As part of the National Infrastructure Protection Plan (under the Financial Services Sector), TransUnion plays a key role in protecting credit and financial-related data of hundreds of millions of Americans. In that vein, we aim to show government and industry partners the tools available to help protect their own data — especially regarding fraud mitigation, insider threat detection, continuous vetting of government personnel and identity verification/authentication, among others. We understand the critical importance of ensuring safety in a space where national security and ultimately, citizens’ lives could be at stake, and we’re ready and able to assist.
We asked Jonathan McDonald, Executive Vice President of TransUnion’s Public Sector business some pressing questions to further understand how TransUnion is invested in helping public sector entities enhance their national security capabilities.
Q: In addition to helping secure Government Agencies and other Public Sector entities, do you also have a role in helping secure the Defense Industrial Base Sector?
A: Absolutely. Defense contractors conducting research and development, weapons design, production and delivery, etc., have similar challenges and concerns as the government. It’s imperative they prevent intellectual property exfiltration, potential espionage, workplace violence, and other unwanted behaviors that may adversely affect operations. TransUnion provides data and analytics to some of the largest defense contractors, better enabling them to develop a holistic view of their trusted workforce. For example, we can proactively determine if any one of their population is heading toward financial distress so assistance can be offered to avoid financial-related problems — instead of reacting once a problem occurs. This offers an advantage in that personnel problems may be avoided before they hit the government’s radar. This potentially saves an untold amount of resources (and personal grief) by helping prevent the loss of a security clearance due to financial concerns. We can also reactively alert the employer or government when someone within the trusted workforce has committed a crime outside of the workplace through our comprehensive public records database alerting process.
Q: To gain that “holistic view”, it sounds like more than credit data is involved. What other data does TransUnion provide?
A: We’ve purposefully acquired assets that take us beyond being “just a credit bureau” to ensure we help the public sector keep agencies and citizens safe. In fact, TransUnion is the only nationwide company with both comprehensive credit records and public records. We also gather trended data to get that complete consumer picture that considers a person’s credit risk trajectory over 30 months instead of merely a snapshot in time. This capability is revolutionizing the way lending institutions and government entities evaluate a person’s credit risk. To further augment our capabilities, we’ve made additional acquisitions to strengthen our position in the fraud and identity management space, as well as increase our alternative lending database to score more consumers.
Q: What are your challenges in protecting data on such a large scale?
A: TransUnion has a very robust INFOSEC program managed by IT security professionals with deep expertise in both industry and government. We maintain a 24/7 security operations center to remain ahead or on top of potential problems. We also maintain redundant and distributed power supply, storage and production capabilities so that we achieve 99.99% uptime. Our Insider Threat and Cyber Threat Programs are managed by experienced professionals who implement government-level security standards to ensure we’re employing the most up-to-date security protocols. TransUnion owns our own data centers, and both physical and virtual access are controlled through multiple security protocols. Additionally, we use government approved GSA storage standards and 100% monitored visual coverage via a system of cameras and motion detectors.
Q: Regarding insider threat and continuous vetting, are you finding a significant difference in public sector data requirements as compared to those in the private sector?
A: Interestingly, there appears to be slightly different motivations in government and industry approaches — mostly in the way the sides message their workforce. For government employees, continuous vetting/monitoring is written into their contracts and implementing programs using external data sources from TransUnion is somewhat more acceptable and thus, easier to implement either program. My experience with private sector entities has shown there’s some hesitation to ingest the full range of available data sources due to privacy concerns. However, I’m noticing a shift in this position when we discuss viewing insider threat programs (or, better stated, trusted workforce programs) as an investment rather than a cost center. The government is writing security requirements into every solicitation, so those companies with robust, well established programs will have an advantage over those only putting forth minimally required efforts.
Q: Are you developing any new capabilities to augment your current government-specific solutions?
A: Without going into too much detail, TransUnion is researching the use of cryptocurrency’s impact on fraudulent and money laundering-related activity; the emergence of artificial intelligence capabilities that could enhance risk-related analytics in the government sector; supply chain risk management capabilities to help the government develop a deeper awareness of varying threats to every layer of the supply chain; and the inclusion of non-regulated data to support insider threat and continuous vetting programs. Bottom line, we always keep our finger on the pulse of the needs and trends of the public sector.