Cyber-security - essential in realising our e-Government ambitions
We often talk about cyber-security from the perspective of the private sector, however, governments and public sector organisations hold vast troves of data on citizens. If this gets into the wrong hands, it can wreak havoc, and diminish the trust among the voting public.
We have already seen elements of this in South Africa. For instance it was reported that in 2016 almost 9 million South Africans were victims of some form of cyber-crime. Government plays a crucial role in securing the citizen data held in its databases, as well as in helping to educate our nation on the measures to protect themselves against global crime syndicates.
The dream of providing a rich array of e-Goverrnment services that serve the nation can certainly not be realised without a strong focus on cybersecurity.
But just how can the public sector embrace new, disruptive technologies, to improve the digital experiences for its constituents?
Develop clear frameworks and policies
Cyber-security planning and assessment, technology deployment, workforce management, training, and change management should be supported by clear guidelines that are standardised across departments and recognised as best-practice.
Locally, our government has established the Public Sector Risk Management Framework, which guides the way departments should pre-empt or deal with a variety of risk categories. It’s important for security pros in the Public Sector to translate these principles into clear policies for the specific field of cyber-security.
Central vs federated?
As we enter the era of Cloud-based architectures, cyber-security and data integrity becomes far more complex. At a high level, national government must determine what should be stored centrally – such as data logs collected from government’s various sectors and systems, to simplify reporting and data management.
Yet, for more sensitive core data, it’s probably appropriate to federate this information into discrete silos, owned by a particular department, and strongly protected by the very best security defences. That said, data protection should be aligned with national security frameworks and standards.
Lead the way with strong legislation
Of course, governments also play a major role in creating legislation to govern cyber-security issues for companies, people and public sector departments. A lot of work is being done to create legislation around data security, including the State Security Agency’s National Cybersecurity Policy Framework. One of the stated goals of this framework is to: “Strengthen intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber terrorism and cyber warfare.”
In addition, to enact this intent, the Computer Security Incident Response Team (CSIRT) was established, as part of the State Security Agency. CSIRT highlights emerging threats to government departments, helps them to swiftly deal with incidents if they arise, and coordinates strategic discussions at an industry level to combat the scourge of cyber-crime.
Make the most of advanced security tools
Across the entire ambit of the cyber-defence spectrum, new defence technologies are emerging to help fend off attackers. Consider for example the likes of biometrics to help secure end-user computing terminals and devices, encryption for sensitive data as it traverses networks, and artificial intelligence services that run continuous ‘white hat’ simulation attacks to test organisation’s defences.
Have a clear incident response plan
Despite our best efforts, security breaches can occur, and when this happens the focus then moves towards speedy incident response and damage limitation. Through a comprehensive incident response plan - covering the technologies, processes, responsibilities – government departments can minimise the impact of threats.
Take a balanced approach
The very nature of disruptive technologies is that they inevitably alter an organisation’s cyber-risk exposure. Each new wave of innovation tends to expand the threat surface in new ways. However, fear over security threats should never be the reason to forgo innovation or shun new technologies.
To solve SA’s service delivery challenges and improve society at large, we need to adopt the latest technologies – from e-classrooms to tele-medicine, to smart cities, smart metering, tech-enabled transport, and more. The right approach is to carefully evaluate all new technologies from a risk and security perspective, thoroughly understand how they may affect the threat landscape, and then adopt them judiciously.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”