While creating new ICT infrastructure, we must keep the security related issues in mind
Prashant Chaudhary, Technology Evangelist, CA Technologies
The end objective of the ICT infrastructure we create is to provide certain services to the end-user. If the service is not easily accessible then the whole purpose of having the costly infrastructure gets defeated. At the time when a project gets conceived, a comprehensive study needs to be made of the exact needs of the population. Building infrastructure without paying heed to the exact needs of the people is akin to building castles in the air. The issue of security is equally important. If the infrastructure cannot be secured, then people might not be drawn towards using it.
Rising complexity of technology
Are we managing what we have, because the technology is getting complex day by day. Whatever infrastructure we create has to be judged not only from a usability and efficiency point of view, but also from security point of view. We have to keep track of the weaknesses, glitches and other issues in the system. For instance, there is the telecom service being pro-vided to millions of citizens. The citizen is only concerned about the device through which he is connected, but behind the device there exists a vast amount of infrastructure. Who is responsible for the upkeep of the infrastructure? Is it only the private companies, or does the government also have a role to play?
If the service is not being provided in a seamless manner then the whole purpose of having the costly infrastructure gets defeated
Complexity has become the hallmark of the data-centres we are building, or the applications that we are using. To manage this infrastructure is a really challenging task. When we talk about the e-Governance services, what are we talking about is that in one click of the mouse the citizen should be able to seamlessly access any particular service. Many times citizens are not able to do that. This is because the interface through which the citizens interact is too complex. We need to make things easy for the citizens; if the system is too complex the entire purpose of having the infrastructure is defeated.
Addressing security concerns
Security remains an area of concern. The system must be able to correctly identify the users. Who is Ram Lal, who is Shyam Lal – the online medium should be able to tell. At times the citizens are not particular about the kind of User ID or Password that they create. Is it possible to secure the identity of the users by doing something at the data-centre level? If we can do that then we will be able to win the trust of a larger number of users.
We have done a good job of setting up datacentres, which are like highways for the traffic to flow. As of now the traffic is yet to arrive at data-centres. Departments can move into data-centres very quickly whenever they decide to do so. But for one reason or other there are delays, and so many of the data-centres are still waiting for traffic. At some point of time the traffic is sure to arrive. We can also envisage a movement from data-centres to the cloud space. Who will be running the systems when the transactions happen in the cloud? Will the entity that provides the could-based service going to be responsible, or will the government be responsible?
Purely from security point of view, there exist many issues in the random and ad hoc way in which we are installing applications in our data-centres. We still don’t have a comprehensive system of deploying security across data-centres. Can we put a common layer of security across our data-centres so that the citizen has a seamless experience whenever he is trying to access any of our services? For the cloud space, which we believe is the future of digital world, we are yet to develop a comprehensive strategy. It is time we devoted our attention to enhancing the security of our transactions in the cloud.