E-governance has become a buzzword and leverages the vast IT
capital the country has created to benefit a larger population.
Information stored within the government institutions (defence
records, tax records, or health records) is growing manifold. This
leads to increased focus on creating an IT infrastructure that can
handle the rapid technological changes, as well as secure and
manage growing volumes of information.
The Indian Government is undertaking various mega-projects to
digitize information, with the intention to deliver services to
citizens in a more streamlined and effective manner. A recent
example is the UID project, considered to be one of the largest
information management initiatives in the world, which brings
various elements of information about citizens in a central
database. This is leading to an explosion of digital information
that is increasingly also dispersed across various devices such as
smartphones, tablets and more significantly, the cloud.
However, growth in data volumes is also being accompanied by the
rising sophistication and targeted nature of cyber threats.
Symantec observed over 286 million new threats in 2010 globally,
according to the latest Internet Security Threat Report XVI. The
report also revealed that India ranked sixth for overall malicious
activities in 2010, up from 11th in 2008.
Today, state and local governments face a challenge of securing
their sensitive information in addition to modernizing
infrastructure. Some of the key requirements that government
institutions need to consider include:
• Protecting confidential data residing
in various endpoints, network and storage systems to reduce
• Automating key compliance and security
processes to reduce risk and operational costs.
• Recovering citizen information in
response to accidental loss of data, intentional data misuse or a
Recognizing the seriousness and importance of information
security, the Indian Government recently issued a directive to all
Sarkari Bhavans to deploy intrusion prevention systems, with the
objective of preventing attackers from entering the network.
However, government organizations first need to anticipate and
identify threats. One cannot hope to have security without
intelligence. Networks do not know borders and given the advent of
remote users, this is becoming more evident each day. As a result
information collection on attacks, techniques, methods and
vulnerabilities needs to be constant and vigilant.
Along with the continuously evolving threat landscape, the
insider threat to data has also become a significant danger,
especially in the context of the numerous devices and platforms on
which data is accessed anywhere and anytime. From the well meaning
insider who clicks on a malicious link to the employee who may copy
confidential information on to a thumb drive for personal benefits,
the insider threat can be addressed through the technology that
identifies the most valuable information and protects it no matter
where it resides — at rest or in motion. Data loss prevention
technology also automates the implementation of policies and
reduces risky actions to create a culture of security in the
Governments need to make sure that critical services/systems
remain available for as long as possible and that these
services/systems can be quickly recovered in the clearly defined
timeframe after an attack. According to Symantec’s Critical
Infrastructure Protection Survey 2010, 43 percent of Indian
critical infrastructure providers said attempts to shutdown or
degrade their computer network were effective. Critical
Infrastructure Protection is not limited to protecting government
and defense infrastructure, but extends to both publicly and
privately run infrastructure such as telephone networks, power
generation and distribution, oil refineries and gas pipelines.
These are the industries that always need to be available and any
downtime can have significant societal impact and even threaten
As the pace of information growth accelerates and the digital
infrastructure expands, Governments have more to manage than ever
before. It now requires a focus on security continuity that allows
it to continuously respond to internal and external changes.
Governments need to develop and implement an information-centric
security strategy that is risk-based and policy driven, and
operationalized across a well managed infrastructure. Such a
strategy will help them secure and manage the connected world and
deliver confidence to citizens that their information and
identities are safe.
The author is Managing Director, India and SAARC,