The government’s zealous efforts to extend e-governance in the service of people has resulted in tremendous growth of e-governance projects in different parts of the country. A large majority of these projects are implemented via tenders or Public Private Partnership Mode. In this context, it’s important to take care of the security aspects of sensitive data/information, because they are vulnerable to abuse by fraudulent elements across the Internet.
To address these apprehensions, the government is considering building a reliable security framework to secure data/information collected while executing e-governance projects. The theme is to build strategic control within government departments to have a reliable and sustainable security framework.
Why security issues?
The information security management issue has assumed increased significance with technology intervention, due to the ever growing number of users and the manifold increase in the volume of data flow.
E-governance has two interfaces: one, the citizen interface and the other is the back-end interface. It is important to protect both of them to enable them to function efficiently. Government departments can handle the security aspects of back-end interface. However, handling the outside the network (from the whole Internet) is a major challenge.
Measures taken to combat security issues
The government is considering the matter seriously and has taken numerous steps to ensure better security. The Ministry of Home Affairs, Government of India, has notified the National Information Security Policy and Guidelines. These guidelines might be taken as reference by all ministries in Union government, state governments and PSUs for framing their own rules with regard to information security and control. However, it’s important to make sure that the policy serves the purpose meaningfully. For this, government organizations must understand how to implement the rules.
What to consider
Issues such as the type of life-cycle of users of government departments, the type of user mix, the type of data, the lifecycle of data are important to consider.
It is a fact that the cyber security environment keeps on changing, and this poses a major challenge to the security framework concept itself. Just ensuring security with firewalls is not enough. The notion of being secure inside the firewall and insecure outside it is losing importance. Further, the concept of security within the network is also becoming vague.
Today, organizations are keeping an eye on the cyber infrastructure so that they can predict problems, if any, beforehand. The COBIT framework is an important security tool, which organizations can consider. COBIT (Control Objectives for Information and Related Technologies) is a framework by ISACA for IT management and IT governance. However, just having the right person and the right solution is not enough.
Further, in an e-governance project, typically, along with the technology partners, most government departments also have a consultant for project management. This results in a higher number of stakeholders and enhances the risk of data vulnerability.
What can be done?
In view of the high number of stakeholders, it’s important to include security related clauses in the contract itself. The service provider has to be verified thoroughly before entitling, and has to be monitored continuously during the execution Phase. A job can be outsourced, whereas responsibility cannot be. The passport issuing division of the government can be taken as a cue in this respect.
Security in e-governance cannot be overemphasized. With the growing awareness regarding cyber security, whether it is people, business leaders, government officials or various agencies of the government, it is hoped that improved security will be ensured with effective execution at all levels.