Published on the 02/12/2015 | Written by Newsdesk
Digital governments will prove transformative for planning and delivering services to citizens – but the data being captured, stored, analysed and managed poses security and privacy risks…
Digital government is the outcome of a gradual process of moving government information and services online. The Government provides a platform for citizens to access and use these services, via the cloud, from mobile devices, when and where their citizens want to use them, in a transformative way. This global trend is being actively pursued by governments all around the world.
UXC Saltbush national practice lead David Jarvis said digital government is gaining pace as it delivers benefits such as costs savings, increased efficiency, more effective planning and policy development, better integration of services, and a more personalised approach. “For citizens, digital government enables self-empowerment and self-servicing. It also lets governments accurately measure and analyse a multitude of dimensions regarding their resources and their citizenry. These types of measures will mean more accurate forecasting and, in turn, let governments create more effective policies and provide smart services that address citizens’ needs.”
However, he added, the large-scale capture, management, and storage of significant amounts of personal and private data about citizens poses difficult questions regarding privacy and security. “As individuals become increasingly virtualised, the potential and implications for data misuse becomes more real. Keeping the balance between possible risks and benefits to citizens, while executing effective government policy and providing services will be no mean feat: it could prove a stumbling block for digital government.”
Citizens already expect a certain service levels based on existing digital interactions with private businesses. But as they move digital services, government agencies need to provide solutions that go above and beyond the boundaries of traditional systems, said Jarvis.
He offers five security and privacy ‘musts’ for digital government:
1. Prioritise and use patch management to ensure that applications and operating systems are kept up to date, and apply patches as they become available. Zero-day threats are not the only concern; exploits occur in the wild against known vulnerabilities after a patch has become available. Know your technology stack and insist on transparency from providers with regard to underlying technology, including mobile applications.
2. Enforce application whitelisting. It’s much easier to manage a limited set of applications than to chase a moving or unknown target. Limit privilege and functionality to the task at hand by minimising administrator privileges to ensure that, even if a compromise occurs, the possible damage to systems and data integrity will be limited.
3. Have strong and transparent data collection policies, and enforce them. Limit the data collected only to what is necessary for the system to function. It is also important to understand the value of data and assets. Use classifications according to sensitivity and prioritise security investments according to classification.
4. Use good information about network behaviour to be aware of possible issues highlighted by anomalies, and about current threats from the wild to ensure appropriate monitoring and preventative measures are taken.
5. Make security and privacy a consideration in the development of every new digital process. Even as systems and solutions mature to being outsourced the responsibility remains with government to ensure that solutions are designed with security in mind.
Jarvis said security is an iterative and infinite process. “Government policies must continue to be tested regularly against changing real-world conditions.”