There has been a significant improvement in the status of IT security controls within the public sector over the past three years.
So said Christiaan Swanepoel, director of solutions at identity and access management services firm Ubusha Technologies.
Speaking at the ITWeb/Ubusha Public Sector Governance, Compliance and Access Control Forum in Pretoria, Swanepoel discussed identity governance and administration frameworks within government's IT systems.
Quoting auditor-general Kimi Makwetu's latest Public Finance and Management Act (PFMA) report, which focuses on 2015-2016, he explained there has been some improvement in the public sector's IT governance in three areas: security management, user access management and IT continuity.
"The auditor-general has seen progress in the public sector's governance and identity-centric management controls because there has been improvement in user access control and security management of their internal systems. This is due to the fact that he had previously provided government departments with guidelines on the risk areas, how to address these areas and where they needed to improve - based on the various government departments' current status."
Another factor influencing the improvements, he continued, is that IT governance frameworks and structures in the public sector had previously not been adequately designed and implemented for the majority of the departments' IT environments. However, private entities have been more successful in the design, implementation and operating effectiveness of IT governance.
In order to understand identity governance and administration, the two sections have to be split, he explained.
"Identity administration is managing the user identity inside the organisation by figuring out what entitlement each user should have in terms of accessing data on the various systems. Identity governance is when you look at identity administration from an application perspective. It is granting granular access to applications and auditing the governance framework that a particular organisation is applying to the access of certain applications."
Discussing trends which influence identity governance and administration, Swanepoel explained cloud, identity-as-a-service and mobile play a significant role.
"The public sector has been known to shy away from cloud adoption due to security concerns; however, there is improvement in cloud adoption.
"In the latest PFMA report, the auditor-general, for the first time, stated cloud services are being adopted more now particularly at municipal level and being used for distributed file-sharing management. This should open the door for all public entities to now adopt cloud at a faster pace," he noted.
Discussing workforce mobility, Swanepoel pointed out mobile is not only a trend but is becoming a business service where top-level employees within the public sector are demanding the same access to applications when working remotely as they do when they are in the office.
"In the advent of the mobile workforce, mobile applications and access to things like financial application systems, approving and declining payments, approving leave via a mobile device, are a necessity. We need to enable the mobile workforce access to information remotely, while also ensuring safety of that information," he concluded.
Share