In line with developments in the private sector, government ICT systems are opening up to new channels to support employees’ desire to work flexibly and, increasingly, to use their own devices. This trend has enormous productivity benefits, but it adds to the security issues that government CIOs face. 
One of the burning issues is the fact that any organisation’s employees actually constitute the greatest information security threat. It’s a threat that is growing.
A recent e-Crime Watch found that 51% of 532 organisations had experienced an insider attack, up from only 39% of organisations three years earlier. The Wikileaks saga shows the extent to which government systems, in particular, are vulnerable to insiders.
Much of the information stored on government IT systems is sensitive. It includes personal information about citizens and their tax affairs, as well as government information of varying degrees of sensitivity, from confidential to top secret.
“Technology created the problem, and it has the solution,” says Gordon Hayden, sales manager at CA Southern Africa. “What’s needed is a comprehensive, integrated security solution across all its systems to protect its information from external threats, and control employee access depending on job requirements and security clearance.”
The first challenge, says Hayden, is managing access and identities across the applications and information sources in the departments. Public servants often have access to information they do not require to do their jobs, and the lack of audit trails means that there is little or no accountability.
In the first place, managing access and ensuring accountability would help reduce corruption. In fact, one of the key elements of the turnaround at the Department of Home Affairs has been the use of biometrics to create audit trails securely linked to individual staff members.
And, by stopping employees from accessing information which they do not need for job purposes, this approach will also help prevent information leaving the system.
“One needs a policy-based solution that will stop sensitive information from exiting the department – not one that simply tells you it has gone.” Hayden says. “I suppose it’s good to know that the budget speech has been leaked before Minister Gordhan has delivered it, but far better to stop it going out in the first place.”
The solution should also be intelligent enough to alert users when information is sensitive and they are transgressing departmental policy.
CA has developed CA DataMinder. “In this way, inadvertent violations are prevented, educating users in realtime about security policies. The solution must also keep a clear audit trail of who had access to each piece of information and what they did with it.”
It goes without saying that any solution must support flexible policy definition so that each department’s requirements are met.
“Government needs a complete solution for protecting its information, with a high degree of automation,” Hayden says. “Such a solution is vital, given the sensitivity of the information that government holds and the greater access its employees – and, ultimately, citizens – will require.”