Cyber Security is not always an easy subject to approach. It’s especially sensitive for government agencies to talk about when they have especially classified information that can't be exposed outside their internal network.
We often find ourselves talking about security with government, as the threat landscape is ever-changing. More than ever, government websites are primary targets for cyber terrorism. Due to this, agencies and organisations alike are being told to act and behave as if they are vulnerable. If not, it is feared that they may assume their current security infrastructure is sustainable enough to keep attackers away.
We brought up the subject of security for digital service delivery while meeting with Mrs. Azlina Azman, Senior Deputy Director for Research, Planning, and Policy, Public Service Department of Malaysia (JPA).
Malaysia’s Public Service Department (JPA) is embarking on a mission to ensure great security for their service delivery. In doing so, JPA refers to MAMPU for security infrastructure delivery to the agencies. But when it comes to permissions and access, JPA has set certain security practices and standards in place to protect their agency.
When adopting new technologies, the potential for network breach is always a primary concern. Before taking on new solutions or services, agencies must be told how this will protect their network from being breached. Mrs. Azman agreed with us and told us how security can be confirmed to those transitioning to a new solution.
“We are very aware that security is an issue. However, we must ensure it is not just about the application or the system, but it is about ethics,” said Mrs. Azman, “We ensure that there are specific permissions for each agency, depending on their allowed privileges. It is not just about the people or the technology, but also about the process you put in place.”
Mrs. Azman told us that she is working to amend their security infrastructure so that it is easier to manage. She told us, “We are embarking on information security management system to put standardisation in place.”
Although talking about security can seem sensitive, Mrs. Azman feels that this subject needs to be approached by every agency. This is so that agencies are more welcome to embracing these new solutions and systems.
For example, as more agencies are moving to the cloud, they must learn about what security solutions are integrated with its architecture. In understanding how these work together, the agency will be able to capitalize on the benefits of transitioning to the cloud.
New systems which integrate higher security measures, such as identity management systems, are the way forward. As Mrs. Azman suggests, it is about having the right process put in place.
With a more standardised security system in place, agencies may consolidate services and continue to ensure security with ease. This will ensure greater digital service delivery and defense from attackers.