Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
Blog AI Security

Ensuring Data Integrity in the Age of AI: How State and Local Governments Can Protect Their Data

Varonis Field CTO Brian Vecci chats about enhancing digital integrity for state and local governments in the age of AI.
Brian Vecci
4 min read
Last updated April 11, 2024
shield of data integrity

Contents

    Varonis Field CTO Brian Vecci sat down with StateTech to chat about enhancing digital integrity for state and local governments. Read the summary below or view the entire interview here

    Suppose you were to rank the components of the CIA triad — confidentiality, availability, and integrity.  

    The first component has traditionally been confidentiality, followed by availability. If you don’t get those two right, you’re at risk of ransomware; somebody gets access to something they're not supposed to, denies access, and requires payment to give it back.  

    Integrity has typically been at the bottom of this list because the thought process is if you achieve confidentiality and availability, you don’t need to worry so much about integrity. 

    Generative AI and large language models (LLMs) are changing that. Suddenly, even if everything’s 100% locked down (spoiler alert: nothing is) and even if you're monitoring everything well (spoiler alert: nobody is), the potential exists for a threat actor to get in and toy with the integrity of data. 

    As integrity becomes more of a priority, state and local government entities must know what data they have and where it’s located. They need to know how it's being used and why, where and how it's exposed, and ensure the best detective, preventive, and corrective controls are in place.  

    Data is always the target. 

    Twenty years ago, every government or organization had a couple of file servers inside a building offsite somewhere. But we don't live in that world anymore — everyone has data on-premises now. They have data in the cloud and file systems with databases everywhere. SaaS applications store data in public, private, and hybrid environments.  

    But no matter the location, the target for threat actors is always data.  

    You don't know how bad actors are going to get in. Maybe they'll phish one of your users, give somebody a USB key in the parking lot, break into your supply chain, or identify a vulnerability you haven't patched yet.  

    And while you don't know how someone's getting in, you know where they're going. Nobody breaks into a bank to steal the pens — they're after the money. If somebody gets access to an environment — either your data center, a cloud environment, or a combination — they're going after your data. 

    Because tools, processes, and applications are deeply interconnected these days, what data you have and where it is becomes a big question you must answer. When you're worried about data integrity, just finding what data you have is a challenge.  

    Let's say you identify where all the critical information is. Now, you're also worried about confidentiality and availability because that's how you're going to protect integrity. You need to discover data and you need to discover all of it.  

    Facing the unknown 

    Discovery and inventory are critical. We ask CISOs, “What are your priorities? What are your biggest challenges?” and we hear the same answer.  

    It’s not that they’re worried about ransomware, insider threats, or nation-state actors. They're concerned about what they don't know — the unknown unknowns. So, when discussing data integrity, you must ask yourself, “What data do I need to be worried about?” 

    Unfortunately, state and local governments often lag behind private enterprises because there is a different level of investment in security and privacy due to budget restrictions; these are big problems that require investments to solve. So often, government entities face a lot more of these unknown unknowns.  

    The relationship between data quality and integrity 

    Traditionally, data integrity and quality were applied to enterprise application databases, and nobody worried about data integrity for file systems. In those days, enterprise data, ERP system data, and HR data did not live in file systems. But these days, data is everywhere. 

    And without data integrity, you can't have data quality.  

    Data quality standards are related to specific factors of accuracy and completeness. You may collect a data set, and from an integrity standpoint, the data you have is what you collected — no one has altered it, but it might not be complete. It might not be valid or it might not have anything to do with what you need. It might not be consistent, it might not be timely, and it might be stale. All these qualitative factors make up data quality. 

    However, if a threat actor has manipulated your data, it still might meet your data quality standards, but the data integrity is no longer there. If your data integrity is affected, that might affect your data quality. Your integrity might be intact, but your quality might not be, and vice versa. 

    Automation is a necessity. 

    Some agencies still try to mitigate risk by relying on team members alone. But these problems are impossible to solve manually.  

    We need technology to address big technology, or rather, modern problems require modern solutions. No enterprise can hire enough people to solve these problems on their own. These problems require automated solutions — automation is key.  

    All of this relates to data governance. Today, governance is about building automation on top of all the visibility we’ve discussed.  

    If you don't know what you've got and where it's exposed, you can't govern it. If you're not monitoring how it's used, you can't govern it because you can't automate anything. Automation has become a critical part of governance in ways never seen before. 

    More data, more problems 

    When it comes to gen AI, every organization is at the beginning of its journey; there are a lot of unknowns. Although we haven’t yet seen data integrity attacks that take advantage of organizations leveraging LLMs and generative AI on big data sets, the potential is certainly there. 

    Thanks to generative AI and LLMs, we live in a different world than we did a year ago. Looking back even further, we have so much more data than we used to. These problems are bigger and harder to solve than they've ever been. Every security issue, whether it's integrity, confidentiality, or availability, is related to data. 

    Varonis continuously discovers and classifies critical data, removes exposures, and detects threats with AI-powered automation. Only Varonis performs data-centric UEBA to detect and stop threats with minimal false positives and provides you with an incident response analyst to proactively watch your data and resolve alerts on your behalf. 

    Ready to see how Varonis can help secure your agency’s sensitive data? Get started with a free 30-minute demo.  

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Brian Vecci
    Brian Vecci Brian Vecci is Varonis' Field CTO and joined the team as a technical evangelist in 2010. He helps protect teams from insider threats, cyberattacks, and terrible sales presentations.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    varonis-datalert-and-ibm-qradar
    Varonis DatAlert and IBM QRadar
    varonis-datalert-and-ibm-qradar
    Michael Buckbee
    March 29, 2020
    Varonis now integrates with the IBM QRadar Security Intelligence Platform, with the Varonis App for QRadar. The Varonis App for QRadar adds context and security analytics to simplify investigations, streamline threat detection, and build...
    varonis-extends-security-capabilities-to-nutanix-files
    Varonis extends security capabilities to Nutanix Files
    varonis-extends-security-capabilities-to-nutanix-files
    Nathan Coppinger
    September 24, 2021
    The Varonis Data Security Platform now supports monitoring, alerting, and data classification in Nutanix Files, providing increased visibility and security over unstructured data. Monitor and secure Nutanix Files with Varonis…
    varonis-adds-sspm-functionality-to-datadvantage-cloud
    Varonis adds SSPM functionality to DatAdvantage Cloud
    varonis-adds-sspm-functionality-to-datadvantage-cloud
    Avia Navickas
    February 23, 2022
    SaaS misconfigurations can unintentionally expose valuable corporate data. The new Insights Dashboard from Varonis helps you find and fix these security gaps.
    varonis-version-7.0
    Varonis Version 7.0
    varonis-version-7.0
    Michael Buckbee
    March 29, 2020
    Version 7.0 of the Varonis Data Security Platform is here – featuring new cloud support and advanced threat detection and response capabilities: new event sources and enrichment; out-of-the-box threat intelligence applied to...