Defence overhauls data access controls

Powered by SC Magazine
 

Connecting the dots for a complete picture.

The Department of Defence has overhauled the way its information security to ensure information can be shared with the people who need it most.

The agency has adopted what is termed an "attribute-based access control" (ABAC) model for the last three months, a model developed with BSTTech Consulting.

Speaking at the CA Expo in Melbourne yesterday, BSTTech Consulting director Daniel Lai said that Defence needed to change the way information was protected from a national security perspective.

“The outcomes of 9/11, the Bali bombings and the reviews conducted by internal departments, clearly identified the threat could've been minimised by connecting the dots of information held by various agencies,” Lai told attendees.

“The risk could've been reduced - [it] may not have been stopped - but certainly could've been reduced  - if some of this information had been made available instead of being held [by individual departments or agencies]."

Lai said Defence was looking for a "single information environment", but with information and access contained within multiple, secure compartments.

“They [wanted to] control access to whoever needed it," he said. "They only wanted information served up that was relevant and on a 'need-to-know' basis according to a user's security profile. [The system] also needed to be location aware.”

Lai said Defence built a more “human” security framework - which integrates identity, information, workflow and systems management into access to systems.

This issue was addressed using enterprise architecture practices, rather than developing a new system, according to BSTTech Consulting principal enterprise architect Tony Howell.

Information is being tagged with metadata (data that describes other data) which a rules engine then uses to assess whether a given individual can access it.

“Defence had the requirement to really assess aspects of the user, security clearance, who they are, the position they occupy, where [device] they're meant to be working from," Howell said.

“Combine that with things like the workstation they're logging onto, all the way back to network and server aspects, [and the system can] really build an idea of the session of that user making the request.”

Howell said it was critical the attribute-based access control model was vendor neutral. It was backed by products from CA Technologies, Microsoft and Oracle.

He said the ABAC model could be used more widely across the government in the future.

The same method may be used to secure access to cloud applications, he said.


Defence overhauls data access controls
 
 
 
Top Stories
Tech SWAT teams kicking down the digital door
From dam engineers in Ecuador to Sydney light-rail gurus, Cardno's global CIO Karen Wagner is linking up her widespread organisation.
 
AusPost board approves Fujitsu outsourcing
End user computing to be handed over to partner.
 
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xerocon is heading to Melbourne!
Jul 1, 2015
We're not saying Xero is our FAVOURITE or anything, but Xero's 2015 Xerocon conference is being ...
New Microsoft Office apps for Android phones
Jun 26, 2015
Microsoft's latest Office apps for Android now work on phones as well as tablets, further ...
Windows 10 UK price revealed, but don't believe everything you hear
Jun 26, 2015
Windows 10 £99 price tag for users in the UK (who presumably don't already have Win 7 Pro ...
Now Xero notifies iOS users of new transactions
Jun 24, 2015
The latest version of Xero's iPhone app includes notifications when new transactions arrive from ...
Your Essential Cloud Toolbox
Jun 22, 2015
When BIT interviewed Receipt Bank country manager Sophie Hossack, we asked for her thoughts on ...
Latest Comments
Polls
Is site blocking effective in stopping piracy?


   |   View results
Yes
  2%
 
No
  86%
 
Somewhat
  12%
TOTAL VOTES: 594

Vote