Security heads in the government sector need to work out an effective strategy for reaping the best return on investment
One key focus for government entities is to enable all government bodies with adequate IT infrastructure to serve the public better. However, the roles of IT managers are confined to just keeping the lights on. The new concept of IT aligning with business to drive growth is still not nurtured in the sector.
There is absolutely no doubt that government bodies including PSUs are aggressive about absorbing new technologies, focussed around network up-gradation, data security, building data centre across locations, increasing focus on building SWAN etc. When it comes to information security, however, the approach is lackadaisical.
As long as there is no structured designate, CISOs (chief information security officer) role in the government sector is not taken seriously. The tools deployed are not up to the mark and the technological advancements are not leveraged to the fullest extent. Also, the technological deployment process has to undergo multiple levels of verification and approval right from inception to post-delivery management. This, at times, takes very long. But, today, technology evolves at a very brisk pace: by the time a project reaches initiation of execution, the technology could be so advanced that the process could have to start from scratch again.
The government sector fails to understand that information is money and that every department or group is responsible for protecting information.
Best Security Practices
It is crucial for any IT manager in the government to evangelise the importance of governance, risk and compliance within the company. The first step towards addressing security challenges is to align the solution delivery model to government requirements. This model would enable the partner to undertake quick and effective implementation of IT projects within the given timeline. Having an effective project management office is critical. The hygiene factor could be established by:
- Deploying a good IT Service management (ISMS) framework solutions based on ISO 20000 to measure as well as monitor the effectiveness of IT services
- Establishing a Business Continuity management system to prepare and avoid disruptions in services
- Adopting new security tools and technologies for cost saving, and building a transparent ecosystem which is the need of the hour
- Active involvement of decision makers and faster processing of security project; this is important to secure the environment.
Security heads in the government sector have to work out an effective RoI strategy. A matured security model to justify security investments and single integrated management systems which can address both business continuity and IT services need to be evolved. Periodic security audits will create a good hygiene factor.
~ Atul Khatavkar is VP - IT Governance, Risk & Compliance, AGC Networks.