• Home
• GOVERNMENT CXO
• E-GOVERNMENT
• CITIZEN ENGAGEMENT
• TAX AND REVENUE MANAGEMENT
• GOVERNMENT PROCUREMENT
• GREEN GOVERNMENT
• GOVERNMENT DATA MANAGEMENT
• GOVERNMENT SECURITY
• GOVERNMENT CLOUD
• GOVERNMENT ANALYTICS
• GOVERNMENT GIS
• CONNECTED GOVERNMENT
• DIGITAL INCLUSION
• EDUCATION IT
• HEALTHCARE IT

Government Security

Info security in a fast changing world

22 September 2010

FutureGov caught up with Symantec’s Regional Product Marketing Manager Wen Woan Lim for her perspective on how information security is changing in line with emerging dangers in cyber space.

Emerging threats

Today’s threat landscape sees growing malicious activity across developing countries and increases in targeted attacks on enterprises. Readily available malicious tool kits are making it simple for novices to mount attacks, with a focus on intellectual property with web based attacks continuing to be a favoured attack vector. The online underground economy and related malicious activities are benefiting from the recent economic downturn and slow recovery.

The harsh reality is that the anonymity of the Internet and the rapid evolution of threats means people, enterprises and agencies are struggling to maintain confidence in the security of their information, interactions and identities online. Traditional security models are being challenged and new vision of computing is needed with developments such as mobility and cloud computing poised to unleash productivity benefits. Let’s explore some of the emerging trends.

Mobility and the consumerisation of IT

There is now a blurring of the traditional boundaries between individuals’ work and business lives. More and more workers expect to use personal devices to access corporate applications and information. They also expect to do this from any location, including the home, office, a cafe or the beach. Increased availability of Wi-Fi hotspots and rollout of 3G mobile networks along with increasing adoption of cloud computing have sped up this transition.

These changes are combining with increasingly sophisticated and organised threats to change the way we look at information security. Not only can you access information from anywhere and everywhere, you are concurrently being exposed to security risks too from anywhere and everywhere.

Criminals who aim to steal identities for financial gain are replacing the teenagers who broke into personal, corporate and government networks just to prove they could. It becomes more important than ever to prove that individuals are who they say they are so organisations can confidently and securely adopt cloud computing, mobile computing and social networking.

Cloud computing

This is a fundamental change in the way corporate applications and services are delivered to an organization. Many organisations are still grappling with what this emerging delivery model is, what some of the barriers are and how best to take advantage of it. This means they need to understand the benefits while mitigating risks to information privacy and security.

Social media

People often divulge considerable amounts of personal information on social media sites, including details about their location and employment. Attackers use information gathered from social networking sites to carry out targeted social engineering attacks. Attackers rely on users posting significant amounts of personal information to help them craft an attack. Sometimes they even hijack a user’s profile and then propagate an attack throughout the victim’s network of contacts, leveraging trust among friends.

Virtualisation

Virtualisation is the single biggest game-changing trend in IT and is being rapidly adopted and deployed across enterprises. Largely, this is due to the promise of lowered costs, easier management and faster deployments. However, instead of enjoying these benefits, many companies are feeling the burden of how to effectively manage and protect these virtual environments. The challenges of provisioning and managing the virtualisation sprawl, so to speak, can quickly negate benefits of adopting virtualisation if it is not managed properly.

A common security framework approach

With the amount of stored data growing at more than 50 per cent per year, the cost of protecting it is rising exponentially. To meet this challenge without incurring huge cost overruns, organisations need to think about securing their most critical information and setting policies to minimise risk to the remainder. The rapid technology changes facing organizations mean that organisations of all sizes need to consider a common information security framework that introduces:

• Identity security: Proving people and sites are who they say they are
• Mobile and other device security: Securing mobile and other devices and the information on them
• Information protection: Protecting information from loss, attack, theft and misuse—and ensuring that information can be recovered
• Context and relevance: Delivering information that is relevant to people in their personal and professional roles and
• Cloud security: Ensuring the secure delivery of applications and information from public and private clouds

---