Cyber threats are amongst the most daunting challenges the organizations are grappling with. The implications can go far and beyond as there is a risk of loss of crucial public information. In an interaction with Dataquest, Surendra Singh, Regional Director, Saarc and India, Websense talks about the impact of cyber threats on eGovernance projects, the challenges for IT decision makers in such projects, and the ways to attain comprehensive data loss prevention. Excerpts
How are eGovernance projects vulnerable to advanced cyber threats? Is this impacting the successful completion of projects, and how?
The rise of eGovernance has led to unintended security implications and new vulnerabilities to cyber threats. One of the key concerns for the near future of eGovernance is the security of information infrastructure and government information applications. Public services provided by eGovernance to citizens, enterprises, public offices, government administration, and agencies via Internet and mobile connections are vulnerable to a variety of advanced threats.
The security challenge for government agencies is two-fold: External and internal threats. Data leakage and network instability can have disastrous consequences, regardless of their origin. Many threats exist due to user indifference and negligence. Users may unknowingly open doors to external threats by using unauthorized or unpatched software that allows hackers to enter the system. Employees may routinely transfer sensitive data onto removable devices and leave the building, only to discover later that the device has been lost or stolen. If the data has not been encrypted, the consequences are more serious.
A data breach can result in intangible project costs including loss of productivity, performance, and reputation. Resolving these issues can quickly impact budgets as the time necessary to do so translates to unplanned man hours and technological fixes.
What are the challenges it poses to IT decision makers in eGovernance projects?
Decisions makers in the government have to choose newer technologies that promise better security solutions. However, they also come with the risk of failure and the associated cyber risks. While considering a technology, they need to maintain a fine balance and remember the following things:
Relevance: Social accessibility, usability, and acceptance
Economics: Costs, maintainability, reusability, and portability
Technical Features: Interoperability, privacy, security, and multi-modal interactions
How can a robust cyber security infrastructure and policy framework be created? What are the key essentials?
Critical infrastructures can be fortified using physical (onsite) procedures, policies, and measures as well as technological means. Several organizations and individuals are capable of conducting such attacks. These technologies, including access control technologies, system integrity technologies, cryptography, audit and monitoring tools, and configuration management and assurance technologies, can help protect information that is being processed, stored, and transmitted in the networked computer systems that are prevalent in critical infrastructures.
How can Websense help in safeguarding crucial government data against external or internal threats?
Security measures must be implemented to block the entry of unauthorized users and prohibit the exit of confidential data, among other things. Websense has developed solutions in lockstep with governmental requirements and standards, helping agencies ensure compliance. Websense’s security management software protects against internal risks and external threats targeting government organizations by providing comprehensive vulnerability management, end-point security, and data protection solutions. It provides a defense in depth approach to end-point security, including eliminating the risk of sensitive data from being improperly disclosed and minimizing the vulnerability window of exposure through rapid remediation. It also helps to control and monitor the flow of inbound and outbound data via removable devices/ media and protects data using validated encryption.
How can organizations benefit by deploying comprehensive data loss prevention (DLP) solution?
DLP solutions can help secure sensitive information and intellectual property by preventing data loss through its transmission and exchange, including email, web, USB, and other channels. It also has the ability to identify and monitor organizations’ sensitive data apart from providing visibility into where the data resides, where it’s sent, and by whom.