It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.

Steve Jones, Group Strategy Director, Big Data & Analytics, Capgemini

July 14, 2014

2 Min Read

there is an employee who regularly downloads multiple documents late on Wednesday evenings? Do they work flexible hours, or are they planning on joining a competitor and stealing your intellectual property?

This is where data science comes in. Applying the same sort of analytics to its own data that the NSA applies to external data would have identified Edward Snowden as an outlier very early on. Data science -- specifically, anomaly analytics -- helps to find what isn't normal. It can be applied to procurement fraud, tax yield management, cyber security, and more, and it brings more adaptive methods to deal with new threats rather than adding more bolts once the horse has left the barn. The goal of anomaly analytics is to let you know when the bolt is being rattled before the horse decides to run with another jockey. It's about finding out what could be a problem and then having processes in place to handle that.

How is this done? First, data scientists within an organization need to establish what constitutes "normal" employee behavior by analyzing a host of different variables over a period of time to identify how the majority of staff members complete tasks on a day-to-day basis. Then, by running an analysis on those findings, employee profiles that do not correspond to those typical behavioral patterns can be flagged.

Here's a specific example of how this requires governments to think differently: Government data analysts identify a coffee shop that is running more money through the tills than what is classified as normal, and the owner is linked to another shop opening elsewhere in the country. There is a possibility that this could be a front for money laundering, but how do you go about requesting a warrant or authorize surveillance based on a potential future threat? The challenge for pinpointing insider threats and confirming that they are real is similar, but watching for suspicious patterns is a good starting point.

The security landscape is evolving, and we cannot rely on traditional methods to keep data and our constituents 100% safe. The "Just Say No" mentality within government security needs to evolve to become a driver for optimization, enabling the business of government to continue forward while effectively preventing rogue behavior. Anomaly analytics isn't rocket science, and with a robust, up-to-date IT infrastructure and a set of carefully applied algorithms, data breaches can be identified and dealt with quickly to prevent outliers such as Snowden from engaging in illegal activity.

NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

About the Author(s)

Steve Jones

Group Strategy Director, Big Data & Analytics, Capgemini

Steve Jones is Capgemini's Group Strategy Director for Big Data and Analytics. He is the author of Enterprise SOA Adoption strategies and the creator of the Business Data Lake reference architecture, the first unified approach to big and fast data analytics. He has worked across multiple sectors around the globe, normally at the forefront of technology evolution. Steve worked with Google and Salesforce in 2006 and 2007 on the early adoption of SaaS by businesses, then with Amazon in 2008 as cloud computing became a new challenge, and hence today in big data and analytics. His focus is on how to create IT estates that model the business, evolve in line with the business, and are costed based on the value they deliver.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights