Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WaterTrax<br />Critical Data Security<br />Andrew Lewis, P.Eng.<br />Director Product Strategy<br />WaterTrax<br />
Business Environment<br /><ul><li>Sustained, Improved & Secure Water Quality</li></ul>Results<br /><ul><li>Common & New Te...
Data Management
Security Systems</li></ul>Improved Operations<br /><ul><li>More testing
More reporting
Training/Certifications
Increased fines</li></ul>Increased Regulations<br /><ul><li>Meet needs of growing population
Aging infrastructure
Water resource issues</li></ul>Infrastructure Improvements<br />
Data Security Threats<br />External<br />Viruses<br />Malware<br />Hacking<br />
The Weakest Link<br />
The Weakest Link<br />
Internal vs. External Threat<br />Estimated External Threat = &lt; 1%<br />Internal Threat Most Compelling Issue <br />
Data Security Threats<br /><ul><li>Internal
Employees</li></ul>Retirement – knowledge walking out the door<br />Employee turnover<br />Complacency / errors / lack of ...
Non-secure data management tools
Access without partitioning of controls/features</li></li></ul><li>Why Data is Critical<br /><ul><li>Data is the foundatio...
Daily</li></ul>Operations<br />Maintenance<br />Confirm compliance<br /><ul><li>Short-term planning (<5 years)</li></ul>Im...
Survey of Water Utilities<br />
Paper<br />Paper based systems<br /><ul><li>Not readily shareable or accessible
Requires manual review
No backups
Fire damage
Water damage
Shredding
Loss
Alteration
Erasure
Difficult to meaningfully use data</li></li></ul><li>Desktop Applications<br />Spreadsheets/Access db’s/etc.<br /><ul><li>...
Data entry errors
No audit trail
Upcoming SlideShare
Loading in …5
×

Critical Water and Wastewater Data Security

1,015 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Critical Water and Wastewater Data Security

  1. 1. WaterTrax<br />Critical Data Security<br />Andrew Lewis, P.Eng.<br />Director Product Strategy<br />WaterTrax<br />
  2. 2. Business Environment<br /><ul><li>Sustained, Improved & Secure Water Quality</li></ul>Results<br /><ul><li>Common & New Tech. Strategies
  3. 3. Data Management
  4. 4. Security Systems</li></ul>Improved Operations<br /><ul><li>More testing
  5. 5. More reporting
  6. 6. Training/Certifications
  7. 7. Increased fines</li></ul>Increased Regulations<br /><ul><li>Meet needs of growing population
  8. 8. Aging infrastructure
  9. 9. Water resource issues</li></ul>Infrastructure Improvements<br />
  10. 10. Data Security Threats<br />External<br />Viruses<br />Malware<br />Hacking<br />
  11. 11. The Weakest Link<br />
  12. 12. The Weakest Link<br />
  13. 13. Internal vs. External Threat<br />Estimated External Threat = &lt; 1%<br />Internal Threat Most Compelling Issue <br />
  14. 14. Data Security Threats<br /><ul><li>Internal
  15. 15. Employees</li></ul>Retirement – knowledge walking out the door<br />Employee turnover<br />Complacency / errors / lack of training<br />Sabotage by former and/or disgruntled employee<br /><ul><li>Incident response</li></ul>Lack of multiple backups in multiple locations<br />Lack of disaster recovery plans<br /><ul><li>IT vs Operations</li></ul>Lack of understanding of each others needs<br />Lack of internal IT resources to support operations<br />Improper maintenance / loss of data from maintenance<br /><ul><li>Multiple and disparate data management systems
  16. 16. Non-secure data management tools
  17. 17. Access without partitioning of controls/features</li></li></ul><li>Why Data is Critical<br /><ul><li>Data is the foundation for all informed decision making
  18. 18. Daily</li></ul>Operations<br />Maintenance<br />Confirm compliance<br /><ul><li>Short-term planning (<5 years)</li></ul>Improve water, wastewater and biosolids quality<br />Improve safety<br />Improve efficiency of operations<br /><ul><li>Long-term planning (5-20 years)</li></ul>Timing for adding capacity<br />Timing and type of upgrades<br />Capital planning<br /><ul><li>Secure data = lower risk, better compliance, lower cost</li></li></ul><li>Survey of Water Utilities <br />
  19. 19. Survey of Water Utilities<br />
  20. 20. Paper<br />Paper based systems<br /><ul><li>Not readily shareable or accessible
  21. 21. Requires manual review
  22. 22. No backups
  23. 23. Fire damage
  24. 24. Water damage
  25. 25. Shredding
  26. 26. Loss
  27. 27. Alteration
  28. 28. Erasure
  29. 29. Difficult to meaningfully use data</li></li></ul><li>Desktop Applications<br />Spreadsheets/Access db’s/etc.<br /><ul><li>Not readily shareable
  30. 30. Data entry errors
  31. 31. No audit trail
  32. 32. Desktop malfunction
  33. 33. Error prone
  34. 34. Accidental/purposeful deletion
  35. 35. Multiple copies/versions
  36. 36. Accessibility
  37. 37. No separation of archive from analysis and presentation
  38. 38. Backups?</li></ul>What happened to the data?<br />
  39. 39. “The Water Board Office”<br />“…there must be an easier way to get this information”<br />
  40. 40. Data Management Evolution<br /><ul><li>Pre-1980s – paper
  41. 41. 1980s – Desktop Applications
  42. 42. Excel, Lotus, Quattro spreadsheets
  43. 43. Databases
  44. 44. Isolated and insecure
  45. 45. 1990s – Client Server Applications
  46. 46. Customizable off-the-shelf solutions
  47. 47. Custom-build solutions
  48. 48. Heavily dependant on internal IT infrastructure and resources
  49. 49. 2000s – Software as a Service Applications
  50. 50. Industry specific applications available over the web
  51. 51. State-of-the-art cyber security
  52. 52. External and multiple backups and disaster recovery systems
  53. 53. Readily accessible to key personnel but controlled</li></li></ul><li>Data Management Evolution<br /><ul><li>SaaS has become the preferred software solution
  54. 54. Prevent technology obsolescence and data loss
  55. 55. State-of-the-art security systems in place
  56. 56. Reduce insider threat</li></li></ul><li>Database Security Questions<br /><ul><li>Access
  57. 57. Who determines access?
  58. 58. Who gets access?
  59. 59. What part of the database can they access?
  60. 60. What can they do?
  61. 61. Ability to access key data by key personal anytime, anywhere?
  62. 62. Control
  63. 63. Who can enter and modify the database configuration?
  64. 64. Who can enter and modify the data?
  65. 65. Ability to lock-in data after a specified period of time?
  66. 66. Audit Trail
  67. 67. Who entered the data and when?
  68. 68. Who modified the data and when (what was the old value)?
  69. 69. Database backups
  70. 70. How often?
  71. 71. Where are backups stored?</li></li></ul><li>Tools to Improve Security<br />Data Management<br /><ul><li>Consolidate databases
  72. 72. Automate data entry - minimize fingerprints
  73. 73. Automate data review and verification
  74. 74. Automate alert notification
  75. 75. Quick and easy report generation
  76. 76. Control who has access & what they can do
  77. 77. Make data accessible anytime, anywhere
  78. 78. Create multiple, frequent backups
  79. 79. Store at least one backup off-site
  80. 80. Disaster recovery plan</li></li></ul><li>Data Consolidation<br />Instrument<br />Readings<br />Field Test<br />Kits<br />Log<br />Sheets<br />UTILITY<br />LABORATORIES<br />Chemical<br />Analysis<br />Radiological<br />Analysis<br />Microbiological<br />Analysis<br />PUBLIC<br />REGULATOR<br />MANAGER<br />
  81. 81. Access<br /><ul><li> Competing goal: Wide area use vs. Security
  82. 82. Promote transparency and efficiency
  83. 83. Limit function rather than access</li></li></ul><li>Accessibility<br /><ul><li>Remote data entry
  84. 84. Smart-phones/handhelds for field data entry
  85. 85. Web site for external lab uploads
  86. 86. Web site for plant operator’s logs
  87. 87. Reduce errors – fewer fingerprints
  88. 88. Remote data access
  89. 89. Quickly puts critical data in the hands of decision makers
  90. 90. Faster response times
  91. 91. Increase data security & access = correct and timely decisions = reduced risk</li></li></ul><li>Automate Data Entry<br /><ul><li> Reduce fingerprints
  92. 92. Increase data accuracy</li></li></ul><li>Automate Data Review<br /><ul><li> Ensure data is representative
  93. 93. Reduce risk</li></li></ul><li>Control Changes <br />
  94. 94. Automate Alerts<br /><ul><li> Reduce liability
  95. 95. Ensure adequate response</li></li></ul><li>Manage Alerts<br /><ul><li> Minimizes liability
  96. 96. Promote transparency and efficiency
  97. 97. Encourage best practices</li></li></ul><li>Easy Reporting<br /><ul><li> Ensure compliance
  98. 98. Promote use of the system
  99. 99. Graph trends over time</li></li></ul><li>Back Ups & Disaster Plan<br /><ul><li>Ideally storage should be off site
  100. 100. Ideally use rotational data parceling
  101. 101. Ideally using redundancies
  102. 102. Plan for hardware loss and potential disasters
  103. 103. $M for data acquisition = Need for pro-active measures</li></li></ul><li>New Technologies<br /><ul><li> Mapping of Exceedances of Water Quality Standards</li></li></ul><li>New Technologies<br /><ul><li>Tracking and mapping of Incidents / Complaints</li></li></ul><li>What can you do?<br />Results<br /><ul><li>Make full use of today’s technology
  104. 104. Automate consolidation of data
  105. 105. Automate alerting of problems
  106. 106. Enable fast, easy access to data
  107. 107. Control access without limiting accessibility
  108. 108. Implement an Audit Trail
  109. 109. Implement a disaster recovery plan
  110. 110. Backup system & store it externally</li></ul>Improved Operations<br />Increased Regulations<br />Infrastructure Improvements<br />
  111. 111. Andrew Lewis, P.Eng.<br />Director Product Strategy<br />andrew.lewis@watertrax.com<br />1-604-630-3708<br />1-866-812-2233 x 3708<br />

×