We are creating some awesome events for you. Kindly bear with us.

Aravindan Anandan, Barracuda Networks, Discusses the Current Threat Landscape

Aravindan Anandan

OpenGov recently had the chance to speak to Mr. Aravindan Anandan, Consulting Systems Engineer Asia Pacific Barracuda Networks, on the current threat landscape facing the public sector and what he advises organisations do, in order to better protect themselves.

What do you see as trending right now in the Cyber Security realm?

Cybercrimes tend to occur in places with high concentration of wealth and relatively porous cyber defences and attackers continue to increase in reach and creativity

Threats from third party providers- Multinational companies with long supply chains are more susceptible to cybercrimes as they offer more potential points of attack. A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality and integrity being compromised

Increasing plans for regulation around the collection, storage and use of information along with severe penalties for loss of data and breach notification.

In Asia-Pacific, the attacks are becoming increasingly sophisticated and Advanced Persistent Threat (APT) attacks have become a major concern over the last two years.

At the heart of this, the focus on the threat vectors seems to be the same though. Users, Mobile devices, web form some of the most sought after threat vectors.

What solutions do you provide to the public sector?

From a security perspective, the public sector faces more or less the same challenges as the other industries. They are increasingly adopting to web technologies and focussing on moving resources to the internet. So application security solutions are much needed.

What do you feel is the most critical mistake that public sector agencies make when planning their security strategy?

Failure to view data security as a "business problem" and not just an "IT problem"

Emailing unencrypted data, having unencrypted data on mobile phones and taking sensitive data home on work computers

Not holding employees accountable. It's crucial to make sure everyone in the company understands how important it is to use effective cyber security practices. It is also a good idea to provide an online security manual and ask employees to sign an acknowledgement form after training to indicate they understand and will abide by company policies

There is not much emphasis given to some of the newer security challenges, so to speak. These could be attributed to knowledge updates among the staff but there is clearly a lack of focus on channelized usage of BYOD, application security practices etc.

What are your strengths when dealing with government data security?

Barracuda provides all the cutting-edge security and data protection solutions needed to deploy effective Defense in Depth as a seamless network fabric

Products and cloud services integrate security, performance optimization, and data loss prevention (DLP) to simplify network architectures and minimize technology costs

Barracuda logging and reporting features minimize the time your IT staff spends on forensic analysis of cyber attacks, gaining clear visibility into network activity, and providing proof of regulatory compliance

Barracuda security engineers work 24/7 to identify threats and create Energize Updates that let our solutions block zero-hour threats in real time

As a single point of contact for cyber security and data protection, Barracuda simplifies procurement and tech support ― without phone trees ― saving time and effort

Most of the Barracuda solutions offer options to setup policies to filter or monitor sensitive information. This spans our security and storage solutions. The fact that all our products are available in multiple form factors (hardware, software, virtual appliance and SaaS) is also a big positive.

What suggestions do you have for agencies adopting BYOD policies?

According to a recent Gartner survey, smartphones are the highest favored devices for employees to use for work, bypassing even laptops.

There are over 1 billion smartphone users worldwide and it is expected that this year there will be 1.3 billion more tablets and smartphones sold. Added to this, an increasing number of organizations are implementing Bring-Your-Own-Device (BYOD) policies

To mitigate potential risks, agencies must make mobile security a part of their overall network security strategy. They should ensure that corporate network policies extend to employee owned devices. They should also implement mechanisms to secure, regulate and monitor access to corporate resources and data from these devices

Organisations can secure their own infrastructures from hackers by installing the NG Firewall where it helps to safeguard network traffic against line outages and link quality degradation

For IT administrators, it is paramount to ensure that employees fully understand the imminent need to secure their personal device when used for work. This is especially important as cyber-attacks on mobile devices are increasing, resulting in data loss, security breaches and compliance/regulatory violations

It should be understood that the advantages of using BYOD far outweighs the disadvantages and therefore there should be a wider acceptance to this policy. This could mean that some of the organizational resources would need to be moved to the internet for easier accessibility. Safety concerns should be addressed with undivided focus.

What kind of mobile device threats are relevant to government?

Government agency and department managers are often mobile, and increasingly need to review proposals, research reports and contracts while they’re offsite. Maintenance crews, investigative teams and other field operations groups also need to integrate mobile technologies into their daily work processes

IT administrators can lose visibility into which devices are accessing corporate system and data. Also, they cannot gather forensic information in case of data breaches from these devices.

Unsafe or unsecure applications that can potentially compromise the security of corporate networks may be present on employee owned devices

These devices are often used on unsecure networks (like public WiFi hotspots) opening the door to malware infections or data leakage

Personal mobile devices are sometimes “jail broken” or “rooted’ by the owners to provide enhanced features and functionality. Unfortunately this opens up more potential risks, beyond the obvious override of the device security, malware can be embedded within the software used to root the phone, or within applications that are installed from unknown or unreliable sources

Personal mobile devices may have unauthorized access to the corporate network or contain sensitive data even after the employee leaves the company or if the device is stolen

Wide use of social applications on these devices makes the users more vulnerable to attacks

As new threats emerge, what do government agencies need to do in order to protect themselves?

Focus on processes, people and technologies. We regularly see that govt agencies have a far sighted vision when it comes to technologies but they fail to adequately train their staff to use these optimally. A mis-configured security solution is not going to solve any problem, no matter how good the product is.

How can governments adopt comprehensive identity management strategies which protect their agency?

Multifactor authentication techniques can be adopted for this challenge. Another avenue would be to focus on federated authentication mechanisms like SAML.

What are the most common compliance conflicts that governments face when trying to shift to the cloud?

Government processes have historically been paper-centric but the potential benefits of electronic document sharing are enormous. In a climate where public safety and privacy are under constant scrutiny, however, data security is non-negotiable.

Having said that, government agencies need to understand how to stay in compliance even when they shift their data to the cloud.

There are four ways to ensure regulatory compliance. The first is to be aware of new challenges the cloud may add to your IT workload. Next, regardless of your company's size or status, don't assume your cloud vendor's standard terms and conditions will fit your requirements. Start your due diligence by examining the vendor's contract. Thirdly, to best understand your potential risk, as well as your benefits, you should bring your security team into the conversation at the earliest possible opportunity. And lastly, know that your decisions about what applications to move to the cloud and when to move them will benefit from an understanding of new and/or modified standards that are now evolving for cloud computing.

The deterrence to the cloud is mainly due to the apprehension that the data is not in the organisation’s control. However, public cloud vendors are continuing to invest in data centres dedicated for govt organisations. So the time is ripe to have a serious look at cloud migrations.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend