Defence overhauls data access controls

Powered by SC Magazine
 

Connecting the dots for a complete picture.

The Department of Defence has overhauled the way its information security to ensure information can be shared with the people who need it most.

The agency has adopted what is termed an "attribute-based access control" (ABAC) model for the last three months, a model developed with BSTTech Consulting.

Speaking at the CA Expo in Melbourne yesterday, BSTTech Consulting director Daniel Lai said that Defence needed to change the way information was protected from a national security perspective.

“The outcomes of 9/11, the Bali bombings and the reviews conducted by internal departments, clearly identified the threat could've been minimised by connecting the dots of information held by various agencies,” Lai told attendees.

“The risk could've been reduced - [it] may not have been stopped - but certainly could've been reduced  - if some of this information had been made available instead of being held [by individual departments or agencies]."

Lai said Defence was looking for a "single information environment", but with information and access contained within multiple, secure compartments.

“They [wanted to] control access to whoever needed it," he said. "They only wanted information served up that was relevant and on a 'need-to-know' basis according to a user's security profile. [The system] also needed to be location aware.”

Lai said Defence built a more “human” security framework - which integrates identity, information, workflow and systems management into access to systems.

This issue was addressed using enterprise architecture practices, rather than developing a new system, according to BSTTech Consulting principal enterprise architect Tony Howell.

Information is being tagged with metadata (data that describes other data) which a rules engine then uses to assess whether a given individual can access it.

“Defence had the requirement to really assess aspects of the user, security clearance, who they are, the position they occupy, where [device] they're meant to be working from," Howell said.

“Combine that with things like the workstation they're logging onto, all the way back to network and server aspects, [and the system can] really build an idea of the session of that user making the request.”

Howell said it was critical the attribute-based access control model was vendor neutral. It was backed by products from CA Technologies, Microsoft and Oracle.

He said the ABAC model could be used more widely across the government in the future.

The same method may be used to secure access to cloud applications, he said.


Defence overhauls data access controls
 
 
 
Top Stories
Inside the stalemate on Australia's piracy code
Still not registered almost five months on.
 
IT staff outline deep anger in Macquarie Uni survey
‘Morale at lowest point in a decade’.
 
Cost blowout to push NBN past $41bn budget
But government funding cap to remain.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Say goodbye to OneDrive Groups
Aug 28, 2015
If you've a) actually been using OneDrive and b) gone so far as to actually have been using ...
Libreoffice 5 review
Aug 24, 2015
It's free! It's open! But does LibreOffice deliver on its promise of a powerful office suite for ...
How to disable Cortana in Windows 10
Aug 21, 2015
Stop Microsoft's personal assistant snooping around.
Uni is optional: 5 tech leaders without a degree
Aug 17, 2015
Already running a business, but thinking about going back to uni? From Bill Gates to Steve Jobs, ...
New features coming to Xero
Aug 17, 2015
Use Xero? Here are some of the things you can look forward to in the coming months.
Latest Comments
Polls
New Windows 10 users, are you upgrading from...




   |   View results
Windows 8
  46%
 
Windows 7
  44%
 
Windows XP
  5%
 
Another operating system
  3%
 
Windows Vista
  2%
TOTAL VOTES: 717

Vote