

- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
The pandemic vaulted the governments and businesses into the next stage of digital transformation and online services. Everywhere, organisations have been compelled to accelerate and bring forward their digital transformation strategies.
Data is increasingly at the core of any business or organisation and is a critical raw material for intelligent analytics and the driving force behind digital transformation. The widespread move towards remote work and the corresponding need for better remote workforce security has also spurred investment in Zero Trust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.
Cyberattacks are constantly evolving and getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed to address the needs of citizens and customers.
With the pandemic fundamentally changing reality, the question is: How can organisations future proof their infrastructure, keep their data safe and stay resilient?
The 7th Annual Singapore OpenGov Leadership Forum 2022, Day 4, was held on 20 May 2022 at Singapore Marriott Tang Plaza Hotel. It convened digital leaders from the Singapore public sector and financial services industry to discuss, deliberate, share and plan for the next phase of transformation.
Digital transformation as the new imperative


Mohit Sagar, Group Managing Director, and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
We are creating a lot of data, Mohit remarks as he reflects on the metaverse. He pointed out the growing trend of the metaverse, the alternate reality and the billions that are poured into it. “This is where things are going,” Mohit firmly believes.
With the copious amount of data that we need to manage, the security of data is fast becoming imperative. Using racing as an analogy, Mohit revealed that for an F1 race car, about 30% of the cost is spent on the braking system.
“You can only go at high speeds knowing that you can safely and quickly stop. In a digital world, cybersecurity is the brake and safety net,” Mohit claims. “If you don’t know how to protect, you can’t use or democratise data.”
We have been coping the past two years with ‘band-aid’ technology, Mohit feels. These ad hoc solutions and platforms that were used during the pandemic need to be scaled up, taken forward and mainstreamed. Using COVID-19 as an excuse for temporary measures is gone.
Singapore is so connected that it is a prime target for ransomware, Mohit asserts. Accordingly, Singapore jumped to No. 11 globally for ransomware in the first half of 2021. It was 44th in the first six months of 2019 and 21st in the first half of 2020. Two in five SMEs in Singapore suffered a cyber incident over 12 months from September 2020 to 2021.
When thinking about what is happening and the number of hackers that are turning their attention to Singapore, security is no longer something that can be avoided.
The move towards cloud is inevitable, Mohit contends. However, migration is a journey and a process that needs to be safeguarded at all times and every stage. Compared to CEOs, CFOs and COOs, the CISOs of organisations are never sleeping. “The security teams have a tough job,” Mohit acknowledges.
There is a massive paradigm shift in the world and data is rapidly gaining prominence. In this digital landscape, Mohit has an acronym that helps highlight the pillars of transformation and success – ACDC2. ‘A’ stands for augmented intelligence, ‘C ‘stands for convergence (of the physical and virtual), ‘D’ is data, and the last ‘Cs’ stand for cyber resilience and critical events.
The world is changing rapidly, and no one knows what will happen next. As such, Mohit urges delegates to learn from experts who are adept and experienced in keeping data safe and protected.
In conclusion, he encourages delegates to look for partners who are champions in their field of work who can help organisations keep their glass full so that they can focus on their business objectives.
Designing a Single Digital Touchpoint for Businesses
There are a plethora of things that a business owner needs to do including applying for permits and licences. What government agencies can do is ease the process so they can be spent on business development activities.
Simon shares that the main problem business owners were beset with was the prolonged amount of time required before their licenses are all approved. Most F&B business owners would find a location and will pay a deposit to secure the venue, only to spend 3-6 months afterwards applying for licences. In addition, many were not completely aware of the sequence of applications.
Tasked with the mission to streamline this process, GovTech started to understand its users. Accordingly, they: 1) Engaged 41 different F&B businesses and spoke to the owners and administrative staff 2) understood the pain points in every agency touchpoint 3) Sought views on how the license application process can be an integral part of their business process
Undertaking a service journey approach, they used the service blueprinting technique to map the user’s journey across the different agencies during their application. They grouped agencies that are in parallel processing and lay them in a sequential flow.
Instead of making the user go through the different agencies on their own, business owners would provide all the information at the start and their application will be routed automatically from one agency to the next – users will simply receive notifications when their applications advance.
The new system integrates 11 systems, which are linked through 17 APIs and enables people to get their application in 2 weeks.


GovTech’s role is to look at different sectors and industries, as well as the key moments when users are interacting with the government. Through the pandemic, GovTech adapted to the needs of users and continued to develop applications that can help lubricate processes.
In conclusion, Simon believes that technology is there to help organisations stay relevant and to improve the quality of service.
Innovation and Modernisation in the Public Sector


Vishal Ghariwala, Chief Technology Officer, APJ and Greater China, SUSE spoke next on the trends of digital transformation through cloud-native technologies.
Vishal observes that the government’s budgets point to 3 priorities in digital transformation: 1) Meeting citizen expectations – modern and always-on services 2) Adapting to threat vectors and 3) Sustaining Resilience amidst uncertainty
Cloud migration is a journey that will continuously evolve, Vishal contends.
First, it begins with setting up a multi-cloud platform. With the fabric in place, application modernisation is the next stage. Thereafter, it is followed by adaptive security. Vishal concurs that threats are evolving rapidly, which is why technologies in security need to be updated consistently. He adds that automation needs to be looked at to streamline processes.
Vishal believes that open-source technologies provide a firm foundation for innovation and openness is the ability to interoperate with other vendors.
SUSE Rancher enables organisations to take the best of what a hybrid cloud can offer. “SUSE is committed to co-creating success,” Vishal states.
NeuVector addresses many issues of security and, because the technology is open-source, it can be used with the existing technologies of organisations.


Vishal shares a case example of an agency that needed a flexible cloud platform primarily used for data analytics in disaster detection and prevention. The organisation wanted it to be agile, scalable and able to support modern containerisation, all while being affordable and providing the highest performance. Unfortunately, affordability and high performance usually do not go hand in hand – which is why they looked to open-source solutions.
Building an entirely new, cloud-native technology needed the following:
- Scalable and flexible = easily and automatically scalable across different regions based on traffic surges and peaks. Infrastructure must be built quickly to respond to emergencies
- Affordable and high performance
- Multi-tenant
- Container-based architecture
- Built using Open-Source technologies
- Support mobile and remote workforces and field operations
In response to the needs of the organisation, SUSE came up with a solution with the following features:
- 7-Region national scale AI (Artificial Intelligence) cloud platform (2 Private cloud, 5 Edge cloud)
- Each cloud region is a full OpenStack environment – Software defined provisioning of GPU and NVMe resources
- Core-to-Edge architecture supports both local and mobile/remote workforces
- Workloads are containerised and orchestrated using Kubernetes and SUSE Rancher Container Management Platform SUSE Rancher orchestrates via the OpenStack plugin to create a secure multi-tenant environment
- Built using open-source technologies: SUSE Rancher, Kubernetes, OpenStack
Eventually, they were able to deliver the following benefits for the customer:
- Regional COVID symptoms and test results can now be aggregated across two core environments
- AI/ML models to detect COVID hot spots
- Implement regional restrictions
- Inform mass population around COVID hot spots
- Easy and transparent access to COVID-related information
SUSE Rancher Benefits
- Quickly adapt and scale the system
- Automated orchestration and provisioning of workloads
- Zero-touch deployments
- Ease of administering distributed infrastructure
Vishal assured delegates that SUSE can support organisations in their transformation journey, to enable organisations to deliver impact to their users or customers. He encourages delegates to reach out to him if they are keen to find out how SUSE will be able to add value to their services.
The key to building a resilient digital infrastructure


Kamal Naresh: The key to digital resilience is next-gen data management
Today’s Information Technology environments are beset with new challenges, Kamal contends. Issues are aplenty – increase in threat vectors due to the massive amount of remote work, increasing regulatory oversight dictating rules for privacy and retention and legacy infrastructure limitations that prevent companies from being more agile.
Almost all companies are leveraging the cloud in some capacity and many have mandates to embrace it in bigger capacities, but it is not that easy. Additionally, IT is being held to stringent SLAs and many stakeholders have zero tolerance for downtime.
Backups are often considered the last line of defence. To put that in a football context, there is an entire line (or two) of defenders that try to prevent the opponent from ever scoring. The goalkeeper acts as that last defender that saves the ball from going into the goal. Not only do goalkeepers prevent others from scoring, but they are also the ones that put the ball back in play.
What Cohesity does is very similar, Kamal explains. Not only does Cohesity protect the goal and prevent data from being lost, but they are also the company that restores it to the environment. Ransomware has evolved and is now attacking backup copies. As a result, there is a need for a different architecture.
At its core, Threat Defense is about providing customers with a highly resilient platform that ensures confidentiality, availability and integrity of the data with encryption, fault tolerance and immutability built into the platform.


Data resiliency is then further augmented with comprehensive access control capabilities that ensure that entities accessing the data management platform conform with Zero Trust principles of no implicit trust and authentication, authorisation, and access control at the UI, CLI, and API-based entry points.
Kamal explains that it is further strengthened with support for multi-factor authentication, granular and customisable role-based access control to enforce the principle of least privilege and segregation of duties and quorum-approval to prevent unitary over privilege within administrative accounts – a crucial control to protect against unintentional user error, rogue admins, or compromised accounts – as well as auditing and continuous monitoring capabilities to ensure compliance and operational integrity of the entire data management platform.
However, unique to Cohesity, the Threat Defense architecture incorporates additional layers of protection: AI-driven detection and analytics – a set of advanced capabilities ranging from data classification to near-realtime threat detection to source-side data anomaly detection to adaptive behavioural analytics.
These detection and analytics capabilities provide Cohesity customers with the knowledge of where their sensitive data resides to proactively address compliance and governance issues like data overexposure in a near-real-time manner before these threat actors manage to fully exfiltrate an organisation’s most sensitive data assets.
The final layer of Cohesity Threat Defense ensures that their data management platform can be securely operationalised by their customers. This layer ensures that Cohesity remains an open and extensible data management platform with capabilities like our Marketplace that allow leading security ISVs like SentinelOne and Tenable to build security apps that run close to the data to help protect the data, natively on the Cohesity platform.
He concludes that data is always dark in the recovery phase, which makes automation necessary to identify what is violating compliance policies. Cohesity offers organisations to do bulk recovery and integration for security operations. Cohesity Threat Defense architecture can help to keep data secure as part of an overall in-depth defence strategy.
Polling results for the morning session
Throughout the morning session, delegates were polled on different topics.
The first poll inquired about key business initiatives for the next 12-18 months. Almost a quarter (24%) are focused on improving agility and delivery through Cloud Migration. That is followed by efforts to improve employee productivity through digital technology (21%) and modernising and securing apps (17%). Other delegates were evenly split between enabling real-time performance visibility and analysis (14%) and allowing users to efficiently deploy IT services across a variety of environments (14%) while the rest (10%) are embedding compliance transparently in applications.
On the main motivator that is driving digital transformation, most (42%) are interested to improve their capability to manage the increasing amount of data at the edge locations while ensuring security and compliance while 32% hope to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better. The rest (26%) see a growing need to maximise value/insights from an increasing amount of data assets as a motivator.
Regarding key fears in moving to cloud, a sizeable majority (61%) were concerned about security and governance. The other delegates were split between operational costs (16%), the need to re-skill talent (13%) and vendor lock-in (10%).
The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. About 42% found people and skillset the biggest challenge and 32% opted for security and compliance risks (32%). Data classification/data sovereignty/data residency concern was an issue for 11%. The remaining delegates were equally split on legacy infrastructure (5%), executive support/top management strategy (5%) and budget (5%) challenging.
Inquiring about the cyber security concerns that organisations are most worried about, 42% were worried about phishing and spear-phishing campaigns. The rest of the delegates were evenly divided between attacks on public-facing websites and infrastructure,e.g., SQLi, XSS, DDOS, (21%) and social engineering campaigns targeting employees/partners/users (21%). The rest of the delegates are bothered about attacks on remote access infrastructure, e.g., VPN compromise (17%).
On their plans to implement Zero Trust across their extended environment, most (43%) have already started implementing zero trust with a primary focus on identifying our critical assets, while others (29%) are partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero trust. The remaining delegates have made huge investments in different technologies and are not sure where to start due to operational complexities (21%) or are not yet ready to implement zero-trust due to a lack of resources and skills needed (7%).
Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over a third (35%) identified Security/Data Protection/Breach Prevention to be critical. It was followed identically by operational efficiency (18%) and addressing hybrid IT security issues (18%). Similarly, another set equally indicated reducing endpoint, Insider and IoT security threats (12%) and internal/Industry/Regulatory compliance (12%). The rest of the delegates are driven by the response to audit or security incidents (6%).
On the external help needed most to accelerate their digital transformation journey, about a third (35%) want assistance in managing the complexities of monitoring and managing multiple tools on on-premises and hybrid multi-cloud-based systems. That is followed by the mindset change and new ways of working (26%), agile Integration (17%), training and enablement for cloud technologies (13%) and automation (9%).
Exposing Supply Chain Attacks in Modern App Development


Tan LyeHee, Director of Sales Engineering, APAC Middle East & Africa, Checkmarx, elaborated on cyber threats in modern app deployment.
LyHee began by addressing the question of what Modern Application Development (MAD) is. MAD is a new approach to creating and increasing value through software produced. It holds the key to modernisation and software-based digital transformation. Through it, rapid innovation is powered using cloud-native architecture, loosely coupled microservices, database and service modules and it can abstract from the underlying system. It can dynamically respond to events in near real-time and offers tremendous benefit
However, MAD brings new security “risks” such as container risks, infrastructure as code risks, API (Application Programming Interfaces) Risks, Open-source code risks and Microservices Risks. Checkmarx takes the approach of modules and engines stacked on the cloud. It has been a pioneer for software security for years and is now transforming the industry to move beyond traditional security testing to managing the total software exposure across their entire SDLC at the speed of DevOps and the business.
More than 1,400 of the world’s leading organisations trust Checkmarx to power their software security program. They are a leader in the 2018 Gartner Magic Quadrant and are ranked #1 by industry peers on Gartner Peer Insights. Its proven solutions implemented by their customers have led to some phenomenal growth, we are growing 70% year-over-year and now have close to 600 employees globally.
The greatest challenge is supply chain security, opines LyHee. Checkmarx began with open-source software where codes are copied in modules from other places. The open-source module comes from other modules.


LyeHee observes that collaboration across wide communities has driven an explosion in application development based on open-source software. Highly collaborative ecosystems have myriad advantages, but zero trust security controls are not one of them, and attackers are taking advantage.
Accordingly, he shares the anatomy of an attack:
- A good package goes bad
- Discovery of other common packages being infected
- Attackers go after the developers preparing the package
- Minor and major versions were infected
Considering the prevailing trends, LyeHee believes that software composition analysis is the focus. There is also a need to understand the organisation’s open-source risk profile:
- Accurate open-source library detection
- Risk dashboard and detailed reporting across the organisation
- New vulnerability alerting without the need to rescan
- Vulnerability trends over time (project-level)
- Leverage the comprehensive threat intelligence database of public (CVE) vulnerabilities and unique (Checkmarx research)
In conclusion, LyeHee believes that mitigating against supply chain attacks is an imperative that should not be ignored. Through triage scan results they can identify and visualise the dependency structure, as well as dig into transitive elements. They are also able to focus and know where the vulnerable library is from before understanding the component to remediate.
He urged delegates to reach out to Checkmarx to better understand how the technology can help their organisations.
Observability in Singapore’s digital transformation journey


Taylor Chan, Head of Sales Engineering, Asia Pacific, SolarWinds talked about observability in digital transformation.
Taylor considers Singapore to be one of the fastest adopters of digital technologies. It is a mature market and an early adopter of new technologies, applications and solutions. The nation is forging ahead with its vision to have a world-class, secure and resilient 5G infrastructure that will be the backbone of its digital economy.
Singapore is a magnet for visionaries and businesses looking for an innovation hub in the Asia Pacific. A growing pool of highly skilled talent, solid government support schemes and an advanced IT infrastructure make up the triumvirate behind Singapore’s global competitiveness.
In addition to serving as the region’s trading centre, Singapore is universally regarded as the #1 Tech hub in the Indo-Pacific, a key reason 4,500+ U.S. companies are in the country. It has built a world-class, globally competitive tech industry and continues to explore new frontiers in innovation such as cloud computing, artificial intelligence, quantum computing, data analytics and other technologies that span healthcare, security, fintech, energy, aviation and defence.
The borrowing cost for Singapore is significantly less as it has historically maintained a high credit rating of AAA. For Taylor, Singapore is doing tremendously well in digital transformation and employs a six-fold strategy.
Some of the best examples of the Singapore government’s services include:
- SingPass: Digital identity for easy and secure access to government and private sector services
- MyInfo: Digitalisation of business operations via API which has resulted in an 80% improvement in application time
- LifeSG: One-stop access to 70+ government services for different stages of life
- GoBusiness: Connect business owners to 300+ government services, which teaches people how to apply for licenses.
For Taylor, there are some key features of a digital government:
- Services that are easy to use, reliable and relevant
- Seamless digital transactions
- Systems and data that are secure
- A digitally confident public service workforce
- A digitally enabled public service workplace
Those features have enabled swift actions to be taken to support COVID-19 operations:
- TraceTogther, SafeEntry; Build on existing tools like SingPass, MyInfo, FormSG
- Allow rapid development within days – Maskgowhere (Within 36 hours) and SupplyAlly


The foundations allow the government to quickly build applications. A prime example is Maskgowhere, which was ready within 36 hours, including a system that tracked the mask collection progress across 743 collection centres. This allowed resources to be directed to centres where help was needed.
The COVID-19 pandemic produced an urgent need to address logistical challenges on a national scale. For example, the distribution of reusable face masks to all Singapore residents created a logistical challenge to track collection quotas and manage a flexible pool of volunteers. SupplyAlly – A mobile app developed by GovTech to facilitate nationwide logistic distributions.
The beauty of the system is that the underlying technology is hidden from the citizen. It is an elegantly engineered product which provides a secure way to connect the different Government services. The good part is that the complexity of services faded into the background, and the citizens can enjoy the benefits introduced by the systems.
Taylor points out that Core Operations, Development Environment and eXchange (CODEX) technology stack enables them to use less sensitive data outside of their infrastructure, such as commercial cloud.
The Singapore Government Technology Stack (SGTS) comes with four aspects:
- Digital services: Easy to use, accessible and secure digital government services that improve the lives of citizens and businesses.
- Microservices: Reusable common services that agencies utilise to build applications such as the National Digital Identify for authentication.
- Middleware: Software services such as APEX (API gateway) and WOGAA (Whole of Government Application Analytics) (analytics that allows for rapid development, deployment, testing, and monitoring)
- Hosting platforms: Scalable hosting containers with secure connectivity.
Hence, GovTech has created a centralised government-wide API exchange -APEX – that serves as a searchable library of APIs. Authentication protocols on APEX ensure that only authorised applications have access to highly confidential citizen data. At the same time, activities on the APEX platform are tractable as the system audits and logs the applications that have requested to pull data from government databases.
With APEX, data collected and stored by one agency can be used by numerous other approved agencies or businesses to improve and streamline their processes. For example, MyInfo leverages the capabilities of APEX to enable citizens and residents to manage the use of their personal data for a myriad of online transactions, including applying for a Housing Development Board flat and opening a bank account.
The MyInfo API for developers makes it possible for more applications to be integrated with MyInfo without significant hassle or overhead costs.
To Taylor, the goal of digital transformation in government organisations is easy-to-use, secure services for citizens, and seamless digital transactions between people, government and agencies.
- Adopt new business models, operating models, and platforms: Go Digital First and Leverage data-driven insights into the services
- Avoid outdated processes and disruption causing mechanisms: Adopt automation (RPA) and modernise legacy systems
- Implement digital practices instead of physical counters: Leverage self-service digital practices
- Leverage newer technology and Analytics: Make use of forecasting and predictive modelling
- Invest in emerging technologies: Aim for a scalable and secure digital platform


Digital transformation spending is set to explode, Taylor believes that the areas of need include the revival from the pandemic, cost and productivity, and growth and results. Getting there will require faster decisions, simplified work, and the elimination of needless tasks. Considering that, full-stack visibility has never been so critical, Taylor contends.
Where SolarWinds can help is in proactive monitoring. With different tools and technology being adopted by companies the IT teams are left with spending most of their time dealing with performance issues. When organisations have too many tools, it can cause slow root-cause analysis. This leads to downtime, added cost and operational inefficiencies.
In conclusion, Taylor shares that the SolarWinds platform can support and power the digital transformation journeys of organisations, delivering superior ROI in various industries. He encourages delegates to reach out to his team to find out more about how SolarWinds can help with their organisation’s journey.
Mitigating digital asset disruption in a time of flux


Nathan Stevens, Head of Solution Consulting – APAC, Snow Software, shared on the complex and evolving space of digital asset disruption and how it can be addressed it.
“We are in a continuous state of disruption,” Nathan observes. “What we consider a digital asset has changed dramatically, and the emergence of new asset classes has made managing them even more challenging.”
He believes that IT leaders must leverage technology that delivers comprehensive visibility and contextual insight – Technology Intelligence. It allows for the management of organisations’ complete technology landscape and to drive transformation with precision and agility.
Digital assets have significantly changed in the last 40-50 years, but that rate of change has been exponential with the emergence of new technologies.
What is seen in this disruption is an increase in complexity. Buying practices have changed, and the world is very much in a consumption economy, and moving into a per second per minute economy as well – transforming into business-led procurement. Cyber-security exposure is larger than ever and very much high on the radar for all CIOs, especially as attacks become common. Identifications of vulnerabilities and foreign agents launching new attack has everyone on all on high alert.
The utility in which we associate these digital assets has expanded greatly – everything from ensuring your plants have enough water, to full automation of a mining site with driverless trucks – the possibilities are endless
Looking at how the modern digital asset was formed, Nathan wants to assess each of these distinct ages of modern technology against the spectrums of visibility, optimisation potential, and risk.
- Visibility – achieve a holistic view of data, applications, and spending across on-premises data centre, cloud, and SaaS (Software as a Service) environments
- Optimisation – leverage intelligent insights and recommendations about your data to optimise spending and drive operational efficiencies
- Governance – manage security risk and compliance without affecting business performance


All this points to common themes for 2022 and beyond, namely the rise of IoT, 5G, AI/Machine Learning, RPA, low code applications and edge computing and, more recently the meta-verse. All are rapidly changing how people consume technology and how we approach data and IT operations.
Nathan points out that cyberattacks on IoT devices skyrocketed in 2018 and surpassed 300% in 2019. Accordingly, malware attacks are now affecting a vast number of IoT devices. According to Forbes, the number of malware incidents involving IoT devices has grown from 813 million in 2018 to a staggering 2.9 billion already the following year.
The results of not having adequate visibility in place are:
- Lack of optimisation and increased risk
- Increase in SaaS spend that we are locked into and grown comfortable then, then the price increase
- Huge uptake in new technologies that need to be managed and will have huge impacts I.e., Containers
- 85% of CMDB projects fail – trying to achieve too much or being too ambitious; completeness for completeness’s sake or trying to achieve 100% coverage in a dynamic and ever-changing environment
“We don’t need a single source of truth, we need to have different data sets that give us a different perspective or insight – and integrate those best of breed datasets into the CMDB only where it makes sense,” Nathan asserts.
Snow’s solution for Technology Intelligence – what we see as the future of Software Asset Management is to provide complete insight and manageability across all technology


For Snow Software, the approach to technology intelligence requires additional levels of visibility, which involves understanding the usage of all technologies, leveraging data to negotiate the most value and obtaining baselines for intelligent migrations to the cloud.
If managing Microsoft spending as one key use case, it is possible to apply the same logic to Oracle or VMware as well. There is a movement beyond software or hardware asset management – it is time for technology asset management.
In conclusion, Snow Software can help organisations provide intelligence on the data that is collected to make business decisions on that data. The platform allows them to bring real value to customers. Nathan adds that they are also able to integrate with business processes.
Polling results for the afternoon session
Throughout the afternoon session, delegates were polled on different topics.
The first poll inquired about key business initiatives for the next 12-18 months. Over a third (37%) were focused on improving agility and delivery through Cloud Migration. This is followed by efforts to modernise and secure apps (21%) and enable real-time performance visibility and analysis (21%) and improve employee productivity through digital technology (11%). The rest were focused on allowing users to efficiently deploy IT services across a variety of environments (5%) and embedding compliance transparently in applications (5%).
Delegates were then asked about what would have the bulk of their budget in 2022 –2023. Just under a third (32%) have committed to embracing cloud technology, be it public or private (32%), followed by the digitalisation of processes to deliver better or ‘Smart’ services (26%). The remaining delegates have their allocation for n enhancing or adopting AI and Analytics for improving outcomes through forecasting, prediction and optimisation (16%), fortifying cyber resilience (16%) or improving integrity and governance whilst reducing inefficiency (11%).
On the main motivator that is driving digital transformation, 39% are driven by the desire to speed up their time-to-market to fully capitalise on business opportunities or to serve citizens better, followed by the growing need to maximise value/insights from an increasing amount of data assets as a motivator (26%). The rest of the delegates opted for providing a consistent and seamless cloud-everywhere experience across a distributed organisation (22%) and improving their capability to manage the increasing amount of data at the edge locations while ensuring security and compliance (13%).
The subsequent poll asked delegates what they saw as the biggest challenge in digitalisation and cloud migration. Delegates were evenly split between people and skillset (21%), legacy infrastructure (21%) and executive support/top management strategy (21%). The rest of the delegates equally found security and compliance risks (14%), budget (14%) and data classification/data sovereignty/data residency concerns (7%) challenging.
Inquiring about the cyber security concerns that organisations are most worried about, most delegates (42%) were worried about phishing and spear-phishing campaigns. The rest of the delegates were split between attacks on public-facing websites and infrastructure, e.g., SQLi, XSS, DDOS (21%) and social engineering campaigns targeting employees/partners/users (21%). The rest of the delegates are concerned about attacks on remote access infrastructure, e.g., VPN compromise (17%).
On their plans to implement Zero Trust across their extended environment, delegates are evenly split between partnering with multiple security partners to build a practical and pragmatic roadmap to implement zero-trust (28%), having made huge investments in different technologies and not sure where to start due to operational complexities (28%). Others (17%) have already started implementing zero trust with a primary focus on identifying their critical assets while about 7% are not ready to implement zero-trust due to a lack of resources and skills needed.
Asked about key drivers for their organisation’s initiating/augmenting an identity access/Zero Trust management programme, over a third (35%) identified Security/Data Protection/Breach Prevention to be essential. It was followed by internal/Industry/Regulatory compliance (36%) and addressing hybrid IT security issues (14%), The rest of the delegates are driven by the response to audit or security incidents (7%).
On the external help needed most to accelerate their digital transformation journey, most (42%) need assistance with a mindset change and new ways of working, followed by managing the complexities of monitoring and managing multiple tools on on-premises and hybrid multi-cloud-based systems (26%), training and enablement for cloud technologies (21%), automation (5%) and agile integration (5%).
Closing
To conclude the day, Mohit stresses the importance of getting started on the journey of securing data and information because “data is the new oil.”
For Mohit, attacks are inevitable, and organisations need to ramp up security to continue delivering business outcomes and value. He believes that the key is to work with partners who have the expertise and knowledge so that energies can be channelled into driving business objectives.


- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
GovTech has been recognised by OpenGov Asia for its innovative use of digital technology in transforming the public sector. Through the GovWallet initiative, GovTech has simplified government operations and unlocked new opportunities.
This effort forms part of GovTech’s ongoing work to develop a digital wallet module that enables government entities to securely and promptly distribute funds and credits to citizens and beneficiaries. Agencies no longer must build their own payment systems, and people can get their government payments quickly through apps they already use.
GovWallet facilitates payment tracking for government agencies while providing payment recipients with multiple options to monitor their payment and spending records. Notably, one of its key features empowers agencies to select authorised merchants and regulate payout usage.
GovWallet serves as a backend service module that seamlessly integrates with any government mobile application, including LifeSG and Singpass. This allows users to utilise their credits at PayNow and NETS accepting stores and withdraw cash from ATMs, facilitating financial access for individuals without bank accounts.
Essential insight to build digital payment
While working on SupplyAlly, a system that coordinates the distribution of tangible items like food packs, TT Tokens, and reusable masks during the pandemic, the GovWallet team initiated the Know Your Customer (KYC) research.
Through their collaboration with government agencies, the GovWallet team found that agencies are not only interested in managing the distribution of physical goods but also in disbursing government benefits to eligible recipients. The team discovered that there were limited locations where recipients could utilise their payouts, the widespread acceptance of digital vouchers in the commercial sector.
GovWallet was created to enable citizens to access the widely used SGQR and well-established payment ecosystems, such as PayNow and NETS, without the need for a bank account to complete the transactions. The aim was to expand the range of retailers where beneficiaries could utilise their payouts.
They recognised that a comprehensive approach to addressing security, fraud, compliance and monitoring concerns necessitates a risk assessment. The team engaged with various stakeholders to validate their strategy and output, encompassing both the technical implementation and policy framework.
As part of their pre-rollout plan, they used a separate team to conduct vulnerability analyses and penetration tests simultaneously. These assessments proved valuable in gauging risks, and their insights would inform the future rollout and expansion of GovWallet.
GovWallet is hosted on the Government on Commercial Cloud (GCC) platform and is deployed on Amazon Web Services (AWS). A typical disbursement campaign may require up to 1,600 man-hours to complete.
Their architecture, which is based on AWS’ Serverless framework, allowed them to scale up and down as needed, reducing the amount of manpower required to monitor, maintain and operate the system. Adopting a serverless architecture allowed them to concentrate on making GovWallet more cost-effective, high-performing and responsive to traffic vagaries.
GovWallet has been gaining popularity among both government agencies and citizens. However, as with any other product that requires integration with multiple parties, the GovWallet team needed to maintain close communication with agencies to avoid a drop in collaboration.
They have scheduled regular meetings with various parties, such as government agencies and banks, to keep track of progress and address issues as they arise. They have also worked on numerous disbursement campaigns with multiple agencies.
A noteworthy application of GovWallet was its collaboration with the Ministries of Defence and Home Affairs to disburse S$100 digital credits to over 1 million past and present national servicemen. The system successfully processed up to 1.1 million disbursements and payments, with minimal lag or disruption.
According to the team, communication is critical to the success of any project, regardless of its size. Onboarding a government agency onto GovWallet typically entails the agency, the GovWallet team and a frontend interface for citizens to access payouts, such as LifeSG or a commercial bank.
To be able to move and adapt quickly, all teams must be on the same page in terms of objectives and changes. This allows them to remain agile, quickly adapt to user needs, and benefit more citizens.
When designing the infrastructure or developing the code, the GovWallet team draws on market best practices. Additionally, they conduct routine security reviews of their products to ensure that they remain current with the latest security practices and vulnerabilities.
GovWallet is currently developing a self-service dashboard for agencies onboarding its platforms. This provides greater flexibility in administering government disbursement schemes without necessitating a system-to-system integration with the backend.
They are not restricting their expansion to support digital currency transactions on GovWallet and will continue to collaborate with banks to provide such services as needed.
About the team
GovWallet was originally created as a solution to the issues of higher costs, administrative workload and carbon emissions associated with the issuance of cheques and physical vouchers. As the team resolved these challenges, they partnered with industry players to integrate PayNow and NETS payment gateways into the platform, providing GovWallet beneficiaries access to around 200,000 merchants.
While the product team needs to be aligned with the mission and objectives of the initiative, it is equally critical for senior leadership within each organisation to support the initiative. This support enables the product team to reduce or eliminate potential roadblocks and achieve success.
When it comes to product roadmap planning and the development of user-centric solutions, GovTech collaborates closely with the Smart Nation Digital Government Office (SNDGO).
The GovWallet team places a strong emphasis on close collaboration and maintains open lines of communication with all functional roles involved in the initiative. For example, a developer can communicate directly with the product owner without the need for any intermediaries. This approach reduces the potential for misunderstandings and accelerates the feedback loop.
Regular dedicated checkpoints such as scrum and sprint retrospectives are held by the GovWallet team. During these meetings, the team members are given dedicated and safe time to reflect on and inspect the features they liked and areas for improvement. This practice encourages open communication and helps the team identify ways to improve their workflow and product development process.
In the same vein, the GovWallet team promotes effective interaction by establishing direct communication channels with other teams or departments. They also share their scrum cadence for keeping track of and aligning dependent activities. This enables everyone involved to stay on the same page, fosters collaboration and helps in delivering the project efficiently.
Scrum aided the team by dividing the delivery into two-week sprints. This resulted in a shorter feedback loop, allowing the team to adapt to changes more quickly, especially when deconflicting with other teams.
GovTech fosters an environment where all team members are urged to share their ideas for improving the way things are done or launching new initiatives. They have open communication channels with senior management, who are receptive to feedback and suggestions.
During the planning of their subsequent project phases, the team regularly carries out user research. Team members are encouraged to share any discoveries, improvements or trends they observed with the rest of the team.
The team values one another’s suggestions and takes them seriously, incorporating them into the work backlog when applicable. GovTech provides funding resources for its teams to test their ideas. This fosters an environment of transparency and openness where everyone is seen as a peer and can explore genuine possibilities.
GovTech encourages all employees to be agile, bold, and collaborative. By encouraging a culture of innovation and creativity, they have been able to tap into the diverse perspectives and experiences of its employees, resulting in new and effective solutions.
Through regular forums and open communication, the organisation has created an environment where everyone is empowered to contribute to its mission of using technology to improve the lives of citizens. This approach has not only improved the quality of the organisation’s work but also increased employee engagement and satisfaction.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
GovTech meluncurkan inisiatif dompet digital GovWallet yang bisa digunakan Singapura untuk mengirim uang dan kredit kepada warga penerima program dana bantuan sosial (bansos) pemerintah dengan aman dan cepat. Dompet digital ini membuat pemerintah bisa melacak proses penyaluran bantuan sosial. Sementara bagi warga penerima bantuan, mereka dapat mengetahui pembayaran yang diterima dan melacak riwayat pengeluaran mereka.
Dengan GovWallet, lembaga dan badan pemerintah bisa mengatur bagaimana dana bantuan yang mereka salurkan dipakai oleh penerima. Mereka bisa membatasi agar pembayaran yang dilakukan lewat GovWallet hanya bisa dilakukan di tempat-tempat tertentu saja. Dengan demikian, dana bantuan bisa digunakan untuk hal-hal yang lebih tepat sasaran.
GovWallet bisa digunakan di toko-toko yang menerima pembayaran PayNow dan NETS. Dengan PayNow, warga Singapura bisa melakukan transaksi pengiriman uang menggunakan nomor telepon. Sementara NETS adalah penyedia layanan pembayaran elektronik lokal di Singapura, mirip VISA atau Mastercard. GovWallet juga bisa digunakan di mesin ATM, sehingga warga yang tidak memiliki rekening bank bisa mengambil uang tunai.
GovWallet dikembangkan sebagai modul layanan backend, sehingga layanan ini bisa ditautkan ke aplikasi instansi lain, seperti LifeSG dan Singpass. Sehingga, tiap instansi pemerintah tak perlu lagi membuat sistem pembayaran mereka sendiri untuk mendistribusikan pembayaran.
Cara GovWallet dikembangkan
Inisiatif untuk mengembangkan layanan dompet digital GovWallet muncul ketika mengembangkan SupplyAlly. Seperti namanya, SupplyAlly merupakan sistem yang mengelola distribusi barang fisik, seperti paket makanan, Token TT (token fisik untuk layanan pelacakan COVID-19 Trace Together), dan masker pakai ulang (reusable). Sistem ini dikembangkan saat pandemi COVID-19 dan bisa digunakan untuk kebutuhan serupa setelah pandemi berakhir.
“Saat bekerja dengan lembaga pemerintah, kami mengetahui bahwa mereka tidak hanya tertarik dalam mengelola distribusi barang fisik tetapi juga menyalurkan pembayaran pemerintah kepada warga yang membutuhkan,” jelas tim GovWallet dalam wawancara dengan OpenGov Asia.
Selain itu, GovWallet juga menjadi jawaban GovTech untuk mengurangi emisi karbon dan biaya mahal imbas penerbitan cek dan voucher fisik untuk menyalurkan bantuan pemerintah. Untuk menyediakan layanan dompet digital, tim GovWallet bermitra dengan gateway pembayaran PayNow dan NETS.
Kolaborasi ini memudahkan warga penerima bantuan, sebab mereka bisa membelanjakan dana bantuan di GovWallet yang bisa ditransaksikan ke sekitar 200.000 toko yang sudah terintegrasi di jaringan PayNow dan NETS. Sebelumnya, voucher digital hanya bisa ditukar di sejumlah toko saja. Kini, dengan fitur SGQR di GovWallet penerima dana bisa melakukan transaksi di lebih banyak toko, tanpa harus memiliki rekening bank.
Selain itu, cara ini juga membantu meringankan penyaluran dan pengawasan dana dari pemerintah. Contohnya adalah kolaborasi dengan Kementerian Pertahanan dan Kementerian Dalam Negeri untuk menyalurkan kredit digital sebesar S$100 (Rp1,13 juta) kepada lebih dari 1,1 juta prajurit nasional.
Sistem ini pun berhasil menghemat waktu penyaluran bantuan dari rata-rata 1.600 jam kerja, kini bisa diselesaikan dalam sekejap. Sebagai contoh pada proses pembayaran jutaan prajurit nasional yang disebutkan sebelumnya, kini bisa diselesaikan hampir bersamaan, dengan minim gangguan dan jeda.
Penghematan lain yang dirasakan pemerintah adalah penghematan tenaga kerja yang diperlukan untuk memelihara sistem yang digunakan untuk membangun GovWallet. Tim pengembang memanfaatkan layanan cloud dari salah satu penyedia asal Amerika Serikat yang di-hosting di platform Government on Commercial Cloud (GCC).
Dengan membuat sistem berdasarkan arsitektur tanpa server (serverless framework), membuat sistem GovWallet bisa berperforma tinggi lantaran bisa bekerja fleksibel dan responsif terhadap lonjakan lalu lintas, namun lebih hemat biaya.
Sebagai layanan pembayaran digital yang rentan dengan kejahatan siber, tim GovWallet menyebut kode dan infrastruktur yang mereka rancang sudah menggunakan praktik terbaik di pasar saat ini. Di masa prapeluncuran, mereka melibatkan tim terpisah untuk melakukan penilaian kerentanan dan pengujian penetrasi. Hal ini berguna untuk membantu mereka melakukan penilaian risiko. Pemantauan keamanan terus dilakukan bahkan setelah layanan diluncurkan dan dipakai luas.
“Kami melakukan tinjauan keamanan secara berkala pada produk untuk memastikan produk kami yang sudah ada diperbarui dengan kerentanan dan praktik keamanan terbaru. Saat ini, kami belum mengadaptasi AI atau pembelajaran mesin dalam upaya pencegahan penipuan, namun kami terbuka untuk menjajaki hal itu di masa mendatang jika diperlukan,” jelas tim lagi.
Dalam waktu dekat, tim GovWallet tengah membangun dasbor, sehingga instansi pemerintah yang memanfaatkan GovWallet bisa mengatur sendiri bagaimana skema pencairan dana yang ingin mereka lakukan. Dengan dasbor ini, mereka pun tidak perlu melakukan integrasi sistem ke backend GovWallet. Ketika ditanya soal ekspansi ke blockchain dan mata uang crypto, GovWallet menyebut mereka terbuka untuk mendukung kedua hal itu dan siap bermitra dengan bank jika memang diperlukan.
Membangun efektivitas dan kreativitas tim
Tim GovWallet menyatakan komunikasi adalah hal terpenting untuk menjamin keberhasilan proyek dalam skala apapun. Berdasarkan pengalaman mereka, sinkronisasi informasi dengan sesama anggota tim lain membuat mereka bisa lebih gesit dan memastikan aplikasi menjawab kebutuhan pengguna dan memberi manfaat bagi lebih banyak warga.
Meski GovWallet telah mendapatkan apresiasi warga dan instansi pemerintah lain, namun tim GovWallet tetap memastikan komunikasi yang erat dengan semua pihak agar bisa tetap responsif mengatasi kemungkinan masalah dan mengikuti perkembangan yang terjadi.
Untuk menjaga agar aplikasi dompet digital ini tetap memenuhi kebutuhan pengguna, tim GovWallet, kerap melakukan riset pengguna secara reguler. Tim didorong untuk berbagi insight mengenai tren terbaru dan peningkatan yang bisa mereka lakukan untuk mengembangkan produk. Masukan dari riset ini akan mereka gunakan untuk merencanakan proyek fase berikutnya. Tiap masukan ditanggapi dengan serius dan akan menjadi bagian dari pekerjaan tim jika relevan.
Mereka mengembangkan budaya yang transparan dan terbuka dalam tim, di mana setiap orang menjadi rekan satu sama lain. Sementara pemimpin senior dari setiap organisasi menjadi pendukung inisiatif yang akan dijalankan dan mendorong tim untuk menyatukan upaya mencapai tujuan tersebut. Hal ini dilakukan untuk mengurangi dan menghilangkan kemungkinan terjadinya boikot atas program pemerintah.
Untuk menjaga keselarasan, GovTech juga bekerja sama dengan Smart Nation Digital Government Office (SNDGO) untuk pengambilan keputusan teknologi-kebijakan dalam hal perencanaan peta jalan dan dan pengembangan produk serta solusi yang berpusat pada pengguna.
Komunikasi dan kolaborasi terbuka dengan berbagai pihak juga dilakukan untuk memvalidasi pendekatan yang digunakan dan produk yang dikembangkan. Validasi dilakukan pada aspek kebijakan hingga implementasi teknis. Untuk menjaga keterbukaan, mereka mengimplementasikan jalur komunikasi langsung dengan peran fungsional apa pun dalam tim.
“Misalnya, pengembang kami dapat berkomunikasi dengan pemilik produk secara langsung tanpa harus melalui perantara apa pun. Ini membantu mengurangi kemungkinan kesalahpahaman dan mempercepat putaran umpan balik.”
Untuk meningkatkan layanan, mereka memiliki pos pemeriksaan khusus yang melakukan inspeksi secara reguler dengan metode scrum dan sprint retrospective. Dengan metode ini, tim didorong untuk melakukan refleksi dan inspeksi dengan mendiskusikan fitur yang mereka sukai dan mengkritisi fitur yang harus ditingkatkan.
Untuk mendukung komunikasi yang lebih efektif dengan tim di departemen lain, mereka juga membagikan metode scrum dengan mereka. Dengan demikian, semua tim yang terlibat memiliki kesadaran mengenai urgensi sebuah tugas dan tujuan yang akan dicapai.
“Scrum membantu kami dengan membagi penyelesaian tugas menjadi bagian yang lebih kecil dan menjadikannya sprint per dua minggu. Kami memiliki jarak yang lebih pendek untuk mendapat umpan balik dan tim bisa segera beradaptasi dengan perubahan, terutama ketika terjadi bentrok dengan tim lain.”
Sebagai penutup, tim menyebut GovTech pun mendorong setiap karyawan untuk gesit, berani, dan kolaboratif. Tiap staf didorong untuk memunculkan ide-ide baru untuk menyelesaikan suatu masalah dan mengembangkan komunikasi terbuka. Kedua hal inilah yang mendorong kreativitas karyawan.
Komunikasi terbuka dengan manajemen senior membantu menurunkan hambatan kreativitas para staf, sebab mereka merasa diberdayakan untuk berinovasi dan berkreasi. Mereka menggelar forum triwulanan untuk memaparkan ide-ide inovatif kepada tim kepemimpinan senior. Mereka juga bisa memanfaatkan sumber pendanaan dari GovTech yang bisa dimanfaatkan untuk menguji gagasan mereka.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Singapore is pushing the boundaries of digitalisation for global trade, as the Infocomm Media Development Authority (IMDA) collaborated with industry players to successfully execute a live shipment from Singapore to Thailand during the first quarter of 2023.
Using Singapore’s TradeTrust framework, this fully paperless, live cross-border trade involved the use of Electronic Transferable Records (ETR), which are functionally equivalent to paper Bills of Lading (BL).
TradeTrust, developed by IMDA, was created to address the challenges of paper-based cross-border trades by leveraging international standards and frameworks and leveraging blockchain-powered technology to enable the digitalisation of transferable documents into ETR.
The IMDA TradeTrust framework harmonises the legal recognition of digital documentation among jurisdictions that have adopted the Model Law on Electronic Transferable Records (MLETR) of the United Nations Commission on International Trade Law (UNCITRAL).
Loh Sin Yong, Director of TradeTrust at IMDA, stated that Singapore has endeavoured to reshape, reimagine, and redefine global trade since 2019. The international trade ecosystem profoundly relies on physical paper records and signatures for validation.
The live transaction for the shipment of liquid chemicals from Singapore to Thailand utilises the TradeTrust framework to generate an electronic Bill of Lading (eBL) that complies with UNCITRAL’s MLETR statutory law framework, he added.
Besides, they are thrilled to have demonstrated that the industry could potentially use eBL even in the absence of a contractual legal framework, as they believe this will encourage the widespread adoption of eBL in international trade.
A shipper, a TradeTrust-enabled digital platform provider, and a vessel owner supported by their Protection & Indemnity (P&I) Club participated in the world’s first ETR cross-border trade.
The TradeTrust-enabled digital platform provider has developed a digital solution to support the key logistics documentation processes for cross-border liquid chemical trade involving multiple parties, such as a surveyor and customs broker.
The use of TradeTrust has vested the digitalisation of the transfer of ownership title, issuance and surrender of the ETR as an eBL across multiple systems and stakeholders, in compliance with the UNCITRAL MLETR.
The shipment was made using the following methods:
- The liquid chemicals were dispatched from Singapore to Thailand by the shipper.
- Using a TradeTrust-enabled digital platform, the vessel issued an eBL.
- The use of Marine Vessel Pass has resulted in the creation of Digital Passports for Ships on the eBL, ensuring that the digital identity used in signing was onboarded and verified.
- The eBL was then surrendered on the TradeTrust Reference Implementation, demonstrating interoperability across multiple systems without the need for the development of inter-system connectivity protocols such as APIs. It also enabled digital and paper-based processes to communicate with one another.
- Their Protection and Indemnity (P&I) Club supported the vessel on the basis that the P&I liabilities arising from the use of a TradeTrust-issued eBL are equivalent to the liabilities that could have arisen from the use of a paper-based Bill of Lading.
- The eBL was legally supported solely by statutory law, with no contract law or rulebook used. This shipment demonstrated the utility of an eBL issued under the TradeTrust framework in a non-MLETR jurisdiction such as Thailand.
By streamlining and automating existing processes, the implementation of eBLs has increased productivity. The advantages include shorter wait times and lower costs. This pilot builds on industry collaboration to encourage the use of ETRs and facilitate cross-border trade.
ETRs can be issued, transferred, and surrendered in a trusted manner across different digital platforms using the TradeTrust framework, which is required in the context of cross-border trade.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Data collecting regulation, information policy, and strategic planning are all areas where Thailand is eager to improve to drive the digital society and economy. Following the legislation, a framework for government assistance in compliance with personal data protection is being developed and deployed.
As an updated version of national strategies and goals on digital growth for economy and society, 2018–2037 phase 2, the act was addressed in a scheduled meeting with a designated committee that are responsible for monitoring the previous resolution’s implementation status. To help digital enterprises in Thailand, they followed rule No. 1/2022 and set up a digital service account.
Secretary General of the National Committee on the Digital Economy and Society, Puchphong Nodthaisong, attended the forum for the Promotion and Development of the Digital Economy and Society. More than fifty individuals from various organisations attended the meeting, which was attended by Minister of Digital Economy and Society Chaiwut Thanakmanusorn and numerous other connected figures.
Strategies for propelling the E-Workforce Ecosystem Platform, the backbone of Thailand’s digital economy, were reviewed in length. Puchpong shared that integrating metrics to gauge a country’s digital economy’s worth and improving government agencies’ ability to adapt to the national plan using an organisational project management approach was key.
The processing platform for the system and architectural design is now in development. The committee has offered advice on setting up and using the forum and other connected matters.
Qualification checks for registering digital service accounts were also considered, in addition to writing a ministerial rule prescribing supply and procurement methods that the state must encourage or support. The committee reported that it has revised a draught of rules and guidelines intended to advance the inclusion of people of all ages, including those with disabilities and the elderly, in the information age.
The annual Digital Economy Promotion Leadership Programme is organised by the Digital Economy Promotion Agency (depa) to further educate business executives on the cutting edge of digital technology.
The conference gave top-level executives the training they needed to analyse, synthesise, and apply knowledge to real-world challenges, empowering them to make meaningful contributions to the country’s economic development in the years to come. The ability of a government to invest in its top executives, both in the public and commercial sectors, is directly correlated to the country’s strength, as recognised by Depa. In addition, the rise of the digital economy will impact the administration of policies and plans.
Depa also geared up to educate the next generation of tech-savvy farmers. They looked at methods of boosting farmers’ and businesses’ digital technology use. Smart agriculture was presented to stimulate the digital economy during the summit. By embracing the digital economy, the province can fulfil its potential and meet its demands.
The commercial and service sectors, including the intelligent tourism industry, may all benefit from developing new agricultural goods and services made possible by digital innovation. The initiative’s latter phases saw commercial and service sectors merging with the technologically dependent “smart tourism” industry.
Several Thai farms have already started using smart agriculture. For example, to increase the nutritional value of their rubber and palm plants, farmers in Chiang Khan, Thailand, are using drones to disperse the biochemicals obtained from the pig.
Smart agriculture is an idea that has been gaining traction throughout the world in recent years. Connecting and enhancing the intelligence of farms promotes production and addresses difficulties specific to farms (such as fulfilling growing food demands). Precision farming, variable rate technologies, smart irrigation, and intelligent greenhouses are all examples of IoT-enabled intelligent agricultural systems.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Launched in 2019, CrowdTaskSG aims to harness the collective intelligence of Singaporeans to provide government agencies with useful insights into national issues and addresses the prevalent notion that citizens’ voices are often overlooked. The platform serves as a bridge between citizens and agencies, offering a centralised platform for citizens to share their thoughts and ideas.
The initiative operates on the premise that Singaporeans can have an active and meaningful role in co-creation, collaboration and crowdsourcing, rather than being passive recipients of government schemes and services.
Citizens have a range of ways to participate, including surveys, polls and questionnaires focused on government policies and issues. In addition, they can take part in testing prototypes for new government websites, providing feedback on areas that require improvement and assisting with translation requests.
This diverse set of options aims to cater to various interests and expertise levels, making it easier for citizens to engage with the platform in a meaningful way. By doing so, CrowdTaskSG endeavours to foster greater interaction and participation from citizens, while also providing agencies with a more comprehensive understanding of public sentiment on various issues.
To broaden the scope of citizen participation, the CrowdTaskSG team is actively exploring additional tasks that can be performed through the platform. The team collaborates with other agencies to identify opportunities to optimise the platform for a wider range of crowdsourcing initiatives.
GovTech method to better engage citizens
The CrowdTaskSG team has been inspired by the widespread popularity of the mobile game Pokemon Go, which employs GPS technology to allow players to discover real-world locations, capture virtual creatures and engage with other players.
Gamification was the secret ingredient that propelled the success of Pokemon Go, as it transformed the simple act of walking into a social experience. The game tracks users’ daily steps and incentivises movement by rewarding them with new monsters.
What made Pokemon Go’s success truly remarkable was not only how quickly it became a worldwide phenomenon, but also how it motivated people to participate in physical activity – a pursuit that many individuals were previously averse to. The CrowdTaskSG team was intrigued by this philosophy and wondered whether a similar approach could be adopted to foster the development of a smart nation.
Undoubtedly, many Singaporeans possess a wealth of skills, ideas and feedback that could support Singapore’s transition towards becoming a smart nation. However, they may lack the motivation to engage in these activities.
CrowdTaskSG bridges the gap between citizens and agencies by integrating gamification elements to make the engagement process more enjoyable and rewarding. Through these efforts, they aim to create a more interactive and captivating platform that inspires citizens to take an active role in shaping national policies and improving their personal well-being.
By incorporating gaming elements, CrowdTaskSG takes completing surveys or tasks on the platform to a whole new level of fun – making mundane tasks far more enjoyable and rewarding. Users can earn experience points to level up and virtual coins for NETS QR purchases after completing a task.
The team has adopted simple gamification concepts to ensure that they appeal to individuals of all ages. To make the platform user-friendly and accessible to all, the team has designed a clean and straightforward user interface that minimises distractions and enhances accessibility.
As a product that is designed to prioritise citizen engagement, the CrowdTaskSG team places great importance on delivering a seamless user experience. In addition to collecting feedback and suggestions through the platform, the team frequently conducts user interviews with CrowdTaskSG users to gain insights into evolving user needs and identify areas for improvement.
The CrowdTaskSG team is committed to carefully considering the needs of government agencies as well as user feedback to continuously add new features and improvements to the platform. After the user interviews and testing sessions, the team works consistently on making the platform easier to use and making sure that information and instructions are clear and easy to understand.
The team recently introduced a Leaderboard feature in their referral campaign, which led to a 10% surge in user participation. They also revamped the reward system, making it more convenient for citizens to redeem their virtual coins.
CrowdTaskSG offers government agencies a cost-effective solution as they can currently utilise the portal free of charge. It is a user-friendly, self-service platform that not only enables government employees to submit tasks easily but also allows them to review responses with the built-in data visualiser.
The platform uses MyInfo verification to ensure that all participants are genuine, and its screener function simplifies the process of reaching specific groups of people for government agencies.
The platform has received positive feedback, with many users citing how it has facilitated fast and efficient communication with participants. This is particularly advantageous for User Experience (UX) and Design Thinking teams, who rely heavily on user testing and feedback throughout their design process.
The technology infrastructure that CrowdTaskSG uses has also been employed to develop the SG Translate Together (SGTT) web portal, which is a distinct product from CrowdTaskSG. This has enabled the Ministry of Communications and Information to collaborate with the public to gather translation data through crowdsourcing.
The data collected is utilised to enhance and train SG Translate, the Machine Translation Engine, resulting in more translations that cater to local needs. Additionally, SGTT provides translation resources and a form platform to engage with the local translation community.
The CrowdTaskSG team places a high priority on ensuring that the onboarding process for new users is easy and seamless when developing a product that is intended for widespread use. Therefore, deciding between a mobile application or a web-based application was a crucial consideration for the CrowdTaskSG team when they began the project.
There were several reasons why a mobile-responsive web platform was ultimately chosen for CrowdTaskSG:
- Because there are more steps to go through, downloading a mobile application to answer a survey is a huge barrier for new users. If it is a web-based platform, new users can log in by scanning a QR code, which is a quick touch-and-go.
- As a result of the pandemic, most Singaporeans are now accustomed to scanning QR codes to open websites in a browser, which became one of the onboarding workflows.
- Having a web-based platform enabled to reach users not only on mobile phones but also on desktop computers and even fixed kiosks in the form of touch-screen TVs and tablets when agencies conduct road shows and engage citizens.
To ensure that CrowdTaskSG could be accessed on various screen sizes, including desktops, mobile phones, tablets, and TVs, the team put a great deal of thought into the design of their components to maintain a consistent user experience across all platforms.
TypeScript is the main programming language used by the CrowdTaskSG team, and React is used for the front end, while NodeJS is used for the back end. Using a single language across the stack makes it easier for developers to switch between frontend and backend development with minimal contextual overhead.
A robust audit trail is crucial for a mass-market application as it helps developers quickly identify and resolve technical issues that users might encounter. Moreover, regular performance testing ensures that the application can handle high volumes of traffic and load spikes that may coincide with marketing efforts. By doing so, the team can avoid any performance issues that might lead to a poor user experience and ultimately impact the success of the application.
Constantly being wary of malicious activities is a common challenge with gamification in crowdsourcing platforms. Users could be inclined to cheat the system by submitting tasks multiple times or completing unassigned tasks to gain an advantage in their pursuit of rewards. While not a technical challenge, it is burdensome.
To prevent such behaviour, measures have been put in place to ensure that task submissions on CrowdTaskSG are unchanged or idempotent; submitting the same task multiple times does not benefit the user nor are they rewarded for completing tasks that are not assigned to them.
Nonetheless, security is of paramount importance for the CrowdTaskSG team as they are deploying a government product. Hence, every major release undergoes professional vulnerability assessments and penetration testing before distribution.
In addition to these pre-release tests, the team conducts monthly risk assessments using open-source scans and other risk surveillance tools. The team also has a surveillance bot that monitors traffic and potential attacks in real-time to ensure that any suspicious or unusual activities are promptly investigated.
About the team
For a diverse team to function effectively, a strong product vision and shared goals that inspire collective buy-in are crucial, beyond just support and resources. Creating a culture that embraces and celebrates diversity is essential in acknowledging that each individual brings unique perspectives and expertise to the table.
This recognition helps ensure that every team member can make meaningful contributions to the various domains. Support and resources can be generated from within the team if the right culture and communication are in place.
CrowdTaskSG’s work methodology is heavily influenced by GovTech’s Agile, Bold, and Collaborative values. The team convenes every two weeks for “retrospectives,” during which they discuss the previous sprint and exchange fresh concepts regarding the product and their work approach. To capture spontaneous ideas, they also maintain idea boards to jot down any potentially useful insights for future reference.
Regular and open communication is important and members talk to each other often (at least once a day). The team values a “no-blame” culture, which creates a safe space for members to express their thoughts and concerns.
Trust is a cornerstone of the team’s work culture, with everyone aware that they are working together for the best of the product. The team takes a collaborative approach to problem-solving, with all domain leads gathering to discuss various perspectives before arriving at decisions and working through problems quickly and efficiently.
The CrowdTaskSG team proactively helps each other to overcome any obstacles that may impede their progress. A conducive culture and effective communication facilitate this internal support system, enabling team members to assist one another in achieving their shared goals.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Pemerintah Singapura meluncurkan CrowdTaskSG pada 2019. Sesuai namanya, CrowdTaskSG memang ditujukan agar pemerintah bisa lebih melibatkan partisipasi warga untuk menyelesaikan masalah nasional dan pembangunan di Singapura, sehingga kontribusi dan masukan dari warga bisa digunakan sebagai dasar penentuan keputusan dan tindak lanjut lembaga pemerintah.
Inisiatif ini meluncur dengan premis bahwa warga Singapura bisa memainkan peran aktif dalam pemerintahan. Mereka tidak hanya sebagai pemain pasif yang menerima skema dan layanan pemerintah. Namun, warga bisa berkreasi bersama, berkolaborasi, dan menjadi sumber informasi bagi pemerintah.
Inisiatif ini meluncur sebagai respons atas pendapat yang umum beredar kalau pemerintah Singapura kurang memerhatikan aspirasi warga. Oleh karena itu, CrowdTaskSG diciptakan untuk menjembatani kesenjangan antara warga dan lembaga pemerintahan. Lewat platform ini, pemerintah menyediakan satu platform terintegrasi untuk berbagi pendapat dan ide.
Hal ini diwujudkan dengan memberi kesempatan bagi warga untuk berkontribusi dalam survei, jajak pendapat, atau kuesioner tentang kebijakan dan masalah pemerintah lewat CrowdTaskSG. Selain itu, warga juga bisa melakukan tugas seperti menguji prototipe fitur atau produk baru di situs web pemerintah, memberi umpan balik tentang wilayah kerja yang perlu peningkatan, dan ikut terlibat untuk kebutuhan penerjemahan. Sebab, Singapura biasanya perlu menyosialisasikan kebijakan pemerintah dalam empat bahasa, Inggris, Melayu, Mandarin dan Tamil.
Tim CrowdTaskSG terus berupaya meningkatkan minat warga untuk berkontribusi aktif di platform ini. Mereka juga terus mengeksplorasi tugas-tugas bersama (crowd task) lain yang bisa diintegrasikan di platform ini. Untuk itu, tim CrowdTaskSG kerap menjalin komunikasi dan kolaborasi dengan instansi lain untuk mempelajari dan menggali ide bagaimana platform ini bisa lebih dioptimalkan untuk mendukung berbagai inisiatif crowdsourcing.
Gamification untuk menarik partisipasi warga
Sejak pertama meluncur, GovTech sudah menyertakan gamification pada platform ini. Mereka terinspirasi untuk memasukkan faktor permainan dalam platform ini lantaran terinspirasi oleh kepopuleran gim Pokemon GO.
Pokemon GO adalah gim berbasis lokasi dan augmented reality. Lewat gim ini, pemain diajak untuk menangkap dan mengumpulkan berbagai monster unik khas Pokemon. Memanfaatkan GPS di perangkat pengguna, mereka harus menjelajah ke tempat-tempat berbeda untuk menemukan berbagai monster langka itu. Monster Pokemon yang terkumpul bisa dilatih dan dipertarungkan. Gim ini sekaligus menghitung jumlah langkah yang dilakukan dalam sehari untuk menangkap monster-monster itu.
Kesuksesan Pokemon GO berhasil mengangkat gim ini menjadi fenomena dunia. Menariknya, gamification permainan itu berhasil menarik orang untuk keluar rumah dan lebih aktif melakukan kegiatan fisik. Hal yang kian jarang dilakukan di kehidupan modern sebelum popularitas gim ini meledak.
Resep rahasianya tentu terletak pada gamification yang berhasil dieksekusi dengan baik oleh pembuat permainan ini. Pokemon Go sukses mengubah kegiatan berjalan keluar rumah yang menjemukan menjadi kegiatan sosialisasi yang menyenangkan.
“Hal inilah yang membuat kami berpikir apakah kita bisa memanfaatkan cara yang sama untuk membantu membangun misi Smart Nation di Singapura,” jelas tim pengembang CrowdTaskSG dalam wawancara dengan OpenGovAsia.
Lewat CrowdTaskSG, tim ingin memberi ruang bagi talenta-talenta terbaik Singapura untuk memberikan kontribusi mewujudkan Smart Nation. Sebab, mereka percaya banyak warga Singapura yang memiliki potensi, ide, dan masukan berharga untuk membantu membangun negara. Namun, talenta itu tersiakan karena kurang difasilitasi oleh platform yang tepat dan kurangnya motivasi untuk ambil bagian.
Tim CrowdTaskSG berharap dengan berbagai gamification yang dihadirkan bisa menjembatani kebutuhan pemerintah dan keinginan warga untuk berkontribusi. Mereka pun ingin membuat proses kontribusi itu menjadi sesuatu yang menyenangkan.
Tim mengintegrasikan gamification ke dalam berbagai tugas yang ada di CrowdTaskSG. Misal, ketika warga membantu menyelesaikan survei atau tugas tertentu, mereka akan mendapat poin untuk naik level. Adopsi leaderboard ini diklaim berhasil meningkatkan pertumbuhan pengguna hingga 10 persen.
Mereka juga bisa mendapat koin virtual yang bisa digunakan berbelanja lewat NETS QR (jejaring pembayaran elektronik menggunakan kode QR di Singapura). Sejauh ini, tim sudah mengadopsi konsep gamification sederhana yang cocok untuk semua umur.
Sebagai layanan self-service, tiap instansi pemerintah di Singapura bisa membuat tugas atau survey yang mereka perlukan di CrowdTaskSG. Tim berpendapat mereka mendapat repons positif dari instansi pemerintahan yang memakai platform ini. Sebab, mereka mendapat cara yang efisien dan cepat untuk mendapat umpan balik warga.
“CrowdTaskSG sangat berguna untuk tim pengalaman pengguna (User Experience/ UX) dan tim Design Thinking yang ingin mengetes pengguna dan mendapat tanggapan mendalam dalam proses desain mereka,” jelas tim lagi.
Selain itu, CrowdtaskSG Tech Stack juga dimanfaatkan untuk membuat dan menyempurnakan situs SG Translate Together (SGTT). Lewat portal ini, Kementerian Komunikasi dan Informatika Singapura bisa berkolaborasi dengan warga untuk melakukan translasi data. Data ini lantas digunakan untuk melatih dan memperbaiki kemampuan SG Translate, the Machine Translation Engine, agar hasil terjemahan terasa lebih lokal. SGTT menyediakan sumber daya translasi dan forum sebagai tempat bersosialisasi komunitas para penerjemah.
Untuk membuat platform ini menarik dan berguna bagi pengguna, CrowdTaskSG aktif mencari umpan balik dan saran pengguna.
“Kami kerap melakukan wawancara pengguna untuk memahami kebutuhan mereka dan bagaimana meningkatkan kenyamanan mereka. Kami juga menjaga agar antarmuka layanan kami tetap bersih dan sederhana untuk mengurangi distraksi dan kemudahan pemahaman pengguna.”
Untuk menjaga keamanan, platform ini menggunakan verifikasi pengguna. Sementara bagi instansi pemerintahan yang ingin menggunakan platform ini, mereka bisa memanfaatkan fitur pemindaian untuk mendapat responden yang tepat.
Ketika berbicara pengembangan CrowdTaskSG ke depan, tim berkomitmen untuk senantiasa menerima umpan balik pengguna, baik warga atau instansi pemerintah, untuk terus memperbaiki layanan mereka dengan fitur baru.
Teknis pengembangan CrowdTaskSG
Tim CrowdTaskSG membagikan sejumlah tips ketika membuat layanan yang akan diakses secara massal. Menurut mereka, hal utama yang harus dipertimbangkan adalah kemudahan akses pengguna. Dengan pertimbangan itu, mereka membangun CrowdTaskSG sebagai situs web yang mobile-responsive agar bisa digunakan oleh pengguna yang menggunakan berbagai perangkat, baik ponsel maupun desktop.
“Jika dibuat sebagai aplikasi mobile, akan menambah kesulitan pengguna yang ingin berpartisipasi. Mereka mesti mengunduh aplikasi itu terlebih dahulu. Hal ini bisa menjadi penghalang besar bagi warga untuk berpartisipasi. Dengan membuat , pengguna baru cukup memindai kode QR, login, dan bisa langsung berpartisipasi.”
Untuk bahasa pemrograman, mereka menggunakan TypeScript, dengan frontend berjalan menggunakan React dan backend menggunakan NodeJS. “Memiliki bahasa yang sama di seluruh stack membantu pengembang kami beralih dengan cepat ketika mengembangkan frontend dan backend dengan sedikit contextual overhead.”
Untuk mempercepat respons ketika pengguna manghadapi kendala teknis, tim CrowdTaskSG menyarankan perlu dilakukan audit yang kuat agar bisa segera dilakukan identifikasi masalah. Mereka juga melakukan pengujian secara rutin untuk memastikan aplikasi mampu menampung ketika terjadi lonjakan lalu lintas.
Meski gamification dipercaya bisa meningkatkan interaksi warga, namun kendalanya adalah bagaimana cara mengatasi kecurangan. Sebab, ada saja warga yang ingin mencurangi sistem dengan mengirimkan tugas berkali-kali atau menyelesaikan tugas yang tidak ditujukan kepada mereka demi mengejar hadiah.
Untuk mengatasi hal ini, tim memastikan tugas yang dibagikan di CrowdTaskSG bersifat idempotent. Artinya, warga hanya bisa mengirim tugas sekali. Jika lebih dari itu, maka tidak akan berpengaruh pada peringkat atau nilai pengguna. Selain itu, mereka juga melakukan pemeriksaan validasi secara ekstensif untuk memastikan pengguna tidak diberi imbalan untuk melakukan tugas yang tidak ditugaskan kepada mereka.
Terkait dengan masalah keamanan, tim memastikan melakukan serangkaian ujian penetrasi dan menilai potensi kerentanan pada setiap perilisan besar. Selain uji pra-rilis, setiap bulan mereka juga menilai risiko keamanan melalui pemindaian open source dan alat pengawasan risiko lain. Tim juga memiliki bot untuk melacak lalu lintas dan potensi serangan secara real-time untuk memastikan penyelidikan tepat waktu terhadap aktivitas yang mencurigakan atau tidak biasa.
Membangun tim kreatif
Tim CrowdTaskSG dilatih untuk tak takut berinovasi. “Tim kami berpedoman pada nilai-nilai organisasi kami untuk menjadi Gesit, Berani, dan Kolaboratif. Kami melakukan dengan cepat, menguji dengan cepat, dan gagal dengan cepat.”
Mereka juga melakukan retrospektif per dua minggu sebagai momen untuk mengevaluasi hasil Sprint sebelumnya dan berbagi ide baru. Ide-ide ini tidak terbatas pada produk yang tengah dikembangkan tapi juga cara bekerja. Mereka juga memiliki papan ide yang akan menampung ide semua anggota tim yang mungkin bisa berguna di masa depan.
Selain itu, mereka menjalin komunikasi yang terbuka dengan tim dan berusaha mengadopsi budaya tanpa menyalahkan. Dengan demikian, mereka bisa memupuk ruang aman bagi anggota tim untuk berbagi pemikiran dan keprihatinan secara terbuka. Mereka juga menanamkan pola pikir untuk mengutamakan kepentingan pengembangan produk dalam cara kerja mereka.
Bekerja dengan tim yang berbeda latar belakang, tim CrowdTaskSG mengutamakan kebersamaan dan mengumpulkan perspektif dari berbagai sisi lewat diskusi yang cepat dan efektif. Selain itu, memiliki visi dan tujuan produk yang kuat juga mempersatukan tim yang berbeda latar belakang ini.
Mereka juga mengutamakan budaya yang saling merangkul dan merayakan keberagaman, karena anggota tim sadar mereka semua memang menyumbang perspektif dan keahlian yang berbeda ke dalam tim. Budaya gotong royong untuk menyelesaikan masalah satu sama lain juga dilakukan agar proyek yang tengah dikerjakan bisa bergerak maju.
- Like
- Digg
- Del
- Tumblr
- VKontakte
- Buffer
- Love This
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- Subscribe
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Passwords alone are no longer sufficient to protect users’ online accounts as cyberattacks become more frequent and advanced, hence, multi-factor authentication (MFA) is necessary to reduce the risk of unauthorised access to online accounts.
There are different types of MFA that use what the user has and who the user is. SMS-based Authentication, Biometrics Authentication, and Application-based Authentication are the most common types.
When a user turns on SMS-based authentication, they register a mobile number that is linked to their account. Most SMS-based OTPs are only good for a certain amount of time, usually 3 minutes, after which they can’t be used again.
When a user intends to log in to their account, the system produces an OTP and sends it to the registered phone number via SMS. The system then checks the OTP, and if they match, it lets the person into their account.
When a user turns on biometric authentication, they will have to enrol their biometric data into the system by capturing and storing their unique physical or behavioural traits in a digital format. This information can come from things like fingerprint scans, facial recognition, iris recognition, voice recognition, and more.
Besides, when a user attempts to log in to their account, their biometric data is used to verify the user’s identity by comparing the data to a list of existing users whose biometric data has been registered in the system. The user is granted access if the biometric data matches.
Similarly, when a user enables 2FA with an authenticator app on their account, they will typically be asked to scan a QR code or enter a secret key provided by the service into their authenticator app.
Once the secret key is entered, the authenticator app generates a unique OTP using an algorithm such as Time-based One-Time Password (TOTP) or HMAC-based One-Time Password (HOTP) that is valid for a specific time window, typically 30 seconds, before changing. To generate the OTP, the algorithm considers the secret key known only to the user and the app, as well as the current time.
After their regular password has been validated, the user will be prompted to enter the OTP generated by their authenticator app when attempting to log in to their account. The service will then compare the user’s input to that generated by the authenticator app. If the OTPs match, the user is granted account access.
Likewise, SMS-based 2FA works by texting an OTP to a user’s mobile phone. To complete the authentication process, the user must enter this OTP into the online service. While SMS-based 2FA provides an additional authentication method, it is not as secure as authenticator apps or biometrics because SMS can be compromised:
- SIM Swapping: Threat actors can use this technique to acquire phone numbers via data leaks, public records, or social engineering, then bribe or trick a service provider employee into porting the number to a duplicate SIM card under their control. This gives them the ability to intercept users’ SMS verification OTPs and gain unauthorised access to associated online accounts.
- SMS Phishing: Using SMS Phishing (Smishing), threat actors can intercept users’ SMS messages and steal verification OTP to gain access to their various online accounts.
Thus, authenticator apps and biometrics offer a higher level of security compared to other authentication methods like SMS-based 2FA. Users are advised to practice good cyber hygiene by using a strong password and selecting the most secure 2FA method to protect their online accounts.