Defence overhauls data access controls

Powered by SC Magazine
 

Connecting the dots for a complete picture.

The Department of Defence has overhauled the way its information security to ensure information can be shared with the people who need it most.

The agency has adopted what is termed an "attribute-based access control" (ABAC) model for the last three months, a model developed with BSTTech Consulting.

Speaking at the CA Expo in Melbourne yesterday, BSTTech Consulting director Daniel Lai said that Defence needed to change the way information was protected from a national security perspective.

“The outcomes of 9/11, the Bali bombings and the reviews conducted by internal departments, clearly identified the threat could've been minimised by connecting the dots of information held by various agencies,” Lai told attendees.

“The risk could've been reduced - [it] may not have been stopped - but certainly could've been reduced  - if some of this information had been made available instead of being held [by individual departments or agencies]."

Lai said Defence was looking for a "single information environment", but with information and access contained within multiple, secure compartments.

“They [wanted to] control access to whoever needed it," he said. "They only wanted information served up that was relevant and on a 'need-to-know' basis according to a user's security profile. [The system] also needed to be location aware.”

Lai said Defence built a more “human” security framework - which integrates identity, information, workflow and systems management into access to systems.

This issue was addressed using enterprise architecture practices, rather than developing a new system, according to BSTTech Consulting principal enterprise architect Tony Howell.

Information is being tagged with metadata (data that describes other data) which a rules engine then uses to assess whether a given individual can access it.

“Defence had the requirement to really assess aspects of the user, security clearance, who they are, the position they occupy, where [device] they're meant to be working from," Howell said.

“Combine that with things like the workstation they're logging onto, all the way back to network and server aspects, [and the system can] really build an idea of the session of that user making the request.”

Howell said it was critical the attribute-based access control model was vendor neutral. It was backed by products from CA Technologies, Microsoft and Oracle.

He said the ABAC model could be used more widely across the government in the future.

The same method may be used to secure access to cloud applications, he said.


Defence overhauls data access controls
 
 
 
Top Stories
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
Sydney Trains chief thinks beyond Opal
Plots app to help you find a seat on the train.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  13%
 
Denial of service attacks
  8%
 
Insider threats
  12%
TOTAL VOTES: 396

Vote