Defence overhauls data access controls

Powered by SC Magazine
 

Connecting the dots for a complete picture.

The Department of Defence has overhauled the way its information security to ensure information can be shared with the people who need it most.

The agency has adopted what is termed an "attribute-based access control" (ABAC) model for the last three months, a model developed with BSTTech Consulting.

Speaking at the CA Expo in Melbourne yesterday, BSTTech Consulting director Daniel Lai said that Defence needed to change the way information was protected from a national security perspective.

“The outcomes of 9/11, the Bali bombings and the reviews conducted by internal departments, clearly identified the threat could've been minimised by connecting the dots of information held by various agencies,” Lai told attendees.

“The risk could've been reduced - [it] may not have been stopped - but certainly could've been reduced  - if some of this information had been made available instead of being held [by individual departments or agencies]."

Lai said Defence was looking for a "single information environment", but with information and access contained within multiple, secure compartments.

“They [wanted to] control access to whoever needed it," he said. "They only wanted information served up that was relevant and on a 'need-to-know' basis according to a user's security profile. [The system] also needed to be location aware.”

Lai said Defence built a more “human” security framework - which integrates identity, information, workflow and systems management into access to systems.

This issue was addressed using enterprise architecture practices, rather than developing a new system, according to BSTTech Consulting principal enterprise architect Tony Howell.

Information is being tagged with metadata (data that describes other data) which a rules engine then uses to assess whether a given individual can access it.

“Defence had the requirement to really assess aspects of the user, security clearance, who they are, the position they occupy, where [device] they're meant to be working from," Howell said.

“Combine that with things like the workstation they're logging onto, all the way back to network and server aspects, [and the system can] really build an idea of the session of that user making the request.”

Howell said it was critical the attribute-based access control model was vendor neutral. It was backed by products from CA Technologies, Microsoft and Oracle.

He said the ABAC model could be used more widely across the government in the future.

The same method may be used to secure access to cloud applications, he said.


Defence overhauls data access controls
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft Outlook is now on iPhone and iPad: why could this be useful?
Jan 30, 2015
Microsoft today released Office for Android and Outlook for iOS - complementing the other Office ...
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3096

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 986

Vote