The government’s top IT official said all agencies have submitted their lists of high-value assets, which now include data.
In an age where everything is being digitized, bits of data are more often worth more than the hardware it is housed within. Even advanced, expensive networks and systems only exist to hold highly valuable data.
The federal government has come to understand this and is officially classifying and tracking data as an asset separate from others, according to federal Chief Information Officer Suzette Kent.
As agencies tick through the list of deliverables in the President’s Management Agenda, each has had to create an inventory of high-value assets. All of the agencies have completed that work, and the lists now include data, rather than just hardware and applications, Kent said during a keynote at an event hosted by FCW Thursday.
This was a new tack for Office of Management and Budget, she said.
It’s not that agencies weren’t supposed to be aware of high-value data. Guidance from OMB required agencies to look at underlying data in determining which assets were high value, however, “the agencies’ tended to categorize [high-value assets] based on their mission function and the costs of the systems,” a senior administration official explained to Nextgov.
As technology advances and data are less tied to individual systems—whether migrating to the cloud, transmitting or pulling information through an API or being shared with multiple agencies and partners—agencies need to be thinking about data security separately from other assets like hardware and applications, the official said.
Having a new metric to track also means more work. Now that agencies have a catalog of their high-value data, those assets need to be properly managed and protected.
“Because data was in the identification effort, we have a lot of work to do around how we protect data and how we continue to classify those data sets,” Kent said. “In the coming months, that’s going to be the focus of some of the work you’re going to see: addressing the security gaps with those particular sets of assets.”
Kent didn’t provide a timeline for specific initiatives around securing data assets but noted agencies are on track to complete all 52 tasks in the management agenda before the end of the year. So far, 37 are done, with a few more near completion, she said.