eGovernance – Benefits & Challenges

Anubhav Tyagi
Sr. Solutions Architect(India & SAARC)
Anubhav.Tyagi@safenet-inc.com
1
Governance to eGovernance – The Benefits
> Analytics
From missing information to delays in getting
the information TO real...
……..TO CLOUD
The Challenges
Data Governance

• Do I know where all my data instances are?
• Can I trace every legitimate
replication/co...
IT Act of India
Section 43A
Where a body corporate, possessing, dealing or handling any
sensitive personal data or informa...
IT Rules 2011
IT (Reasonable security practices and procedures and sensitive personal data or information)
Rules, 2011
Pub...
Sensitive Data & Information – Few
Examples
CCTNS

Treasury

•Criminal Details
•Lost or unauthorized
property details
•Pas...
Protection needs to be
centered
on data itself
Data-centric Protection
Security Strategy Objectives

Data
Confidentiality
...
Encryption enables
Governance /
Compliance







Ownership and Control







Data Security




Know about every...
Secure Virtual Storage

Secure Cloud Applications

Secure Cloud-Based
Identities and Transactions

Secure Virtual Machines...
Upcoming SlideShare
Loading in...5
×

eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet

187

Published on

eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
187
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Governance & Visibility – every access eventProbably the most common use of encryption: Location agnostic: Encryption is attached to data so it does not matter where it is to be able to record the access eventNon-repudiation & attestation – associate an access event to a specific individual/entityControl of dataEncryption is the best method to set effective access policy Separation of duties – the privileged users problemGet a complete audit trail that is part of the control aspectsData shredding  when there's no need of it any longerSecurity: isolation/confidentiality, integrity, authenticity  makes sure that unauthorized users will not be able to access data…Even with data sprawl - so it's location independent and stage in the cycle. Even in uncontrolled env 
  • eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet

    1. 1. eGovernance – Benefits & Challenges Anubhav Tyagi Sr. Solutions Architect(India & SAARC) Anubhav.Tyagi@safenet-inc.com 1
    2. 2. Governance to eGovernance – The Benefits > Analytics From missing information to delays in getting the information TO real time analytics > Efficiency From manual work processes with lost bandwidth in finding the files as well as status of a particular work item TO a central system that allows for tracking of work status of a particular item without having to ask anyone > Visibility From scattered information on physical files TO a consolidated dashboard that can be accessed from anywhere
    3. 3. ……..TO CLOUD
    4. 4. The Challenges Data Governance • Do I know where all my data instances are? • Can I trace every legitimate replication/copy/instantiation event of my data? • Can I trace unauthorized copying of my data? Data Compliance • Who is accessing my data? • Can I enforce an effective access control policy? • Can I present a trusted audit trail of all access events to my data? Data Protection • Are all my data instances secure? • Can I assure only authorized access to my data? • Can I “pull the plug” on data that’s at risk of exposure? © SafeNet Confidential and Proprietary 4
    5. 5. IT Act of India Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person to affected So What? Financial Penalties to the Organization Loss of Reputation
    6. 6. IT Rules 2011 IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Published on April 11, 2011 Adds certain specific elements to be mandatorily protected and not left to discretion of the body corporate Makes it mandatory for the body corporate to undertake yearly audit at the minimum These include i. password; ii. financial information such as Bank account or credit card or debit card or other payment instrument details ; iii. physical, physiological and mental health condition; iv. sexual orientation; v. medical records and history; vi. Biometric information; vii. any detail relating to the above clauses as provided to body corporate for providing service; and viii. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: 6
    7. 7. Sensitive Data & Information – Few Examples CCTNS Treasury •Criminal Details •Lost or unauthorized property details •Passport Verification details •Ongoing cases details •Pictures, Biometric prints etc •Citizen information •Arms possession details •Financial Data in terms of •Debt Management •Loan Management •Treasury Data •Pension Details •Budgeting Details •Accounting Details •State Revenue Details •Revenue Disbursement Details IGRS •Property Details •Scanned Copy of Registry •Buyer Details •Seller Details •Fingerprints •Picture •Signatures 7
    8. 8. Protection needs to be centered on data itself Data-centric Protection Security Strategy Objectives Data Confidentiality Integrity Non Repudiation Authenticity 8
    9. 9. Encryption enables Governance / Compliance     Ownership and Control    Data Security   Know about every access event Location agnostic Non repudiation and attestation Set effective access policies Separation of duties Data shredding Prevent leaks or unauthorized access Data isolation Sprawl resistant 9
    10. 10. Secure Virtual Storage Secure Cloud Applications Secure Cloud-Based Identities and Transactions Secure Virtual Machines Secure Cloud-Based Communications Secure Access to SaaS On-premise

    ×