Government working on automating IT access controls: Indranee

In order to secure its technology systems and prevent data leaks, the Government is working on new ways to reduce human error when managing IT access for its officers.

Chief among them are solutions being developed by the Smart Nation and Digital Government Group (SNDGG) to automate the process of removing and granting access for officers in the Government's more than 2,000 IT systems.

Currently, the process requires administrators to manually remove or create access rights for officers, said Minister in the Prime Minister's Office Indranee Rajah in Parliament yesterday.

"The reliance on manual adjustments is prone to human error," she added in response to a question from MP Liang Eng Hwa (Bukit Panjang) about recurring lapses in IT controls that were highlighted in both the latest and earlier Auditor-General's reports.

Implementation of these new automatic processes will take some time, given that there are various steps that need to be retooled in each of the Government's different IT systems, many of which were introduced at different points over the years, said Ms Indranee.

SNDGG is currently piloting software to automatically review the IT access of users and their activities.

This software will be deployed progressively from January next year and will be fully implemented for high-priority systems by December 2022. It will then be installed in all remaining systems by December the following year.

The Government is also automating the way such users' accounts are managed, whereby an agency can be automatically alerted to stop a user from getting access to its IT systems once he has left the agency.

There are 38 agencies which have installed this solution, and Ms Indranee said SNDGG is in the process of enhancing it so that it can automatically remove unneeded user accounts once staff changes are updated internally.

This solution will be implemented for 800 high-priority systems by December 2023 and all remaining systems by December 2024.

Such an automated solution will help staff in agencies better focus on other aspects of security in their IT systems, said Ms Indranee.

"When officers are freed up from manual tasks, they are better able to focus on aspects of cyber security and data protection that cannot be replicated by a machine."

A version of this article appeared in the print edition of The Straits Times on October 06, 2020, with the headline 'Government working on automating IT access controls: Indranee'. Print Edition | Subscribe