Emerging technologies such as Web 2.0 and cloud computing, plus new ways of transacting and accessing information through new media, have bolstered the importance of online security for public sector institutions.
The public sector typically holds the personal data of its citizens, as well as other sensitive national information.
As a result, according to Gerald Wang of IDC Government Insights, any compromise of this sensitive data can severely dent public safety, national security and undermine public trust.
Speaking to BizIT, Mr Wang, who is senior market analyst at IDC Government Insight Asia-Pacific, said the top three threats facing public sector ICT systems in Singapore and the region are: a) data loss protection; b) messaging and Web security; and c) security policy and compliance.
'While cloud computing and Web 2.0 technologies have been around and actively discussed over the past few years, governments are still at the infancy stage in utilising these technologies to interact with their citizens,' Mr Wang said.
One reason for this is that governments are cautious about exposing sensitive data by using such technologies, he said. Many government implementations in this sphere are, therefore, limited in scope.
'In Singapore, for example, government agencies provide information on policies and invite discussions from citizens via public platforms such as Facebook,' he said. 'Yet, other e-government services that entail transactions of sensitive information with citizens or businesses continue to be carried out via secured channels.'
Security risks associated with public clouds have led many governments to consider hybrid and private cloud models instead, where there is better control in terms of where information is stored and processed, Mr Wang explained.
His colleague Janet Chiew noted that Singapore is one of the first countries in the region to have developed a national security masterplan.
'The setting up of the Singapore Infocomm Technology Security Authority in 2009 demonstrates further the high emphasis the governments puts on security against cyberthreats,' said Ms Chiew, who is research manager at IDC Government Insights Asia-Pacific.
She added that while security will continue to remain an issue for governments to contend with, there are sufficient technologies that can be deployed to address these concerns.
With high expectations on government efficiency, G2C (government to consumers) communications and G2G (government to government) collaborations cannot afford to be hindered by security concerns, she added. 'Governments should take pro-active measures in developing security policies as a best practice in any ICT design and implementation. Indeed, good governance and conscientious monitoring will be required to ensure that policies are adhered to and reduce chances of security breach due to human lapses.'
The Infocomm Development Authority of Singapore (IDA) announced the setting up of a Cyber Security Awareness Alliance in March this year, bringing together public sector agencies, major security vendors Symantec and McAfee, and technology companies such as BT Frontline and Hewlett Packard.
'Each of these companies have their initiatives in cyber security and awareness education,' said Ms Chiew. 'As the sophistication of cyber attacks increases, security companies are keeping governments abreast of new developments in Web security. Expectations are on vendors to provide more end-to-end security solutions, ranging from physical desktop/enduser security to data encryption and secure server operations.'
Mr Wang believes cyber security needs to be addressed through a collaborative approach by governments, citizens and vendors. 'Equally important - and not be be overlooked - is business recovery, so critical operations need not come to a standstill in the unfortunate event of a security breach,' he said.
In a survey carried out by IDC Government Insights with public sector executives in 13 countries across the Asia-Pacific, respondents from 12 countries ranked security-related initiatives among their top five IT-related priorities for 2010, Mr Wang noted.
'At the same time, two-thirds of the respondents said their organisations will increase spending on security software over the next 18 months to address IT security threats and improve compliance,' he said.
According to him, this is an encouraging sign that shows governments recognise the importance of information security, as the volume of online transactions and exchange of personal information of citizens over the Internet proliferates.
'That being said, there is still a small, but significant proportion (12 per cent) of public IT officers who invested in data loss protection technologies, only upon experiencing a security breach, or upon learning of high profile data leak cases in other organisations,' Mr Wang said.
'As a custodian of information of its citizens, inadequate security considerations can lead to information loss resulting in grave consequences.'
Ms Chiew added: 'To combat international cyber terrorism, Asia-Pacific public sectors need to continually address the disclosure, archival and ownership of data surrounding Web 2.0 and social media, as well as increase collaborations at national and global levels.'
She added that starting with national security masterplans and policies, it is integral that governments put in place structured mechanisms to achieve tangible results when implementing ICT security.
Mr Wang said: 'Given the global nature of IT security threats and the growing number of incidents targeting the public sector, IDC Government Insights foresees that a whole new complex IT security paradigm will emerge in the near future.'
---
Autor(en)/Author(s): Amit Roy Choudhury
Quelle/Source: The Business Times, 19.07.2010
Bitte besuchen Sie/Please visit:
