SingHealth and the Agency for Science, Technology and Research (A*STAR), with support from the Integrated Health Information Systems (IHiS), have co-developed a chatbot known as “Doctor Covid” to improve care for COVID-19 patients at community care facilities.
The mobile app, Doctor Covid, boasts a variety of features in the patients’ native languages to help with effective communication and to support the medical teams in close monitoring of their health and well-being.
Community care facilities support COVID-19 patients who are clinically well and no longer require acute care, as well as new cases with mild symptoms that do not need hospital care, the current majority being migrant workers presently.
It is a challenging task to provide personalised care to large groups of residents at recovery facilities and this is complicated further by the language barriers between medical teams and migrant workers.
Multi-lingual platform to help effective communication with migrant workers
Doctor Covid features up to seven different languages that migrant workers can subscribe to – English, Mandarin, Malay, Tamil, Bengali, Thai and Burmese.
As migrant workers interact with the chatbot in the languages they are familiar with, it helps keep them engaged and ensures that they receive and understand the content that is communicated to them.
It also ensures greater accuracy in the information they submit via the chatbot, such as responses to questions about their well-being.
“The experience of being diagnosed with COVID-19 can be a stressful one, especially for migrant workers who are uncertain as to what to expect and may face language barrier issues with the healthcare workers caring for them. At the same time, it is no easy feat for medical teams to take care of large groups of residents in community care facilities. Doctor Covid leverages innovation and technology to better reach out, engage and care for these residents, while allowing healthcare professionals to gain better insight into how each resident is doing in their recovery,” said Franklin Tan, Director, Office for Service Transformation, SingHealth.
“We will also be deepening the sophistication of the platform by incorporating AI mechanisms into Doctor Covid and establishing a stronger two-way interaction with residents, while at the same time be able to utilise the data collected for research purposes.”
Doctor Covid issues important notifications and reminders
Doctor Covid disseminates critical information including medical, nursing, and operational announcements, as well as reminders to submit vital signs inputs such as daily temperature and blood pressure readings.
These are communicated on a daily basis to ensure that the workers are kept abreast of the situation and understand their recovery journey.
Clinical and psychosocial surveillance
Migrant workers use Doctor Covid to respond to questions that assess their clinical risk factors and mental well-being. This is done through easy-to-understand questionnaires with audio capabilities.
The data is then sent to SingHealth’s patient experience teams who ensure timely intervention where required. The data collected will also facilitate further AI-driven diseases triaging, progression and clinical outcome prediction.
“We are pleased that our capabilities in system architectural design, software engineering, and data science were able to support SingHealth in its sterling efforts to provide quality care to recovering workers at the community care facilities.”
“Through close collaboration, A*STAR and SingHealth were able to harness digital tools and artificial intelligence to develop this tool to facilitate better communication and engagement with the recovering workers, as well as generate data insight for the medical teams,” said Dr Rick Goh, Department Director, Computing & Intelligence, Institute of High Performance Computing (IHPC), A*STAR.
Doctor Covid helps minimise the risk of viral transmissions. With communication and monitoring of residents taking place virtually, medical teams reduce prolonged face-to-face contact with COVID-19 patients and the time spent in the “red zone” of the care facilities, while ensuring that comprehensive care is continued.
Conversational AI chatbot to be integrated in next phase
Using artificial intelligence (AI) such as machine learning, natural language processing and optical character recognition, Doctor Covid will be able to capture, analyse and respond to complex COVID-19-related questions posed by migrant workers in their respective native languages. This will be launched later this year.
Moving forward, data from Doctor Covid may be integrated with other COVID-19 data platforms and registries to form a big data platform with AI analytical tools for operational and research purposes.
The data collected by Doctor Covid, which is anonymised to ensure data privacy, can also be used to identify trends, risk indicators, clinical outcomes, as well as evidence-based practices as a study into the COVID-19 pandemic and care of migrant workers, as well as to prepare for future infectious disease health emergencies.
The country’s central bank received three applications for mobile money services and has licenced all of them, namely, Vietnam Post and Telecommunications Corporation (VNPT), MobiFone, and state-run group Viettel. Pham Tien Dung, the Deputy Governor of the State Bank of Vietnam (SBV), noted that SBV granted Viettel the mobile money service rights after VNPT announced it would pilot this service in Vietnam.
According to a press release, last January, the government urged the pilot use of telecommunications accounts to pay for services of small value and pilot new payment service models as management regulations are lacking. To promote Vietnam’s economy, the Minister of Information and Communications Nguyen Manh Hung made several recommendations, including piloting mobile money in the first quarter of 2020. He stated that if mobile money services are licensed to telecommunications operators, the coverage of e-payment services will quickly reach 100% of the population. This promotes e-commerce, agricultural commodity exchanges, especially in remote areas, promotes online public services, fintech companies, innovative start-ups, and economic growth. In all countries that allow mobile money, this service generates economic growth of up to 0.5%.
The CEO of Viettel Digital, Pham Trung Kien, noted that if the government allows mobile money to pay for services and goods of small value, the number of users of electronic payments will be large as the coverage of mobile networks is much wider than banks, even in remote areas where people do not have bank accounts. He explained that for small value goods, for example, a cup of iced tea, parking tickets, soap, or a pack of instant noodles, users will not use their bank accounts to pay but pay by phone. However, they will use electronic payments with bank accounts to buy motorbikes, houses, or goods of high value.
“Some studies estimate that in Vietnam, only about 30% of the adult population have a bank account, and when we create a habit of using electronic payments, the remaining 70% will be customers of banks. Thus, mobile money not only competes but also promotes the use of bank accounts when they are familiar with electronic payment methods,” said Kien. He added that the government’s policy of allowing pilot mobile money is the right trend. When implementing electronic payment services, people will see the practical value created by payment digitisation like saving time and costs.
Around 85% of Vietnamese banking consumers are more likely to use online and digital banking services compared to 18 months ago, according to a recent report. Globally, nearly two-thirds (61%) of consumers have made greater use of digital banking services over the last 18 months. Two in five (41%) have started using digital banking services for the very first time because of the COVID-19 pandemic. In Vietnam, these numbers are higher, at 70% and 54%, respectively. Approximately 90% of respondents use online and digital banking services mostly to pay bills, transfer money, and check account balances. 87% of local banking customers agreed with the importance of online and digital banking services in a bank or financial institution.
The Malaysia Digital Economy Corporation (MDEC), Malaysia’s lead digital economy agency, is ramping up its efforts in enabling a digital learning landscape for youth through strategic collaborations with the United Nations Children’s Fund (UNICEF) and Yayasan Peneraju Pendidikan Bumiputera.
With the aim to fortify digital talent amid the COVID-19 recovery, both collaborations were secured via MDEC #mydigitalmaker Movement, a joint public-private-academia partnership launched in August 2016. The initiative, which is part of the agency’s #SayaDigital agenda, has benefited more than 2.2 million children through the integration of computational thinking into the national school curriculum and co-curricular activities organised by MDEC and its ecosystem partners.
The Chief Digital Skills and Jobs Officer at MDEC stated that the fast-changing talent market brings many new opportunities for young people. Strong fundamental and transferable skills fostered from their early years will be key in nurturing them to become an agile and digitally competent workforce.
This strategic collaboration with UNICEF and Yayasan Peneraju marks MDEC’s continuous effort in ensuring that Malaysia continues to produce a pool of digitally innovative and creative talents in line with the goals of the Malaysia Digital Economy Blueprint (MyDIGITAL), she said.
Through the collaboration, MDEC and UNICEF aim to create opportunities and better career outcomes for marginalised young people by bringing them together with industry leaders and experts on the same platform for career guidance and mentorships.
The partnership entails on-the-job training and industrial experience opportunities for young people via apprenticeships as well as skill-building opportunities.
Strategic partnerships such as this will accelerate the delivery of inclusive opportunities in education, employment and entrepreneurship. It is in our interest to build the skills of young people so that no one is left behind, according to the UNICEF Representative to Malaysia and Special Representative to Brunei Darussalam.
Through the partnership, both parties will be focusing on joint and independent programmes that are academic and career-oriented developed by MDEC and UNICEF. The programmes include:
- #MyDigitalMaker Fair
- Premier Digital Tech Institutions
- Future Skills for All (FS4A) programme
- KitaConnect Skills-Building Workshops
- MDEC + UNICEF Youth Employability Readiness programme
Focusing on developing a forward-looking digital landscape for Bumiputera’s youth, MDEC has partnered with Yayasan Peneraju to provide a knowledge-enhancing programme, Yayasan Peneraju High Impact Programme – Competition (Technology), for school students nationwide via a virtual platform.
Fully funded by Yayasan Peneraju, the series of online sessions began in early 2021 and has been benefiting more than 1,000 young Bumiputera students, aged 13 to 17 years old, through learning and exploring digital technology skill sets via online competitions.
The strategic cooperation with MDEC is an important factor in responding to the challenge of nurturing human capital, especially the Bumiputera talent, to the highest potential in deepening technological expertise. As an agency under the Prime Minister’s Department, the organisation’s mandate is to increase the quality of professional Bumiputera talents in the high impact sectors.
“We must ensure that our beneficiaries are also equipped with skills and technological knowledge so that they can excel in their career and life,” said the CEO of Yayasan Peneraju.
U.S. President Joe Biden has been vocal about his goals to boost federal investment in electric vehicles and EV infrastructure since the start of his administration. His proposed American Jobs Plan includes $174 billion for promoting the domestic production of EVs and notably electrifying the entire federal fleet.
The American Jobs Plan will create incentives to continue to lower the cost of and support market demand for electric vehicles. These incentives are a proven policy to support the growing market for EVs, which then drives down the purchase price as the auto industry scales up production and creates incentives for domestic production.
The administration plans to grow the number of charging stations in the U.S. from 42,000 to 500,000 by 2030. Yet even then, perceived upfront costs may deter some state and local governments from purchasing EVs — even those who see EV adoption as an ideal solution to reducing the environmental impact of public fleets.
State and local government leaders interested in electrifying their fleets but put off by the upfront costs of purchasing EVs should take into account the Total Cost of Ownership (TCO) of these vehicles throughout their lifetime. Running a TCO calculation may reveal that an electric fleet can actually present greater long-term savings, thereby easing the path to adoption.
Looking at the TCO equation alone, it may seem like the costs outweigh the returns. But there are aspects to operating EVs that are far more cost-effective than their internal combustion engine counterparts. For example, EVs require less maintenance because there is no need for oil changes or transmission repairs.
Whereas an ICE car has more than 2,000 different moving parts — many of which will need service or replacement at some point — an EV only has 20 moving parts. A study finds that annual maintenance costs for an EV are $330 less than that of an ICE car, and the Department of Energy finds that the average cost of driving an EV is about half the expense of an ICE vehicle.
Certainly, TCO calculations provide essential projections that can facilitate the first steps to adoption. But once purchased and deployed, how can state and local leaders, as well as government fleet managers, know if their electric fleets are truly providing savings over time? This is where vehicle telematics can be hugely beneficial.
Telematics solutions can capture and share detailed, real-time information about how each EV performs, in addition to its location and battery and charging status. These metrics provide valuable intelligence for fleet managers, helping to more accurately measure TCO, improve daily fleet management and even proactively detect issues to enable preventative maintenance. Notably, some of the metrics that managers would be monitoring for can be unique to an electric fleet, including:
- Historical driving distance data: Telematics solutions can track the exact mileage that a vehicle covered on a particular route or day. This data is also tracked in a traditional ICE fleet, but its purpose on an electric fleet is different.
- EV charging station maps: EV charging station maps on a telematics app can show drivers and managers where nearby charging stations are, as well as details about those stations. These maps can help inform route planning and decisions about when a driver should stop and charge. If plans to grow the nationwide charging infrastructure are successful, these decisions and the ability to locate stations will become easier in time.
- Vehicle charge status: Real-time state-of-charge reporting provides visibility into the battery status of each EV so managers can make smarter decisions about where and when to deploy a vehicle.
- Recharging: If recharging stations back at the lot or depot is limited, real-time, state-of-charge reports can help managers prioritize the order in which vehicles must be charged. They can decide whether to delay charging to take advantage of off-peak electric rates and which vehicles should be plugged into faster charging stations.
University of Queensland researchers are collaborating with an extensive range of health professionals to re-design and improve strategies to prevent childhood obesity. Aware of the powerful role played by digital technologies, Dietitian and UQ Research Fellow Dr Oliver Canfell is part of a team developing an online tool kit that can be used to prevent obesity in the young.
He noted that obesity is a chronic condition that’s difficult to reverse, which is why prevention is important and most effective in the early years. There have been real-world impacts recently – people with obesity who contract COVID-19 often have worse outcomes than people with a healthy weight. It was also noted that children and families look to health professionals for support but are commonly not receiving care until it is too late. Clinicians need new ways of working so they can focus on prevention, and digital health can help enormously.
The first step towards achieving that goal is the Precision Support for Preventing Childhood Obesity (PRECISE) program, a partnership between UQ and Health and Wellbeing Queensland (HWQld). Almost 20 health professionals including GPs, child health nurses and dietitians have been recruited from across Queensland to design the digital solutions to focus on prevention in routine practice.
The tools designed in the PRECISE program will be available via Clinicians Hub, a central digital platform created by HWQld to help health professionals effectively prevent and manage childhood obesity. The Chief Executive of HWQld noted that obesity had many causes which made it a particularly complex problem to address.
It can be a challenging topic to raise with families, and research shows many doctors feel ill-equipped to manage this complex and sensitive health issue, the expert noted. Clinicians Hub offers a variety of clinical tools, resources and training to help health workers identify, prevent and talk about childhood obesity with confidence and impact.
One-in-four Queensland children and two-in-three adults live above a healthy weight range. These patterns are usually well established before five years of age – so there is a need to get in early.
The UQ Global Change Institute has established a Digital Health Research Network to support PRECISE and other digital health initiatives.
About the Global Change Institute
The Global Change Institute draws together research excellence and expertise from across UQ, industry, government and the community to address grand challenges which deliver impact to society, the economy, the environment, and culture.
Addressing global challenges requires strong transdisciplinary teams to deliver pathways to impact. With the help of the UQ research community, the Global Change Institute is developing multiple Collaborative Research Initiatives (CRIs) to address global challenges.
For example, The Healthy Kids and Families Collaborative Research Initiative (CRI) focuses on addressing the importance of community-based, co-designed interventions to address the needs of children, adolescents and their families in the health system and ensuring they have a healthy, productive and long life.
Examples of the challenges this CRI will address with stakeholders include:
- complexities experienced by families in navigating the health system and obtaining timely and appropriate health care, and ongoing support for children with complex needs
- specific and unmet needs of families of children with physical, neurodevelopmental and/or learning challenges
- promotion of healthy eating and physical activity behaviours established in families and day-care centres, pre-schools and schools, and
- systemic inequities between children to achieve optimal health outcomes, healthy behaviours and access to health services (e.g., socioeconomic differences).
Industry experts and financial-technology service providers called for the upgrade of homegrown financial-technology capabilities to further elevate the financial sector and boost the digitalisation of other industry sectors.
The insurance industry is likely to be a forerunner in terms of digital transformation. The operation efficiency and sophistication level of service in the insurance sector should be further enhanced despite initial progress in the realm, as digitalisation is becoming a prerequisite for all insurance service providers. There is also a basic demand to leverage financial-technology measures to counter potential cybersecurity risks, as large amounts of data are leveraged for daily operations and business decisions.
The digitalisation of financial services would help resolve financial imbalances and further serve underfinanced groups. The digitalisation of financial services offers tailor-made solutions for small and micro businesses and helps mitigate risks for commercial lenders.
Fintech solutions should focus more on small and micro businesses at the grassroots level. Fintech service players serve a positive role to help avoid the mismatch of financial resources, and they should stick to serving the grassroots financial and consumption market in the long run.
– Zhang Jun, dean of the Fudan University School of Economics
Technologies have already helped expand wealth management products’ customer base and enhanced its risk-control schemes. China’s asset management industry was valued at 12.1 trillion yuan (US$1.89 trillion) in 2020, but the sector still lags behind in terms of predictive algorithms to mitigate risks. Further efforts in smart data technologies are needed to meet risk control and regulatory compliance requirements.
Moreover, China plans to build pioneering fintech hubs nationwide, focusing on the research and development of blockchain technology and digital currency to boost investment in financial infrastructure. Beijing ranks top among eight cities around the world, thanks to its huge consumer market, advanced technology application and fast development of the fintech ecosystem. Other cities that China aims to develop as global fintech hubs are Shanghai, Shenzhen in Guangdong province, and Hangzhou in Zhejiang province.
The People’s Bank of China (PBOC), China’s central bank, published a three-year fintech development plan. So far, some results have been achieved and major projects are proceeding as scheduled. Issuing the central bank digital currency was included in that blueprint, which also involves developing fintech services based on blockchain, big data, Artificial Intelligence (AI) and financial security technology. The three-year plan aims to promote China’s fintech industry to an international leading level.
The basic technology framework of the digital currency designed by the central bank has almost been completed, with sophisticated top-level design, and trials are ongoing in some application scenarios. The fast progress will give the PBOC a leading position among its global peers in officially launching a digital currency. Regulations on fintech technology development will focus on protecting personal privacy, expanding fintech services to benefit more individuals, and streamlining regulations.
As reported by OpenGov Asia, China has urged a digital transformation in the financial industry in response to the increasing uncertainty from the COVID-19 pandemic. The volatility has also created unprecedented opportunities for digitalisation across the world, and the financial industry continues to explore openings to embrace technology and uncover new areas of growth.
Chinese fintech strategies combined with current digital transformation trends will likely produce the following footprints:
- Fintech industries will be more online, open, and intelligent: Industries will convert more traditional services from offline to online and build an omnichannel strategy by tapping into emerging channels. They will apply artificial intelligence (AI) applications to online businesses with matching needs from both retail and corporate customers. They will create more data streams and use cases to strengthen client relations.
- New technologies and applications will be introduced to improve operational efficiency with emphasis on data factors: Industries will focus on the introduction of smart operations, smart risk management, and smart customer relationship management (CRM) with the integration of low-code SaaS applications. They deploy blockchain applications to build and expand a trusted financial service environment, piloting applications such as traceability, authentic right, trusted execution environment, and multi-stakeholder transactions.
The Ministry of Science and Technology (MOST) stated that Taiwan will engage in cooperation and exchanges with the Baltic states in the areas of quantum technology and biotechnology. The two countries are expected to lead to future bilateral academic and research exchanges. Both countries will discuss technology development, biomedicine, semiconductors and technology parks.
The natios have concluded that the plans for future cooperation between Taiwan and the Baltic states – Lithuania, Latvia and Estonia – will focus on academic and research exchanges in the quantum technology and biotech areas.
This direction was chosen after considering the Baltic states’ position as members of the European Union, with varying levels of technological development and expertise, and Taiwan’s current policy on science and technology research. The ministry added the delegation, which includes the parliamentary representatives Matas Maldeikis of Lithuania, Janis Vucans of Latvia and Juri Jaanson of Estonia showed positive interest in supporting bilateral cooperation and exchanges in the field of technology.
Taiwan believes that quantum technology is coming and the country is investing to become a leader. Taiwan will invest NT$ 8 billion – about US$ 282 million – in the development of quantum technology in the coming five years with a view to becoming a tech hub that boasts more than semiconductor manufacturing prowess.
The initiative is much broader than just building a quantum computer, according to the story. The country will invest in quantum devices, quantum computers, quantum algorithms and quantum communication technologies. The new technologies will be employed to develop applications for areas spanning cybersecurity, finance, national defence and more. Taiwan must invest in quantum research before it can secure a place in the competitive world of advanced technologies.
Meanwhile, Taiwan’s biomedical industry has grown from strength to strength in recent years as a result of farsighted government policymaking, spotlighting her administration’s commitment to developing high-growth sectors of the economy.
Biomedical technology has been a top priority in Taiwan’s national development strategy. Over the past few years, the country has conducted over 300 clinical trials, 80% of which involved multinational firms, while local biomedical industry revenues grew 8.7% in 2019, with total investment exceeding NT$55.1 billion (US$1.84 billion).
Taiwan’s biomedical industry includes three major sectors: applied biotechnology, pharmaceuticals, and medical devices. Research institutes have played an important role in the development of Taiwan’s economy, and today no less than nine institutes are involved in the development of Biomedical Innovations in the country’s biomedical industry.
As reported by OpenGov Asia, MOST announced that 20 tech startup companies would showcase Taiwan’s Biotech capabilities to the world connect with the global ecosystem, resources and industries in the forum organised by Taiwan Tech Arena (TTA). There are 20 TTA startup teams are selected by industrial experts and focused on global bio-industrial market potential startups.
Taiwan has demonstrated how to democratically tackle the COVID-19 threatening and how to be a truly global partner by utilising technologies. Taiwan’s efforts and commitments have drawn international attention and the relationship between Taiwan and the U.S. has become stronger than ever before in the past year. The U.S. is leading the trends of advanced science and technology development and has a vivid startup ecosystem, while Taiwan has renowned semiconductor and ICT industries and long supported technology startups.
By working together, Taiwan can speed up the transition from scientific findings into practical technology applications and create a win-win situation and achieve future possible collaborations in the US. The companies presented disruptive biotech innovations such as vocal implant systems, AI Video-based telemedicine solutions and detection of respiratory function with ultrasound technology.
“Singapore has moved from preventing cyber threats to assuming breaches have occurred”, said Josephine Teo, Minister for Communications and Information, Singapore. When Minister Josephine Teo made this statement in Estonia during the Tallinn Digital Summit, she underscored the need to have a strong cybersecurity posture. Singaporeans have not forgotten the cyberattack in 2018, where a quarter of the city-state’s population healthcare records were breached during a cyberattack against the country’s healthcare system.
It was after the 2018 data breach that Singapore’s position on cybersecurity changed from one of trying to prevent attacks to one that assumes that an attack has already occurred. “It’s just a question of ‘when’, it’s not a question of ‘if’,” explained Minister Teo.
Without a doubt, the pandemic has drastically and unexpectedly accelerated the need for a new network security model. Zero trust security is not a new concept, but it has now taken centre stage and security leaders agree that it will improve security and simplify security processes for distributed teams and hybrid networks.
A widespread move to remote work and the corresponding need for better remote workforce security has spurred investment in zero-trust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks. However, rolling the model out has proven to be complicated, presenting organisations with a mixed bag of successes and obstacles. One key reason is that zero trust adoption is a logistical challenge, not just a technical one. Security modernisation often depends on the progress of user identity consolidation and cloud transformation, both complex and long-term projects.
Moreover, organisations are facing challenges with overall cloud transformation. Organisations have accelerated their cloud adoption plans but are not fully prepared. When large chunks of data have not yet moved to the cloud from isolated data centres, it can become harder to secure using a single security tool. Identity and access management (IAM) complexities also proved equally challenging for zero trust adoption. Teams are struggling to shift to a zero-trust approach due to the complexities of user access needs in their organisation.
Zero trust relies on a single source of truth for identity management, yet larger organisations, in particular, have often accumulated multiple incompatible identity providers over the years. They must also understand access patterns across a huge number of applications — most of which cannot be shut down even for a moment to be migrated to a new identity platform.
The pandemic has further exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards – more than ever, agencies need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches.
This leads to fundamental questions: what does it take to adopt and deploy zero trust architecture? Are organisations equipped to enhance the efficiency and security of their mission-critical applications and websites?
This was the focus of OpenGovLive! Virtual Breakfast Insight on 1 December 2021, which aimed to impart knowledge on how to deploy the zero-trust model seamlessly and to overcome common obstacles in zero-trust adoption.
Embracing the security imperative in a hybrid world
Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
COVID-19 has fundamentally changed culture, Mohit asserts. With remote working entrenched in the new normal, hybrid work is the new reality. For him, the world cannot and will not go back to what it used to be – to demand employees return to physical work in offices in the name of security will not bode well.
Organisations must learn how to keep individual secure where he or she is working while keeping the work environment secure. “Culture has shifted and we must evolve with it,” Mohit is firm.
Singapore is embracing a Zero Trust strategy. According to the Singapore Cybersecurity Strategy 2021, the three strategic pillars are: building resilient infrastructure, enabling safer cyberspace and enhancing international cyber cooperation.
Mohit observes that the prevailing priorities of the public sector are to roll out innovative and secured digital services quickly, encourage inter-agency collaboration, enable a hybrid workforce and increase availability and security.
There is no doubt that rapid digitalisation increases the risk that organisations will face. In May 2021, Asia Pacific experienced a 168% YoY increase in cyber-attacks. There were reported malicious attacks that destroyed data in destructive/wiper-style attacks (average cost of $4.52 million) and ransomware attacks ($4.44 million).
“But just because it is a little bit hard, it does not mean that organisations should go back in time and revert to the old model,” Mohit says. Instead, he stresses, organisations need to embrace the challenges of security head-on instead of eschewing them. There is no turning back when it comes to digitalisation. Organisations can no longer hide behind the word “security” as an excuse not to modernise.
Although the challenges of the future abound, Mohit remains optimistic because of partnerships that can enable organisations to expand their capacities. He urges delegates to partner with organisations with a wealth of expertise and experience that can make the journey of security far easier to manage and navigate.
Hedging against cyber-attacks with Zero Trust
Fernando Serto, Chief Technologist and Evangelist, Asia Pacific, Japan and China, Cloudflare spoke on the ways Cloudflare can support agencies in building a secure Zero Trust architecture.
Cloudflare is a global network located in 250 cities in more than 100 countries, one of the fastest, that is trusted by millions of web properties. With direct connections to nearly every service provider and cloud provider, the Cloudflare network can reach 95% of the world’s population within 50 milliseconds.
As a company, Cloudflare provides Zero Trust Services, Cloudflare Network Services and Cloudflare Application Services. With the Zero Trust Services, Cloudflare helps to secure internal operations on a single global network by providing ZTNA with private routing, remote browser isolation, SWG with CASB and identity/endpoint integration.
Most people know Cloudflare for their application services such as WAF with API protection, rate limiting, load balancing, bot management, L7 DDoS protection, CDN and DNS. However, Fernando explains that Cloudflare also offers an integrated global edge platform and harnesses its unified software stack to run all its services. With the network services, Cloudflare offers WAN-as-a-Service, Firewall-as-a-service, L3 & L4 DDoS protection, network interconnection, and smart routing.
On the topic of Zero Trust Services, Fernando explains that the key concept is that it assumes that the network has been breached or that a breach is inevitable. Zero Trust is centred on requiring continuous verification through real-time information. Organisations need to identify and be able to decouple users from the network.
Yet the challenges are aplenty, Fernando warns delegates. He observes that today’s corporate WAN architecture is broken. Perimeter security is a bottleneck and does not work, applications are in the cloud and have a high latency for remote users. It is also difficult to scale and expensive. If anything, Fernando opines, “COVID-19 has taught us that the old model does not work.”
The security perimeter is and will be, constantly susceptible to vulnerabilities. Pulse Connect Secure VPN software has reportedly been exploited by attackers and many are targeted by accident. He adds that applications inside the WAN are also at risk, citing numerous reports of cyberattacks and system breaches. Vulnerabilities will always exist, but, how quickly organisations patch them will make the difference. Regardless, patching vulnerabilities takes time.
For Fernando, the switch to Zero Trust network access with private routing can help to mitigate these issues. With Cloudflare’s offering, security and connectivity are optimised, driving agencies’ speed and security in a work-from-anywhere world.
Cloudflare’s Zero Trust platform offers solutions for two problems. Traditionally, multiple point products require multiple policy managers and multiple client deployments. Cloudflare, however, offers one seamless platform that uses one policy manager and one client deployment. The other issue with traditional approaches is that platforms only integrate one identity provider (IdP) repeatedly and inconsistently. To address this, Cloudflare integrates many IdPs and tenants of the same IdP just once.
Concluding his presentation, Fernando emphasises the simple and effective threat defence that Cloudflare offers. In a fast-changing environment and changes in work models and culture, Cloudflare secures the networks of agencies working with a remote workforce seamlessly.
Starting a Zero Trust Government
Jeffrey Brown, Chief Information Security Officer, State of Connecticut spoke next on the establishment of a zero-trust government in his work in Connecticut.
The state of Connecticut has over 50 state agencies and three branches – executive, legislative and judicial. The key industries are financial services and insurance; aerospace and defence; bioscience and healthcare; film, TV and digital media; and advanced manufacturing.
In terms of management, the state government has the responsibility of handling a 24/7 Digital government, election infrastructure, 911 network, state critical infrastructure, healthcare, finance, transportation and the trust of 3.5 million citizens.
For Jeffery, the “chewy centre”, perimeter security model, whereby everyone inside the corporate network is trusted, is dead. Zero trust is now the dominant model of cybersecurity. The assumption with Zero Trust is that the network has already been compromised. It is an approach that deems networks both inside and outside as critical. There is a stricter identity verification process whereby every user and device has to prove that they are not a cyber attacker.
Jeffery believes that trust is a vulnerability that can be mitigated and that no one can achieve perfect trust. For him, “it is a balance.” He outlines three approaches that the state of Connecticut has undertaken:
- Know that all zero trust schools of thought make sense only if they support the business
- Learn about the most common frameworks (NIST 800-207)
- Understand that zero trust is a marathon, not a sprint. Not everyone can achieve zero trust, but everyone can adopt it.
In pursuing zero trust government, there were many lessons that Jeffery learnt along the way. In essence, it is a process with different components such as implementing multifactor authentication (MFA) everywhere, having 24/7/365 security monitoring, addressing identity and access management, leaning on federal partners and ultimately planning for the future.
Before closing his segment, he encourages delegates to take a risk-based approach to ensure that the most important pieces are first addressed and look at how Zero Trust can be implemented within their agencies to enable the government to do more.
Understanding the fundamentals of Zero Trust architecture
Gerald Caron: The nuts and bolts of Zero Trust architecture
Gerald Caron, Chief Information Officer & Assistant Inspector General for Information Technology U.S. Department of Health and Human Services, Office of the Inspector General, shared the various aspects and characteristics of Zero Trust architecture.
While most people focus on the identity aspect of Zero Trust, Gerald believes that it is the data that organisations are trying to protect – that is the goal of Zero Trust. Beginning with Zero Trust core principles, Gerald notes that Zero Trust hinges on five core principles related to trusting no one and having the protection of the right size.
Trust no one
- Know your people and your devices: Validate identity at every step
- Design systems assuming they are all compromised: Distrust everything, so when a breach happens you are as protected as you can be
- Use Dynamic Access Controls: Access to services must be authenticated, authorised, encrypted at all times, and can be revoked during a session
- Constantly evaluate risk: Include context in risk decisions; Monitor and log in every location possible; Aggregate log, system, and user data
Right size protections
- Invest in defences based on the classification of data: Spend more money defending the systems at greater risk
Gerald adds that not all data is equally important. Organisations need to identify what is important. Zero Trust recognises these differences and categorises data based on its sensitivity and mission criticality. This categorisation is considered when protecting the data and granting access.
Apart from that, the paths are also not equal. In a Zero Trust environment, the path the data takes between the client and host impacts the level of risk, thus impacting how much a connection can be trusted. Connections with higher risk either restrict access to data/services or require a higher level of authentication.
While traditional authentication checks a user’s credentials once and uses that initial authentication for any subsequent activity before log-out, identity authentication is much stricter in Zero Trust. Multiple factors are considered when validating access, including the user’s role and location, the state of the device attempting access, and the data or services being accessed. Organisations need to look at all these factors to develop a risk-tolerance framework to decide what a user can or cannot do.
At the same time, Zero Trust assesses the state of each device attempting to access the network – for example, the device’s operating system version and patch level – to ensure that the client does not introduce additional risk to the environment.
Zero trust architecture features dynamic access control. While traditional authentication happens once, at the start of the session, and remains in place, Zero Trust authenticates dynamically each time new data is accessed or when something triggers a change in risk.
Gerald shares that a Step-up event in a Zero Trust environment can mitigate some of the potential risks a client may introduce. During the event, the system requires an additional authentication that can help control, although not entirely offset, the risk introduced by a client.
As for monitoring, continuous, detailed monitoring and logging are critical elements of Zero Trust as they contribute to a holistic picture of each user’s session and the overall environment. Data collected from monitoring and logging is linked with known threats and data/system sensitivity to drive cyber protections.
Gerald emphasises the importance of understanding the baseline and knowing what “normal” looks like – only then can organisations react to “abnormal.” As for risk evaluation in a Zero Trust environment, the authentication is evaluated dynamically, each time new data or resources are accessed or when something triggers a change in risk level.
Before ending his presentation, Gerald cautioned against being caught up with the tools and technology. He emphasises the importance of first understanding the organisation’s risk tolerance, methodology and threshold for risk. He also recommended his capability model as a way to understand the organisation’s functional capability and identify where the gaps are.
Gerald hopes that his presentation offered a quick overview of Zero Trust architecture that could help kick start the journey for delegates thinking about adopting a Zero Trust approach.
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences, and facilitate discussions that impart professional learning and development for participants.
A delegate asked the speakers about their experience of working within Zero Trust architectures. For him, the Zero Trust environment have caused people to be dispossessed of the services that they used to enjoy.
In response to that, Gerald points out that “humans are the weakest point” and it is not always a malicious person but someone trying to get their job done. It is vital to understand how users work and what data is needed. He sees Zero Trust as an opportunity to improve operations. By looking into various technologies, the government is essentially optimising processes and performance enhancements. However, he stresses the importance of understanding the user in the process of implementing new systems and not limiting it to the IT domain.
Fernando adds that implementing frameworks with legacy technologies that it where there will be a negative user experience. The end goal is to make the user experience as seamless as possible. Therefore, addressing legacy technology will be important in this process.
Mohit is convinced that it is not only about legacy technology but also legacy governance and processes. Change and transformation have to be holistic, encompassing all aspects.
The first poll inquired how delegates plan to implement Zero Trust across their extended environment. Most (34%) indicated that they have already started implementing zero trust with a primary focus on identifying our critical assets, followed by delegates who are not yet ready to implement zero-trust due to the lack of resources and skills needed(19%). The rest of the delegates indicated that they work with multiple security partners to build a practical and pragmatic roadmap to implement zero-trust (14%) or have made huge investments in different technologies and are not sure where to start due to operational complexities (14%).
A delegate observed that the consideration for Zero Trust needs to be ground in yielding a particular business value. At the same time, the end-user friction needs to be considered – the processes need to be made less difficult for everyone in the company.
Fernando opines that the user experience needs to lubricate the process of building a Zero Trust architecture. The technology is there to allow people to move faster. Mohit felt that there was resistance when the cloud-first came out but governments are slowly changing their policy to embrace the cloud.
On their organisation’s current security priority, over half the delegates indicated that enabling Endpoint Mobile Management & Protection (EMM) / BYOD/ IAM is their highest priority (55%). The rest of the equally divided between employing DDoS, Web Application Firewall, Bot Management, Data Loss Prevention (15%), ensuring secure access to applications hosted on cloud service providers (e.g. Microsoft, Amazon, Google) (15%), and ‘others’ (15%)
In response to the results, Fernando observes that the emphasis on the end-point could be because of the hybrid situation that organisations are in.
Exploring key drivers for their organisation in initiating and augmenting an identity access / Zero Trust management programme, exactly half the delegates indicated security/data protection/ breach prevention was the key driver. That is followed by internal/industry/regulatory compliance (19%), response to audit or security incidents (13%). The rest of the votes were split evenly between operational efficiency (6%), reduce endpoint, insider and IoT security threats (6%) and others (6%).
On the best scenario that describes their organisation’s journey, nearly 3 out of 5 of the delegates are of the view that ZTNA solution will work alongside VPN serving different use cases for years to come (59%). Other delegates felt that they see shifting users gradually from a VPN to a ZTNA solution but will always keep VPN for a core set of users (29%). Just over a tenth (10%) acknowledged they would migrate all users to a ZTNA solution (12%).
Looking at the polls, Fernando opines that the reason why people might have a foot on each side in ZTNA and VPN is due to the focus on user and identity in the marketing of services. Gerald adds that it might have to do with culture and the resistance to change. He believes that VPN is not iron-clad and that he would rather be effective than compliant.
When asked about the Zero Trust tenets that are most compelling to their organisation, just under a third (30%) placed continuous authentication, authorisation/Trust earned through entity verification at the top. This was followed equally by end-to-end access visibility and audit (21%) and data protection, e.g. secure connection (21%). The rest of the delegates were compelled by the facilitation of least privileged access (14%), no trust distinction between an internal or external network (7%) and others (7%).
The final poll inquired on the most likely approach that the delegate’s organisation might take in evolution to SASE (Secure Access Service Edge). An overwhelming number of delegates are likely to take a best of breed approach to select partners that are most appropriate to my organisation’s needs (77%). The remaining delegates were split between staying with existing partners and consolidating as necessary (15%) and looking for partners who can provide a complete SASE solution (8%).
In closing, Mark Huang, Product Director, Securecraft, acknowledged the mounting challenges in a drastically changed world. He emphasised that the journey of setting up a Zero Trust architecture need not be taken alone – Cloudflare at Securecraft can help government agencies with the task of making their services more secure.
Before ending the session, Mark thanked the delegates for the robust discussions and invited delegates to reach out to him and the team if they wanted a deeper understanding of how to get started on securing the government.
As the local distributor of Cloudflare, Mark emphasised that Securecraft would be more than happy to offer any support that delegates might need in their digital transformation journey.