How Delaware locks down corrections data
Connecting state and local government leaders
To secure criminal, medical and financial data for about 4,500 inmates across several facilities, the Delaware Department of Correction relies on a solid data protection strategy.
To secure criminal, medical and financial data for about 4,500 inmates across several facilities, the Delaware Department of Correction (DOC) relies on a solid data protection strategy.
“Because we have so much information on the offender, it’s very important for us to maintain that information,” said DOC CIO Phil Winder. “We have their total medical information – what prescriptions they’re taking, what their diagnosis [is], what issues or problems they’re having. I also have their sentencing information.” In addition, he said, DOC tracks inmates’ educational accomplishments and activities that might reduce their sentences. Other data points include footage from the departments’ 2,000-plus security cameras and telephone calls and videoconferences between inmates and family members.
“We took the approach that we were going to have a shared access point network,” Winder said so correctional officers and medical professionals could have easy access to data about “who they’re talking with and make sure they’re providing them whatever assistance is needed.”
During a recent weekend test of its data backup and recovery system, Commvault Complete, DOC found that offender account data was missing. Initially assuming a breach or a loss, Winder and his team discovered that the data was there, but it wasn’t going through the restore process.
“It was a step we missed,” he said, noting that this is why it’s so crucial to run these checks. “What we do is mission-critical, and we can’t afford to be down for even a few minutes…. That’s the difference in someone being released, that’s the difference in someone getting medication, that’s the difference in someone being able to make a call.”
The COVID-19 pandemic is another reminder of the importance of keeping technology up-to-date.
“Nobody would ever say that [in] the United States, every jurisdiction would come to a crawl, but it did,” Winder said. “You have to resort to other means to get things done, so everybody went to a Zoom platform or a Skype for Business platform or Microsoft [Teams], so in order to be able to maintain that threshold, you have to have excellent equipment.” DOC has been able to keep court cases and video visitation moving forward during the health crisis, he said. “Technology has kept us in the game.”
Additionally, as the number of ransomware attacks has risen – VMware Carbon Black analytics found a 148% increase in March over baseline levels from the previous month – DOC has yet to suffer an attempt, Winder said. He credits DOC’s storage, which he declined to specify, and Commvault’s ransomware-monitoring feature.
“I always like to keep myself and my staff up-to-date on anything that we touch, anything that we do,” Winder said, adding that DOC makes almost daily tweaks to ensure security and performance. “The good thing about backup and restoration software is once you have certain things in place and they’re running well, you really don’t have any challenges.”
What’s more, the current setup lays a foundation for adding artificial intelligence, which Winder said he hopes to implement in the next two years. Specifically, Winder is looking into using facial recognition to help monitor who’s within prison walls.
“It’s actually going to increase the safety and the security within the facilities,” he said. “AI in correctional facilities, whether it’s in Delaware or California, will help with putting a computerized set of eyes on all this data, and that’s key.”
NEXT STORY: Spotting zero-day ransomware