Managing Security in e-Governance

While creating new ICT infrastructure, we must keep the security related issues in mind

Prashant Chaudhary, Technology Evangelist, CA Technologies

The end objective of the ICT infrastructure we create is to provide certain services to the  end-user. If the service is not easily accessible then the whole purpose of having the costly  infrastructure gets defeated. At the time when a project gets conceived, a comprehensive  study needs to be made of the exact needs of the population. Building infrastructure without  paying heed to the exact needs of the people is akin to building castles in the air. The issue of  security is equally important. If the infrastructure cannot be secured, then people might not  be drawn towards using it.

Rising complexity of technology

Are we managing what we have, because the technology is getting complex day by day. Whatever infrastructure we create has to be judged not only from a usability and efficiency point of view, but also from security point of view. We have to keep track of the weaknesses, glitches and other issues in the system. For instance, there is the telecom service being  pro-vided to millions of citizens. The citizen is only concerned about the device through which he is connected, but behind the device there exists a vast amount of infrastructure. Who is responsible for the upkeep of the infrastructure? Is it only the private companies, or does the government also have a role to play?

If the service is not being provided in a seamless manner then the whole purpose of having the costly infrastructure gets defeated

Complexity has become the hallmark of the data-centres we are building, or the applications  that we are using. To manage this infrastructure is a really challenging task. When we talk  about the e-Governance services, what are we talking about is that in one click of the mouse  the citizen should be able to seamlessly access any particular service. Many times citizens are  not able to do that. This is because the interface through which the citizens interact is too  complex. We need to make things easy for the citizens; if the system is too complex the entire  purpose of having the infrastructure is defeated.

Addressing security concerns

Security remains an area of concern. The system must be able to correctly identify the users.  Who is Ram Lal, who is Shyam Lal – the online medium should be able to tell. At times the  citizens are not particular about the kind of User ID or Password that they create. Is it possible  to secure the identity of the users by doing something at the data-centre level? If we can do  that then we will be able to win the trust of a larger number of users.

We have done a good job of setting up datacentres, which are like highways for the traffic to  flow. As of now the traffic is yet to arrive at data-centres. Departments can move into data-centres very quickly whenever they decide to do so. But for one reason or other there are delays, and so many of the data-centres are still waiting for traffic. At some point of time the traffic is sure to arrive. We can also envisage a movement from data-centres to the cloud space. Who will be running the systems when the transactions happen in the cloud? Will the entity that provides the could-based service going to be responsible, or will the government be responsible?

Purely from security point of view, there exist many issues in the random and ad hoc way in  which we are installing applications in our data-centres. We still don’t have a comprehensive  system of deploying security across data-centres. Can we put a common layer of security  across our data-centres so that the citizen has a seamless experience whenever he is trying to  access any of our services? For the cloud space, which we believe is the future of digital world,  we are yet to develop a comprehensive strategy. It is time we devoted our attention to  enhancing the security of our transactions in the cloud.