    • Consolidate databases
    • Automate data entry - minimize fingerprints
    • Automate data review and verification
    • Automate alert notification
    • Quick and easy report generation
    • Control who has access & what they can do
    • Make data accessible anytime, anywhere
    • Create multiple, frequent backups
    • Store at least one backup off-site
    • Disaster recovery plan
  • Data Consolidation
    Instrument
    Readings
    Field Test
    Kits
    Log
    Sheets
    UTILITY
    LABORATORIES
    Chemical
    Analysis
    Radiological
    Analysis
    Microbiological
    Analysis
    PUBLIC
    REGULATOR
    MANAGER
  • Access
    • Competing goal: Wide area use vs. Security
    • Promote transparency and efficiency
    • Limit function rather than access
  • Accessibility
    • Remote data entry
    • Smart-phones/handhelds for field data entry
    • Web site for external lab uploads
    • Web site for plant operator’s logs
    • Reduce errors – fewer fingerprints
    • Remote data access
    • Quickly puts critical data in the hands of decision makers
    • Faster response times
    • Increase data security & access = correct and timely decisions = reduced risk
  • Automate Data Entry
    • Reduce fingerprints
    • Increase data accuracy
  • Automate Data Review
    • Ensure data is representative
    • Reduce risk
  • Control Changes
  • Automate Alerts
    • Reduce liability
    • Ensure adequate response
  • Manage Alerts
    • Minimizes liability
    • Promote transparency and efficiency
    • Encourage best practices
  • Easy Reporting
    • Ensure compliance
    • Promote use of the system
    • Graph trends over time
  • Back Ups & Disaster Plan
    • Ideally storage should be off site
    • Ideally use rotational data parceling
    • Ideally using redundancies
    • Plan for hardware loss and potential disasters
    • $M for data acquisition = Need for pro-active measures
  • New Technologies
    • Mapping of Exceedances of Water Quality Standards
  • New Technologies
    • Tracking and mapping of Incidents / Complaints
  • What can you do?
    Results
    • Make full use of today’s technology
    • Automate consolidation of data
    • Automate alerting of problems
    • Enable fast, easy access to data
    • Control access without limiting accessibility
    • Implement an Audit Trail
    • Implement a disaster recovery plan
    • Backup system & store it externally
    Improved Operations
    Increased Regulations
    Infrastructure Improvements
  • Andrew Lewis, P.Eng.
    Director Product Strategy
    andrew.lewis@watertrax.com
    1-604-630-3708
    1-866-812-2233 x 3708