Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security in e governance safenet


Published on

Published in: Technology, Business
  • Be the first to comment

Security in e governance safenet

  1. 1. Security in eGovernance 2 nd December 2011 eASIA 2011
  2. 2. SafeNet Fact Sheet The largest company exclusively focused on the protection of high-value information assets. Founded: 1983 Ownership: Private Global Footprint with more than 25,000 customers in 100 countries Employees: Over 1,500 in 25 countries Recognized Security technology leadership, over 550 security engineers strong Accredited with products certified to the highest security standards
  3. 3. Proven Leader. Trusted to Protect SafeNet protects: <ul><li>the most money that moves in the world. 80% of all electronic intrabanking transfers -- $1 trillion a day </li></ul><ul><ul><li>Automated Clearing House (ACH) in B’desh, Real Time Gross Settlement (RTGS) and Cheque Truncation System (CTS) in India </li></ul></ul><ul><li>the most digital identities in the world. Most PKI identities for citizens, governments and F-100 companies </li></ul><ul><ul><li>Certifying Authorities in B’desh and India; Digital Identities for MCA21, Income Tax in India </li></ul></ul><ul><li>the most high-value Intellectual Property and software in the world. 80 million hardware keys; more than any other vendor </li></ul><ul><ul><li>Accounting, Shipping, Textile Designing, Fonts, Scientific Analysis </li></ul></ul><ul><li>the most classified information in the world. The largest deployment of government communications security </li></ul><ul><ul><li>Machine Readable Passport B’desh, Defense in India </li></ul></ul>
  4. 4. A Global Organization
  5. 5. Information Security - A Quick Check <ul><li>Non-Repudiation </li></ul><ul><ul><li>Ability to provide proof of the integrity and origin of data/transaction </li></ul></ul><ul><ul><li>Ability to authenticate the identity of parties involved in the data/transaction </li></ul></ul><ul><ul><li>A transaction undertaken at a point in time can not be denied later by the involved parties </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Data/transaction cannot be modified undetectably </li></ul></ul><ul><li>Confidentiality </li></ul><ul><ul><li>term used to prevent the disclosure of information to unauthorized individuals or systems </li></ul></ul>
  6. 6. Governance – Security <ul><li>What can’t be found can’t stolen or manipulated </li></ul><ul><ul><li>Strong rooms full of files making it difficult to find the information </li></ul></ul><ul><ul><li>Finding information means spending considerable manual effort to search and collate the relevant data in paper-based files </li></ul></ul><ul><ul><li>Making a general query (list of all properties sold in last 10-days) is quite a challenge in a manual environment </li></ul></ul>> What can’t be accessed can’t be under threat <ul><ul><li>You can ask for your own file only </li></ul></ul><ul><ul><li>Even getting access to your own file is difficult enough let alone having to get access to someone else’ file </li></ul></ul><ul><li>Physical Identities – Gate Keeper to the accessibility </li></ul><ul><ul><li>Physical Identification and Signatures along with facial expression lend quite a significant barrier to misuse </li></ul></ul>
  7. 7. Governance – Security Without Availability <ul><li>The very obstacles that lead to security of various documents also equip individuals to completely or selectively erase the data/information </li></ul>> No Audit Trail on who might have seen a particular piece of information > False Sense of Security? > Loss of Productivity, Transparency, Business Intelligence and Decision Making
  8. 8. Governance to eGovernance <ul><li>Efficiency </li></ul><ul><li>> Visibility </li></ul><ul><ul><li>From scattered information on files TO a consolidated dashboard that can be accessed from anywhere </li></ul></ul><ul><li>> Analytics </li></ul><ul><ul><li>From missing information to delays in getting the information TO real time analytics </li></ul></ul><ul><ul><li>From manual work processes with lost bandwidth in finding the files as well as status of a particular work item TO a central system that allows for tracking of work status of a particular item without having to ask anyone </li></ul></ul>
  9. 9. Made Possible through implementation of IT for Workflow Automation, Data Mining, Business Intelligence, and Decision Making
  10. 10. eGovernance – Security with Availability <ul><li>The very benefit of bringing the data and information closer to one’s finger tips means that the information can be accessed by anyone and from anywhere </li></ul><ul><li>Something that is inter-connected will always be open to threats from internal as well as external sources </li></ul>
  11. 11. Security Elements in eGov Projects <ul><li>Digitally Signed Records and Transactions </li></ul><ul><ul><li>Facilitation of “data integrity” and “non-repudiation” </li></ul></ul><ul><ul><li>Prevents modifications to the data and transactions without knowledge </li></ul></ul><ul><ul><li>Participating entities can not deny the transaction at a later stage </li></ul></ul><ul><li>Data and Transaction Encryption </li></ul><ul><ul><li>Facilitation of “confidentiality” of data and Transactions </li></ul></ul><ul><ul><li>Information can not seen by seen by un-authorized people </li></ul></ul><ul><li>Strong Authentication </li></ul><ul><ul><li>Trusted Identification – link it to transaction where-ever possible </li></ul></ul><ul><ul><li>Facilitates control over who all get into the system </li></ul></ul><ul><li>Channel Encryption </li></ul><ul><ul><li>Facilitates “confidentiality” of communication between participating entities </li></ul></ul>
  12. 12. Security Elements in eGov Projects (Contd.) <ul><li>Trusted Devices and Software </li></ul><ul><ul><li>Facilitates trusted Devices and Software that deliver the requisite services without loss of public confidence and loss of business </li></ul></ul><ul><ul><li>Code Signing, Protection against Reverse Engineering, Anti-Piracy mechanisms </li></ul></ul><ul><li>Authorization </li></ul><ul><ul><li>Facilitates control over what all they can do when they get into the system </li></ul></ul><ul><li>Key Management </li></ul><ul><ul><li>Ensures Life Cycle Management for Key Material (used for the purpose of digital signing, authentication and encryption) </li></ul></ul><ul><li>Performance </li></ul><ul><ul><li>Need to ensures acceptable level of performance while maintaining acceptable level of security </li></ul></ul>
  13. 13. Digital Content – Level Set <ul><li>Transactions that form the records </li></ul><ul><ul><li>G2G, G2B, G2C </li></ul></ul><ul><li>Data captured from various sources </li></ul><ul><ul><li>Budget Plans </li></ul></ul><ul><ul><li>Status Reports </li></ul></ul><ul><ul><li>Project Plans </li></ul></ul><ul><li>Identities </li></ul><ul><ul><li>Identifying a particular user in cyber space </li></ul></ul><ul><li>Communication between entities </li></ul><ul><ul><li>Channels that facilitate the delivery and consumption of services </li></ul></ul><ul><li>Software and Services </li></ul><ul><ul><li>Used for the purpose of facilitating work-flow automation and services </li></ul></ul>
  14. 14. Crime and Criminal Tracking Network & System (CCTNS) – An Example
  15. 15. Project Objectives <ul><li>The objectives of the Scheme can broadly be listed as follows: </li></ul><ul><ul><li>Make the Police functioning citizen friendly and more transparent by automating the functioning of Police Stations. </li></ul></ul><ul><ul><li>Improve delivery of citizen-centric services through effective usage of ICT. </li></ul></ul><ul><ul><li>Provide the Investigating Officers of the Civil Police with tools, technology and information to facilitate investigation of crime and detection of criminals. </li></ul></ul><ul><ul><li>Improve Police functioning in various other areas such as Law and Order, Traffic Management etc. </li></ul></ul><ul><ul><li>Facilitate Interaction and sharing of Information among Police Stations, Districts, State/UT headquarters and other Police Agencies. </li></ul></ul><ul><ul><li>Assist senior Police Officers in better management of Police Force </li></ul></ul><ul><ul><li>Keep track of the progress of Cases, including in Courts </li></ul></ul><ul><ul><li>Reduce manual and redundant Records keeping </li></ul></ul>
  16. 16. Some Data Elements in CCTNS <ul><li>Crime Records </li></ul><ul><ul><li>Nature of Crime </li></ul></ul><ul><ul><li>Date of Crime </li></ul></ul><ul><ul><li>Victim Information </li></ul></ul><ul><li>Criminal Records </li></ul><ul><ul><li>Name, Date of Birth, Contact Details, ID Details, Photographs, Finger-prints, Crime Details </li></ul></ul><ul><li>Victim Records </li></ul><ul><ul><li>Name, Date of Birth, Contact Details, ID Details, Victimization Details </li></ul></ul><ul><li>Witness Information </li></ul><ul><ul><li>Name, Date of Birth, Contact Details, ID Details, Crime/Incident Details </li></ul></ul><ul><li>Investigation Information </li></ul>
  17. 17. Need for Security <ul><li>Integrity of digital information is critically important </li></ul><ul><ul><li>Change in Name on a physical sheet of paper is tough to undertake but Change in Name or ID or Photograph in the electronic record of a criminal will go unnoticed </li></ul></ul><ul><ul><li>A serial crime will go undetected if certain aspects of related crimes are being changed </li></ul></ul><ul><li>Confidentiality of information </li></ul><ul><ul><li>Confidentiality of Personally Identifiable Information </li></ul></ul><ul><ul><li>Confidentiality of “an investigation” till it is to be presented to an authority </li></ul></ul><ul><ul><li>Confidentiality of witnesses </li></ul></ul><ul><li>Non-repudiation of transactions </li></ul><ul><ul><li>A transaction of an investigation noting or recording of a statement will need to be done in a way that it can not be denied later </li></ul></ul>
  18. 18. Security Elements necessary for CCTNS <ul><li>Digitally Signed Records </li></ul><ul><ul><li>Facilitation of “data integrity” and “non-repudiation” </li></ul></ul><ul><ul><li>Prevents modifications to the data without knowledge </li></ul></ul><ul><li>Data Encryption </li></ul><ul><ul><li>Facilitation of confidentiality of data </li></ul></ul><ul><ul><li>Information can not seen by seen by un-authorized people </li></ul></ul><ul><li>Strong Authentication </li></ul><ul><ul><li>Facilitates control over who all get into the system </li></ul></ul><ul><li>Authorization </li></ul><ul><ul><li>Facilitates control over what all they can do when they get into the system </li></ul></ul><ul><li>Key Management </li></ul><ul><ul><li>Ensures Life Cycle Management for Key Material (used for the purpose of digital signing, authentication and encryption) </li></ul></ul><ul><li>Performance </li></ul><ul><ul><li>Need to ensures acceptable level of performance while maintaining acceptable level of secruity </li></ul></ul>
  19. 19. So what? <ul><li>Implement PKI based User-Authentication </li></ul><ul><ul><li>Preferably Class-2 or Class-3 Digital Certificates using FIPS 140-2 Level-3 USB Tokens </li></ul></ul><ul><li>Implement PKI based digital signing of data and transactions </li></ul><ul><li>Offload the server side of signature verification (for Data Integrity and non-repudiation) to hardware for performance management </li></ul><ul><li>Store the Encryption Keys in tamper-proof hardware </li></ul><ul><ul><li>Preferably FIPS140-2 Level 3 compliant Hardware Security Module </li></ul></ul><ul><li>Implement the Key Management standards to manage security </li></ul>
  20. 20. The Touch Points   Central MMPs State MMPs Integrated MMPs <ul><li>Banking </li></ul><ul><li>Central Excise & Customs </li></ul><ul><li>Income Tax (IT) </li></ul><ul><li>Insurance </li></ul><ul><li>MCA21 </li></ul><ul><li>National Citizen Database </li></ul><ul><li>Passport </li></ul><ul><li>Immigration, Visa and Foreigners Registration & Tracking </li></ul><ul><li>Pension </li></ul><ul><li>e-Office </li></ul><ul><li>Agriculture </li></ul><ul><li>Commercial Taxes </li></ul><ul><li>e−District </li></ul><ul><li>Employment Exchange </li></ul><ul><li>Land Records </li></ul><ul><li>Municipalities </li></ul><ul><li>Gram Panchayats </li></ul><ul><li>Police </li></ul><ul><li>Road Transport </li></ul><ul><li>Treasuries </li></ul><ul><li>Automated Metering </li></ul><ul><li>CSC </li></ul><ul><li>e-Biz </li></ul><ul><li>e-Courts </li></ul><ul><li>e-Procurement </li></ul><ul><li>EDI For eTrade </li></ul><ul><li>National e-governance Service Delivery Gateway </li></ul><ul><li>India Portal </li></ul>
  21. 21. SafeNet Data Protection Portfolio Summary Offering the broadest range of authenticators, from smart cards and tokens to mobile phone auth—all managed from a single platform SafeNet high-speed network encryptors combine the highest performance with the easiest integration and management. The most secure, and easiest to integrate application & transaction security solution for enterprise and government World’s first and only unified platform that delivers intelligent data protection and control for ALL information assets Identity Protection - Authentication Transaction and Identity Protection - HSM Data Encryption and Control – Data Secure Communication Protection – High-Speed Network Encryption <ul><li>The industry’s only unified authentication platform offering customers the freedom to adapt to changing environments </li></ul><ul><li>The market leader in certificate-based token authentication </li></ul><ul><li>Unique technology offerings with client-less tokens, high-assurance solutions, and more </li></ul><ul><li>Market leader in enterprise-grade HSMs </li></ul><ul><li>Industry innovator in payment HSMs </li></ul><ul><li>Widest portfolio of platforms and solutions </li></ul><ul><li>Delivered over 75,000 HSMs— the most in the industry </li></ul><ul><li>Only leading HSM with the option of keys ALWAYS in Hardware </li></ul><ul><li>Data-centric, persistent protection across data centers, endpoints, and into the cloud </li></ul><ul><li>Centralized policy, key management, logging, and auditing </li></ul><ul><li>Integrated perimeter data leakage prevention </li></ul><ul><li>Appliance-based, proven scalability, and high performance </li></ul><ul><li>Solutions for Ethernet, SONET up to 10Gb </li></ul><ul><li>Best-in-class Security Management Center </li></ul><ul><li>Zero bandwidth loss, low- latency encryption </li></ul><ul><li>Unparalleled leverage across classified and COTS communication protection (FIPS 140-2 Level 3) </li></ul>
  22. 22. Software Rights Management Product Portfolio Flexible Toolkit for Enterprise Licensing Out-of-the-box Licensing Security Solution Web-based License & Entitlement Management
  23. 23. Sentinel SRM Markets Software Publishers & Service Providers Technology Vendors Enterprise and independent software vendors who sell on-premise or SaaS applications directly to end users or leverage complex commercial distribution models Device and equipment manufacturers who build products reliant on the integrity and protection of high-value software in order to run SafeNet is the world’s leading provider of flexible software protection, licensing, and management solutions empowering software and technology vendors to efficiently adapt to change and act on opportunity.
  24. 24. Thank You [email_address]