As governments around the world increasingly find themselves under varying forms of cyber attack, government departments and agencies are in some cases still playing catch-up with the more advanced areas of private industry, such as the financial sector, when it comes to enterprise security.
Why is that you may ask? The answer is simple: Historically government’s secured their systems and data primarily through separation. That is having discrete isolated systems which only authorised individuals could access from government sites. But the Internet changed all that, as governments have sought to provide e-Citizen services and leverage private sector services. Government systems have become as entwined on the Internet as the private sector.
However, governments have not always been quick to change their mindset from segregated systems to connected systems and the change in security precautions that is required.
Much of the current emphasis is on cyber warfare as highlighted by the recent ‘London Conference on Cyberspace’ attended by a number of major countries. But enterprise security is just as important and provides the security foundation that can be built on to protect against cyber attacks.
Governments are responsible for the safe collection, storage and processing of vast amounts of citizen data and their citizens rightly expect them to take the appropriate steps to protect that data.
So what should government departments/agencies around the world be considering with regards to enterprise security. Well 90% of it is the same as any large corporation, such as:-
The added complexity of course is that as well as the more standard cyber threats, governments are likely to be the target of groups with the skills and resources to make sustained and targeted attacks. Although increasingly, large corporations have seen similar attacks, although with different motives.
So what does this mean for enterprise security going forward? It suggests that government departments/agencies should be learning from industry and utilising the best practice already identified, leveraging both the experience and potentially lower costs available. Governments have traditionally been quick to demand custom products often resulting in far higher costs and losing the collaborative knowledge and experience developed from using products around the world.
This then leaves the specialist security groups within governments to concentrate their resources on specific threats. And as with all industries, these specialist solutions over time can become common place solutions - just as new technology designed for Formula One auto racing eventually finds its way into the average family car.
What have your experiences been when it comes to protecting government data from cyber attacks? What strategies are working for you?
To learn more about HP Government, Risk and Compliance, check out these resources:-
