Why cyber-security should be a whole of government issue
- 10 December, 2018 08:00
Traditionally a matter for individual IT departments to manage, cyber-security is fast becoming something which can benefit significantly from a whole-of-government approach.
In common with other organisations at home and abroad, Australian public sector agencies are awake to the benefits digital transformation can deliver. Overhauling infrastructure and processes to improve dealings with citizen customers has become more than a nice idea. It’s now an imperative in an era where individuals accustomed to Amazon-style service – online, instantaneous and friction free – are less willing to tolerate the sluggish and unresponsive interactions and roadblocks for which government agencies are renowned.
A robust network is the backbone of any digitally-focused business model, in both the public and private sectors. In today’s hyper-connected business landscape, it’s essential it be reliable, responsive and, most importantly, secure. For government agencies, working more closely together to tackle the latter requirement makes sound sense.
The internet is the network
Fast fading are the days when government agencies managed their own operations on discrete networks and everything else happened outside, on the freewheeling worldwide web. Today, the network is the internet and the internet, the network. So much of what individuals do digitally – working, shopping, entertainment, politics and interacting with government – resides in the cloud. The architecture of connectedness has changed dramatically and security is no longer a function of the network you’re on; it’s a function of each and every moment of connection, whenever and wherever that happens.
Against this backdrop, sourcing security solutions which provide global coverage and visibility, rather than the cyber equivalent of a perimeter fence, should be the default for any organisation handling and storing sensitive personal and operational data. It’s difficult to think of a public sector agency in Australia which doesn’t fall into this category.
Rather than allowing multiple silo-like departments and agencies to run their own security models, there’s a growing argument for governments to act more like single enterprises.
The potential benefits of implementing a common cyber-security strategy, model and purchasing program for tools and technologies are numerous. They include lower costs, courtesy of group purchasing power, greater visibility of network security and data integrity and swifter and more effective responses to threats and intrusions.
Why security matters
Individuals don’t just demand higher levels of service in the digitally driven era – there’s also a strong expectation that the infrastructure which underpins their interactions with businesses and government agencies will be secure and personal data will be protected.
With incidences of hacking and malicious activity on the rise, both in Australia and globally, meeting this expectation is an ongoing challenge for organisations. Demonstrating their commitment to ensuring information is shared safely and privacy managed with diligence and rigour is vital.
While private companies are likely to suffer economic and reputational damage, should news of a successful hack attempt or significant privacy breach be made public, the stakes are even higher for government agencies.
Governments are legitimised by widespread public confidence in their ability to manage public policies, and the processes which put them into action, with competence and integrity. Part of this unwritten ‘compact’ with citizens is the expectation that personal data in their possession will be safeguarded judiciously.
Evidence that agencies are unable to uphold their end of the bargain erodes trust in the broader ‘system’. Once lost or damaged, this trust can be difficult to restore. Damage to one entity can have a negative impact on the way others are perceived, regardless of the rigour of their individual security measures. The result can be a spiral of declining confidence and, ultimately, poorer outcomes for government programs and the citizens at whom they are targeted.
Taking a global view
Security architecture which centres around a whole of government dashboard makes it possible to monitor the cybersecurity performance of an entire public sector landscape – including its response to threats – at any given time.
It’s possible to achieve this without the need to replace all of the disparate systems currently in place across the public sector in many Australian jurisdictions, by moving security and access control to the cloud.
Doing so can enable agencies to shift their security focus away from patrolling the cyber perimeters of their physical locations and onto protecting users, wherever they’re located and however they happen to access the network.
With controls built into a unified platform, administrations can gain a cohesive picture of all the traffic on the network and have insight into every request, by user, location and device.
Being able to roll the latest security updates out centrally as they’re received, rather than on a system by system or agency by agency basis, minimises much of the cost and complexity historically associated with patching, updating and maintaining hardware and software. The result is more effective protection from incipient threats and rapidly evolving malware.
It’s a simpler and safer model than patrolling multiple fast-disappearing perimeters, for administrations looking to embrace digital transformation and mitigate against the heightened security risks it brings in its wake.