“We have to go forward, to build a secure and smart nation,"
Lee Hsien Loong, Prime Minister of Singapore
Over the years, Singapore has ranked top 10 of all countries in many surveys and lists based on IT innovation, smart city initiatives and e-government development. Utilising technologies such as Internet of Things, Big Data, and Cloud, Singapore has advanced well in implementing technology in the government.
With the use of new technologies, data is more important than ever before. More data is collected and stored, which requires high security to keep it safe. Unable to secure data would result in high risk of threats, such as network breaches and stolen data, which ultimately affects data credibility. Leaving data and infrastructure vulnerable could bring opportunities of identity theft, access of confidential data and even loss of data. Unfortunately, we are seeing more of this.
So how safe are we?
The growing amount of data is requiring government to rethink their systems which includes data governance, security system, infrastructure and risks. The risks could be lessened by focusing on the improvements of how we collect, manage and secure data.
How could data affect the organisation and the country?
Technologies such as IoT and cloud are accompanied by cyber threats with the nature of the technology highly depending on the internet. Cyber threats are an extension of data security as it includes more methods to approach data, compared to the conventional way. Some think that organisations that use cloud computing have more issues to be concerned of regarding their data. This is an ongoing debate.
The success of Singapore’s Smart Nation vision is heavily dependent on its ability to mitigate new forms of cyber risks. Speed and accuracy in the delivery of public services is important but equally important is the need for speed in addressing cyber-threats that can come from anywhere and move faster than ever before.
So where are the answers? What is the solution?
OpenGov is pleased to bring a very timely Breakfast Insight to discuss and deliberate these issues with the top Singapore agencies that would help the attendees to enhance their knowledge, learn from the experiences of your peers and the gain insights into the latest tools and practices available to develop cutting edge strategies to help protect their organisations from these cyber-attacks.
We will be discussing:
Privileged Access Security - Implementing Comprehensive Privileged Access Security Policies
Privileged Access Security is designed to stop attacks before they stop business. The purpose it to make it difficult for attackers to access privileged accounts, and endeavour to allow security teams to monitor behaviours for unusual privileged access.
A good privileged access security solution proactively secures against cyber threats before attacks can escalate and do irreparable damage. By managing privileged access, organisations can meet compliance requirements and reduce their security risk without introducing additional operational complexity.
Recently, the Auditor-General Office released its annual audit report on the public sector that highlights several issues on the management of contracts, financial and technology weaknesses. Particularly regarding technology, it mentioned the insufficient monitoring of privileged users’ activities and the failures to manage user accounts and access rights.
How are leading agencies and departments protecting their privileged accounts and what are the best practices? When was the last time you assessed your organisation’s privileged access?
Automation, Agility and DevOps: A Marriage of Convenience or a Match Made in Heaven?
As development practices such as DevOps are adopted, the level of automation and agility required increases. Agility and automation enables the agencies to move rapidly, and at the same time, develop and deploy programs to better serve citizens and their evolving needs.
It’s important to understand some of the core vulnerabilities and risks that need to be addressed to protect an organisation’s cloud environment. As the level of automation increases, the vulnerabilities and attack surface also increase. Consequently, it is important that organisations are aware of and defend against the vulnerabilities that can come with automation. How can automation affect data security?
The collaborative approach of DevOps also allows the government agencies to monitor the compliance of contractors to avoid any data leakage, weak system infrastructure and risks.
An instance of DevOps project under Smart Nation initiative is the Parking.sg by GovTech with the support of the Ministry of National Development (MND), the Urban Redevelopment Authority (URA) and the Housing and Development Board (HBD). Launched in October 2017, this app is designed to eliminate parking coupons and replacing it with a more tech-savvy system for Singaporeans to digitally pay their parking.
Will this kind of implementation ensure that breaches of this scale are managed? It appears cyber security teams can learn a lot from the experiences of DevOps, and if this is the case, will breaches become less likely?
Government’s multi-pronged Cloud Strategy – Governance and Security
The Singapore Government is adopting a multi-pronged approach to cloud computing by leveraging on commercially-available public cloud offerings where appropriate. At the same time, implementing a private government cloud called, Central G-Cloud, for whole-of-government use for security and governance requirements that cannot be met by public clouds. For example, GovTech’s Centralised Content Website Platform (CWP) framework aims to deliver government agencies with a standardised software suite which includes website hosting unclassified information securely on the cloud.
Is this the answer we are looking for or is two levels of security and governance a stop gap?