As a follow up on the opinion piece that Tony Jarvis contributed yesterday on Endpoint Protection, I asked him to share his take on the Singapore Government’s move to cut Internet access from work computers used by civil servants from May next year.
Tony Jarvis is the Chief Strategist (Asia, Middle East and Africa) for Check Point Software Technologies.
Below are some of his personal views
Question: Is banning internet the right approach to securing government?
There is no right or wrong approach around banning the Internet.
At first glance, the decision to ban Internet access might seem extreme.
Background
The Singapore Government is cutting off Internet connections from work computers used officially by public servants from May 2017, in an effort to plug potential leaks from work emails and shared documents – amidst today’s advanced security threats.
Employees can still surf the Web on their personal smartphones and tablets since these devices are not connected to the government network.
Dedicated Internet terminals will be issued to those who need them in work.
However, it is important to note that this decision will have been made after careful review, taking into consideration a number of factors.
For example, removing access to the Internet will bring with it the benefit of reducing exposure to many threats.
Unfortunately, this comes at the expense of the productivity and effectiveness of the organisation and its employees.
These are policy decisions made by organisations, in this case, the government, and we are certain that they have considered multiple aspects.
This particular case highlights the ongoing challenge organisations have remaining secure in a connected world.
If public servants will be allowed to forward work emails to their private email accounts, this poses another problem because network security protections don’t normally extend to web-based services working outside the organisation’s secure network.
In addition, if the organisation operates without document security, there is the risk of employees forwarding confidential documents to unauthorised parties.
In the event that private email accounts are breached, these documents may fall into the wrong hands.
It should be noted that there are multiple attack vectors which can be used to infect a victim, with the Internet being only one of these.
Question: What advice would you provide to manage digital risks?
There are three pillars to any successful security program: people, processes and technology.
Training users in proper cyber hygiene is a good first step.
Having robust procedures in place to manage risk is another step in the right direction.
These should ideally leverage best practices where available.
Technology allows policies to be enforced and protections to be automated.
Not all technologies are created equal, so it is important to identify what risks an organisation is exposed to, and what technologies are best suited to providing the required protections.
Question: How can governments secure infrastructure without endangering productivity and innovation?
The best way of achieving this would be with a solution that provides users with the flexibility they have grown accustomed to, while at the same time keeping the organisation secured.
Today’s advanced threats are constantly changing, and traditional defences based on signatures were never designed to protect against these dangers.
These protections are still necessary, but should be viewed as elements of a multi-layered approach to security.
Solutions that are able to identify malicious behaviour in files that have never been seen before are a necessity today.
Most security vendors allow threats into the network and then begin the process of evaluating their behaviour.
Once a suspicious activity is identified, it can often be too late.
With Check Point, threats can be kept at bay by providing users with cleaned versions of documents while evaluation takes place in the background.
This ensures productivity is not impacted, and the organisation is kept secure at all times.
Tags: byline, Check Point, civil service, endpoint, Government, guest blog, Hyperwise, Internet, interview, opinion, security, Singapore, Tony Jarvis