eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet


Published on

eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet

Published in: Education
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Governance & Visibility – every access eventProbably the most common use of encryption: Location agnostic: Encryption is attached to data so it does not matter where it is to be able to record the access eventNon-repudiation & attestation – associate an access event to a specific individual/entityControl of dataEncryption is the best method to set effective access policy Separation of duties – the privileged users problemGet a complete audit trail that is part of the control aspectsData shredding  when there's no need of it any longerSecurity: isolation/confidentiality, integrity, authenticity  makes sure that unauthorized users will not be able to access data…Even with data sprawl - so it's location independent and stage in the cycle. Even in uncontrolled env 
  • eJharkhand 2014 - e-Governance Implementations – Opportunities and Challenges - Anubhav Tyagi, Sr Solution Specialist, Safenet

    1. 1. eGovernance – Benefits & Challenges Anubhav Tyagi Sr. Solutions Architect(India & SAARC) Anubhav.Tyagi@safenet-inc.com 1
    2. 2. Governance to eGovernance – The Benefits > Analytics From missing information to delays in getting the information TO real time analytics > Efficiency From manual work processes with lost bandwidth in finding the files as well as status of a particular work item TO a central system that allows for tracking of work status of a particular item without having to ask anyone > Visibility From scattered information on physical files TO a consolidated dashboard that can be accessed from anywhere
    3. 3. ……..TO CLOUD
    4. 4. The Challenges Data Governance • Do I know where all my data instances are? • Can I trace every legitimate replication/copy/instantiation event of my data? • Can I trace unauthorized copying of my data? Data Compliance • Who is accessing my data? • Can I enforce an effective access control policy? • Can I present a trusted audit trail of all access events to my data? Data Protection • Are all my data instances secure? • Can I assure only authorized access to my data? • Can I “pull the plug” on data that’s at risk of exposure? © SafeNet Confidential and Proprietary 4
    5. 5. IT Act of India Section 43A Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person to affected So What? Financial Penalties to the Organization Loss of Reputation
    6. 6. IT Rules 2011 IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 Published on April 11, 2011 Adds certain specific elements to be mandatorily protected and not left to discretion of the body corporate Makes it mandatory for the body corporate to undertake yearly audit at the minimum These include i. password; ii. financial information such as Bank account or credit card or debit card or other payment instrument details ; iii. physical, physiological and mental health condition; iv. sexual orientation; v. medical records and history; vi. Biometric information; vii. any detail relating to the above clauses as provided to body corporate for providing service; and viii. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: 6
    7. 7. Sensitive Data & Information – Few Examples CCTNS Treasury •Criminal Details •Lost or unauthorized property details •Passport Verification details •Ongoing cases details •Pictures, Biometric prints etc •Citizen information •Arms possession details •Financial Data in terms of •Debt Management •Loan Management •Treasury Data •Pension Details •Budgeting Details •Accounting Details •State Revenue Details •Revenue Disbursement Details IGRS •Property Details •Scanned Copy of Registry •Buyer Details •Seller Details •Fingerprints •Picture •Signatures 7
    8. 8. Protection needs to be centered on data itself Data-centric Protection Security Strategy Objectives Data Confidentiality Integrity Non Repudiation Authenticity 8
    9. 9. Encryption enables Governance / Compliance     Ownership and Control    Data Security   Know about every access event Location agnostic Non repudiation and attestation Set effective access policies Separation of duties Data shredding Prevent leaks or unauthorized access Data isolation Sprawl resistant 9
    10. 10. Secure Virtual Storage Secure Cloud Applications Secure Cloud-Based Identities and Transactions Secure Virtual Machines Secure Cloud-Based Communications Secure Access to SaaS On-premise