We talk a lot about security here at Granicus, whether it’s our FedRAMP compliance or our processes for staying ISO 27001 compliant… but so what? Why put so much time, effort and money into security at the state and local level?
Two reasons:
You may assume that the federal government is most in need of top cybersecurity protection, but local governments are the caretakers of more citizen information and actually face more immediate infrastructure threats. Counties and cities are entrusted with a huge amount of personal information about citizens — addresses, contact information, sensitive benefits information, mother’s maiden name, property information, etc. — things a hacker would love to intercept. And recent studies show state and local governments are not feeling confident in their cyber security systems and skillsets.
Most public infrastructure systems are locally run (e.g. water treatment facilities, police dispatch centers, city hall systems), and cyber threats to these systems can disrupt daily life for everyday citizens. There is evidence that hackers are regularly trying to access local government systems to disrupt systems and create chaos. Virginia Governor McAuliffe reported in February that the state and local government organizations faced 86 million separate hacking attempts in 2016. The state of Utah reports that up to 300 million attempts a day on government systems occur throughout the state, up from only 25 to 80 thousand just a few years ago.
In order to combat these attacks, each and every system in place in your organization must be committed to protecting their systems, both physically and online. Each vendor must meet security standards of excellence Unfortunately, most civic tech providers for local governments don’t have the resources or commitment to security to protect citizen information in the 21st century.
We are committed to providing you with the most secure solution in civic tech, whether you’re looking for digital communications tools or legislative management tools.
How do we do that?
One of the biggest weak spots for any security system are the people involved. Careless human errors can ruin even the best technology so we’re committed to continually updated annual security training for every Granicus employee, and frequent security audits of our workplaces to ensure security procedures become part of the everyday routine. Whether it’s a software engineer or an account executive in the field, security is engrained in the day-to-day. Additionally, security threats aren’t just evaluated by our dedicated security team, but also by a team of our top executives, including CEO Mark Hynes, during regular incident audits.
Second, our systems’ protection is world-class. Our infrastructure is scanned for vulnerabilities on a monthly basis, and a growing suite of products across our communications and legislative solutions, are scanned during this process.
Granicus also has primary and secondary backup routines in a system with maximum durability, which re-emphasizes our commitment to secure data storage and security.
In the last few weeks, Granicus successfully migrated many of our legislative solutions to the same data centers as our FedRAMP compliant communications solutions. These data centers not only feature extremely high cyber security features such as encryption at rest of all data and weekly automated scanning at the application and network level, but enhanced physical security too.
The datacenter uses five concentric rings of security, from fences and a staffed perimeter, to a multi-level entry process to validate permissions and identifications of anyone entering or exiting the area thoroughly. The Granicus data centers offer modern day Fort Knox-level security, because the data you’re entrusted with and the availability of your systems is that important.
There are three reasons that we continue to improve the security of the cloud applications we provide to government organizations: Confidentiality, Integrity, and Availability. This is known as the Central Intelligence Agency (CIA) triad of security.
Confidentiality: As a local government you have a wealth of confidential information from citizens that you’ve been entrusted to protect from outside threats. As an example, cities that use our Legistar solution, which includes the majority of the 50 most populous cities in the United States, now benefit from being better protected against hacks to their city via their agenda management software. Any weak application can be a window for hackers to get into city systems, and Granicus is committed to ensuring the clerk and council is never putting the city at risk.
Integrity: The information you put into any application, whether it’s an email message going out to citizens or the documents of an agenda packet, needs to be accurate and protected. While hackers may aim to intercept and change this information, instead sending out their own messages or altering the language of a bill to be considered, a system like what we have at Granicus that encrypts information and keeps information safe at U.S.-based proprietary data centers retains the integrity of the information you create and exchange.
Availability: Government work doesn’t stop, and the solutions you use and information you possess and create must be available at all times. Our security commitment ensures that the right people have access to the right systems whenever they need them, never exposing your staff or citizens to being locked out of the information they need. In times of crisis or emergency, ensuring that citizens are able to access your website, or communications may be critical, and we take that responsibility very seriously.
We know security is at the very top of your list as you’re looking for new solutions that fit your organization’s needs now, and into the future. We invest in updates like these to keep us on the forefront of civic tech solutions, and protect what you’ve been entrusted with by your citizens.
If you’d like to know more about our recent data center changes, or our commitment to security, check out our security page and then reach out to us at info@granicus.com – we’d love to talk about your security needs.