Public Sector: Aggressive to Outperform Against Security Attacks

By Kevin Bailey, Head of Market Strategy. 

During the last week I attended two separate public events, co-hosting round table sessions at PSECT ICT 2013 with Natalie Black, Deputy Director, Cyber Security at Cabinet Office and co-presenting an iGov webinar with James Stevenson, EMEA Security Director of Advanced Threat Protection at Blue Coat.

Both events highlighted a number of consistent traits that the public sector are trying to grapple with and also their willingness to embrace changes in their protection of critical information assets to meet the demands of ‘the online citizen’.

The round table sessions were oversubscribed and we had double rows of chairs with delegates listening and contributing to the focus area on ‘managing critical information assets’.

Key discussion points raised included:

  • The need for consistent framework policies across departments to secure sensitive information
  • The need to educate all workers from citizen facing to directors of departments on their responsibility to protect the personal information they handle
  • Will the ‘Protective Marking Scheme’ combat unauthorised access and sharing of content 
  • Many departments are running with old versions of hardware and software that does not help to combat inside and external attacks
  • Would faster PSN accreditation, lead to increased shared services and information protection
  • Reuse of citizen information for unintended purposes.

When asked by Natalie if the delegates had any suggestions to address the concerns they had about better ways to manage their critical information assets, a diverse range of suggestions were forthcoming:

  • Appoint more Information Asset Managers. This would be a higher level responsible person like the Caldicott Guardians in the NHS who are responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing 
  • Increase the external credibility of Government departments, who are being tainted with the negatives being experienced from the recent GCHQ activities
  • Increase the partnerships with the private sector, to understand and share best practice exercises
  • Increase the responsibility and requirement to complete e-learning courses, changing these activities from a tick box exercise to a ‘value’ education activity.

The iGov webinar had over 500 delegates dialled into the session that focused on ‘Protecting Information and Employees’ and the new methods to securely manage the exchange of sensitive information and how these new techniques will assist towards helping to deter the effectiveness of Advanced Persistent Threats, culminating in the change of attitude by departments to prioritise advanced threat protection technology and working practices.

Feedback during the webinar addressed:

  • How adaptive redaction technologies that automatically remove sensitive data from communications in real time, are more effective than manual intervention methods provided in applications such as Microsoft Office
  • How automated redaction software can help towards providing ‘cognitive’ security education to users who have little or no time and budgets to attend formal courses that do not always address the realities of day to day operational experiences
  • How the Blue Coat and Clearswift collaborative technology partnership will help Web security divest from traditional URL filtering and anti-malware blocking, into the much higher priority threat mitigation required by clients to expose both the insider concerns as well as delivering pro-active threat protection.

Reinforcing the advances that the public sector are making in technology, they recently outperformed the private sector at TechWeekEurope‘s Tech Success awards for 2013.