IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Government digitisation brings benefit and risk to citizens
Thu, 3rd Dec 2015
FYI, this story is more than a year old

The trend of digitisation is actively being pursued by governments around the world as they begin to move information and services online, according to UXC Saltbush, the ICT and security firm.

Digitisation marks a natural progression into the 21st century and enables governments to provide a platform for citizens to access and use their services via the cloud and from mobile devices.

However, the massive amount of data being captured, stored, analysed, and managed poses significant concerns for security and privacy, according to UXC.

David Jarvis, UXC Saltbush national practice lead, says, “The global trend towards digitising government is gaining pace because of the speed at which new technology is being developed.

“It offers great benefits to governments such as costs savings, increased efficiency, more effective planning and policy development, better integration of services, and a more personalised approach.

He says, “For citizens, digital government enables self-empowerment and self-servicing. It also lets governments accurately measure and analyse a multitude of dimensions regarding their resources and their citizenry.

“These types of measures will mean more accurate forecasting and, in turn, let governments create more effective policies and provide smart services that address citizens' needs."

“These developments will prove transformative, but the large-scale capture, management, and storage of significant amounts of personal and private data about citizens poses some incredibly difficult questions regarding privacy and security.

“As individuals become increasingly virtualised, the potential and implications for the misuse of their data becomes more real.

“Keeping the balance between possible risks and benefits to citizens, while executing effective government policy and providing services will be no mean feat: it could prove a stumbling block for digital government,” Jarvis says.

Citizens already expect a certain level of service based on their existing digital interactions with private businesses, and they bring those expectations to their interactions with government, UXC says.

However, in the process of moving to digital services, governments need to provide solutions that go above and beyond the boundaries of traditional systems, says UXC.

According to UXC Saltbush, there are five security and privacy must-dos for digital government.

1. Prioritise and use patch management to ensure that applications and operating systems are kept up to date, and apply patches as they become available.

Zero-day threats are not the only concern; many exploits occur in the wild against known vulnerabilities after a patch has become available. Governments must know their technology stack and insist on transparency from providers with regard to underlying technology, including mobile applications, UXC says.

2. Enforce application whitelisting. It's much easier to manage a limited set of applications than to chase a moving or unknown target, UXC says.

Limit privilege and functionality to the task at hand by minimising administrator privileges to ensure that, even if a compromise occurs, the possible damage to systems and data integrity will be limited.

3. Have strong and transparent data collection policies, and enforce them. Limit the data collected only to what is necessary for the system to function. It is also important to understand the value of data and assets. Use classifications according to sensitivity and prioritise security investments according to classification, says UXC.

4. Use good information about network behaviour to be aware of possible issues highlighted by anomalies, and about current threats from the wild to ensure appropriate monitoring and preventative measures are taken, the company says.

5. Make security and privacy a consideration in the development of every new digital process. Even as systems and solutions mature to being outsourced the responsibility remains with government to ensure that solutions are designed with security in mind, according to UXC.

“It's important to remember in all this that security is an iterative and infinite process. Government policies must continue to be tested regularly against changing real-world conditions,” Jarvis says.