In One key focus for government entities is to enable all government bodies with adequate IT infrastructure to serve the public better. However, the roles of IT managers are confined to just keeping the lights on. The new concept of IT aligning with business to drive growth is still not nurtured in the sector.
There is absolutely no doubt that government bodies including PSUs are aggressive about absorbing new technologies, focussed around network up-gradation, data security, building data centre across locations, increasing focus on building SWAN etc.
However, when it comes to information security, the approach is lackadaisical.
CISO Challenges
As long as there is no structured designate CISO (chief information security officer) role in the government sector, security related threats are not taken so seriously. The tools deployed are not up to the mark and the advance in technology is not leveraged to the fullest extent.
Also, the technological deployment process has to undergo multiple levels of verification and approval right from inception to post-delivery management. This, at times, takes very long. But, today, technology evolves at a very brisk pace: by the time a project reaches initiation of execution, the technology could be so advanced that the process could have to start from scratch again.
The government sector fails to understand that information is money and that every department or group is responsible for protecting information.
Best Security Practices
It is crucial for any IT manager in the government to evangelise the importance of governance, risk and compliance within the company. It is critical to focus on the hygiene factor and reiterate the importance of protecting data. Understanding the importance of risks emerging out of social media and also the emergence of BYOD (bring your own device), which could increase threats, is vital.
The first step towards addressing security challenges is to align the solution delivery model to government requirements. This model would help the service partner understand the requirement faster and undertake quick and effective implementation of IT projects within the given timeline. Besides, having an effective project management office which ensures complete customer satisfaction and great customer experience is a must. The hygiene factor could be established by
* Deploying a good IT Service management (ISMS) framework solutions based on ISO 20000 to measure as well as monitor the effectiveness of IT services
* Establishing a Business Continuity management system to prepare and avoid disruptions in services in case of unplanned incidents
* Adopting new security tools and technologies for cost saving, and building a transparent ecosystem which is the need of the hour
* Focussing on providing us with a robust, secured and wide network across the length and breadth of the nation so that enterprises can incept and operate from every corner
* Active involvement of decision makers and faster processing of security project; this is important to secure the environment
* Having a right technology partner who acts as a consultant to the government, the need of the hour
Security heads or IT managers in the government sector have to take their role seriously and work out an effective RoI strategy. There is a need to create a matured security model to justify security investments. The investments should be appropriately planned. Single integrated management systems which can address both business continuity and IT services need to be evolved. Periodic security audits will create a good hygiene factor. For instance, quarterly internal audits are critical, while a yearly external audit is desirable.
Atul Khatavkar,
VPIT,
Governance Risk Compliance, AGC Networks
Add new comment