In the quest to transform operational security into business intelligence, government agencies should be aware that there is no silver bullet or miraculous solution.
That was the message from Logan Hill, security and availability solutions manager of Faritec, in his presentation to the SITA GovTech 2007 conference last week. According to Hill, the best approach is to unlock business value and benefit through the effective implementation of a mature security operations model.
“The ‘big bang’ approach is definitely not recommended,” he said. “Instead, government agencies should focus on understanding the business requirement and defining achievable goals which address those requirements. The next step is to build a security operations model which allows the organisation to scale as services grow.”
Typically, these organisations are looking to control and justify the application and use of resources in the business, and to govern the users’ access to these resources. There is a need to demonstrate good governance and a sustainable security maturity, as well as to achieve and maintain compliance.
According to Hill, a properly-defined security operations model can be used to address the relationships between the physical and logical realms of the business, thereby ensuring system and user integrity is maintained and measured.
“Once the government agency has contextualised what needs to be protected, it can build defence zones and introduce graded use of the zones,” he says. “Understanding the flow of business helps identify the weakest link, and it is also important to define boundaries. This extends the organisation’s chain of control so that it can involve, educate and assist its partners in business, which leads to collective intelligence.”
Hill cites an example of a large organisation with more than 4 000 employees spread geographically over the business. User vetting was not conducted, and there were immature authentication mechanisms in place.
In addition, there was a lack of checks and balances and fraud was usually only discovered after the fact.
The mechanisms for user control and monitoring were also severely limited, and there was no capability to tie physical identity to the transaction or process being investigated.
“The solution was to enhance the physical access system to accommodate secure work enclaves, and to tie physical location to logical access,” he says. “This meant that users were only authorised to log into resources once they were within the confines of the secure enclave.
“We also used biometrics to enhance resource authentication, and implemented a system whereby users automatically logged off systems when leaving the secure enclave using a physical access card. This card is tied to the user’s identity as well as the systems being accessed.”
Furthermore, 24×7 monitoring of the process collects and correlates events from the physical access system, the identity management system and audit information. The organisation also receives immediate, automated notification of any violation of the systems.