By: Jai Nowlin, Compliance Engineer, DataBank
Cities across the globe deploy a wide range of smart devices connected to IoT networks. The devices feed data into databases to improve city services, reduce energy consumption, and increase safety. The devices include smart energy meters and traffic management systems as well as sensors to track air quality, water usage, weather, transportation systems, and waste.
Most of the information these systems collect is mundane. However, many systems collect personal information linked to other databases containing personal information. Should cybercriminals breach one component of an IT ecosystem, they may gain access to all the connected systems.
To analyze and process data, cities connect their databases to artificial intelligence (AI) models and machine learning algorithms. In addition, they store data in the cloud. All this increases attack surfaces for threat actors to gain access to private information.
With all the data smart cities generate, city leaders need to consider the security and compliance ramifications. Sensitive data connected to individuals is subject not only to local privacy laws but also state, federal, and international regulations.
Consider a person renting a car in the U.S. and visiting a city in a state with privacy protection laws. As the driver runs a red light, a smart camera connected to an IoT network records his facial image and the car license plate. The database managed by the motor vehicle department stores the image and the plate number.
Eventually, the system connects with the car rental company to identify the driver and kick off a process to fine the driver. At the same time, the city has collected, stored, and processed personal information belonging to the driver.
Should the city mishandle the private information, or should hackers breach the IT system, the city could be subject to a privacy regulation fine. No doubt, that fine will cost a lot more than the ticket for running the red light.
This situation represents how privacy protection works in the U.S. With the California Consumer Privacy Act (CCPA), for example, citizens receive privacy coverage when they travel to California. Currently, 19 other states also have privacy protection laws. In addition to protecting state citizens, the regulations cover anyone visiting these states.
Without proper security controls that comply with state privacy regulations—as well as international laws such as the General Data Protection Regulation (GDPR)—cities could open the door to cyberattacks and compliance fines. The challenges lie in identifying all the systems containing protected data and determining the necessary controls to comply with the pertinent regulations.
Ultimately, it’s up to each city to know the types of data it processes and stores. However, colocation data centers can offer compliance experts to help IT teams work through the process. This includes identifying security gaps and recommending how to close them to achieve compliance with privacy regulations.
To help cities prove compliance with regulations, colocation providers identify the security controls they apply to their facilities and their infrastructures. In addition to physical security—such as surveillance cameras, security guards, and badge systems—providers offer redundant power and cooling to ensure servers do not shut down and lose data.
The leading colocation facilities also keep customer environments separated with interconnected network segmentation. If a city operates multiple server pods inside a data center, it can establish connectivity across environments without sending data to the Internet.
DataBank, for instance, provides a service to multi-tenant customers that runs copper fiber between environments. Cities can have multiple environments in the same data center and never leave the building. For cities with environments in multiple data centers, we can segment connections at the network layer, so the router ports at each data center talk only to the city’s routers in other data centers.
As cities plan their data management strategies, DataBank conducts exploratory sessions to identify data types and data processes. This includes identifying which data sets cities want to retain, for how long, and the purpose of that data—such as plans for processing or sharing.
We also help cities address how they share data with local, state, and federal agencies. There are also situations where cities send data outside the U.S. We can cover the necessary controls to keep this data secure as well.
One of the key guidelines DataBank adheres to is NIST 800-53. This cybersecurity framework provides standards adopted as guidelines for many compliance certification programs. These include FedRAMP, FISMA, CMMC, HITRUST, and ISO 27001. Cities that align with the NIST 800-53 guidelines meet the U.S. Department of Defense specs for achieving stricter policies in relation to the privacy and security of the data they store and collect.
City leaders have the best intentions trying to stay ahead of compliance and privacy. Nobody wants to get caught in an attack. However, even if a city uses topline technology, there’s always somebody trying to get in.
To help cities take on this challenge, our DataBank security platforms keep an eye on all the data that goes through our data centers. Using artificial intelligence algorithms, our systems constantly learn what is common and what is a threat to servers, networks, and infrastructures. If our security teams receive an anomaly alert, they quickly conduct investigations to eliminate threats and keep customers secure.
Customers who want to learn more about how DataBank protects private information, visit the DataBank Trust Center within the Customer Portal. We provide insights and resources along with access to industry-leading security practices, policies, and controls. You can explore our security posture and discover how we uphold the highest standards of compliance to protect your data against potential threats. You can also review our certifications, request security documentation, and learn how we secure and manage your information.
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.