“More than 70 per cent of Singapore’s government IT systems can be hosted on the commercial cloud,” according to Kok Ping Soon, Chief Executive of Singapore’s Government Technology Agency. It’s a bold vision.
Governments across the world are now moving to the cloud because it provides agility and according to market research by Global Government Cloud Market, it is set to grow to US$49 billion by 2023 from US$21 billion in 2017.
In October 2018, Singapore’s Prime Minister Lee Hsien Loong also said that when it comes to using the cloud, it is not about whether governments should use it, but “to what extent we can use the cloud, and how we can overcome the problems and minimise the risks.”
A risk-based approach to protection
Singapore wants a central platform across ministries and agencies to provide a more seamless digital public service for its citizens. Hosting these data on the cloud eliminates the need to fill in forms repeatedly. But this also means large amounts of personal data could be at risk without constant vigilance.
After the 2018 SingHealth breach, where 1.5 million health records, including the Prime Minister’s, were affected, Lee pointed out that there is always a risk when systems are attacked thousands of times a day.
Government agencies should take a risk-based approach when it comes to data protection, by identifying users who have access to critical and personal information. A Privileged Access Security plan restricts access quickly when an attack happens, while making sure other users can continue as usual.
A recent CyberArk research noted that less than a third of business and IT decision makers believe their organisation’s cybersecurity measures protect against attacks that target business-critical applications. If those move to the cloud, organisations must identify and prioritise users who may be a weak spot.
Taking advantage of cloud automation practices
Governments are using a cloud-first approach to develop applications faster. Having data on a single platform gives visibility on what works, and what doesn’t. The same can also be applied to securing data on the cloud.
Algorithms to monitor, evaluate and analyse activities round-the-clock can be built into the cloud, reducing manpower needs. They can also be used to simulate attacks before they happen, allowing organisations to better defend themselves.
Instead of building a security wall around data, cloud automation has the ability to identify unusual activities in real time, allowing data leaks to be identified and secured quickly.
Reducing human errors
“When you look at issues of cybersecurity, data security and data privacy around the World, one of the most difficult things to do is to fix the human,” said Janil Puthucheary, Singapore’s minister-in-charge of GovTech recently.
The weakest link in cybersecurity – whether on-premise or on the cloud – lies in the strength of its most vulnerable user. A Gartner ‘Is the cloud secure?” article, at least 95 percent of cloud security failures will be the customer’s fault through 2022.
To reduce the risks of human errors, organisations should provide users with minimum access for work; use multi-factor authentication; educate workers on the importance of practising good cybersecurity hygiene.
The cloud is enabling governments worldwide to develop more intuitive applications for its citizens. If deployed correctly, it will potentially double up as another strategy for better cybersecurity.