Secure Service Delivery

Vibha AgrawalVice PresidenteGovernance

E-Governance Ecosystem

Issues• Vulnerable

Infrastructure• Unauthorized

Access• Identity Theft• Insecure/

Compromised end points

• Illiterate Citizens• Data Leakage• Weak Applications• Financial Fraud

GOI Agencie

s

State Gov

Agencies

Service Provider

s

Citizens

Business

Home PC

CSC

Cyber Cafe

Mobile

Applications

SDC/ NDC

SWAN/NICNET/ NKN

Databases

Statistics

— Insider attacks account for as much as 80% of all computer and Internet related crimes [1]

—Majority of insiders are privileged users and majority of attacks are launched from remote machines [2]

—Most of the attacks are because of the weak authentication i.e. passwords

Sources:

[1] Jim Carr. Strategies and issues: Thwarting insider attacks

[2] National Threat Assessment Center - Insider Threat Study, http://www.ustreas.gov/usss/ntac_its.shtml

Information Security is NOT Infrastructure Security

Information

Security

Infrastructure

Security

Control and Visibility

Security of NO• No Viruses• No Spywares• No Vulnerabilities• No Holes• No Intrusions

Security of KNOW• Know User• Know

Access• Know Data• Know

Activity• Know

Compliance

Securing Information Systems Systems Vulnerability and Abuse

—Security Challenges and Vulnerability

Front-end

Servers

Back-end SystemsCitizen

information security securely connecting users to data

Providing the right people with the

right access at the right time

Security Strategy and Vision

Identity

Control

Content-Aware IAM

Access

Control

Information

Control

The control you need to confidently drive business forward

across physical, virtual and cloud environments

7

Secure Service Delivery

Citizens

Department Users

Authentication &

Authorization

Data & System SecurityAccess Control

• Two Factor Authentication

• Single Sign On• Data Loss

Protection

• Data Loss Protection• Privilege User

Management• Identity Lifecycle

Management• Fraud & Risk

Management

• Fraud & Risk Management

Single Secure Credential

Secure eDocument

Strong Authentication

Digital Signing

Payment gateway integrationVPN Login

2 FA Softwa

re Token

ePramaan – A MCIT approved framework

Learning's…

—Keep it simple

—Build security in design, adding security later is complex and expensive in terms of time, labor and money

—To expect the application to cater for Security is an atrocious ask, rather we should leverage proven security products that are designed to do this job

—privileged users and insiders pose greater threat

thank you

Deepak Singla

Account Director

9990 414148

Vivek Srivastava

Account Director

9899 203 585