Parliament: Government working on automating IT access controls, says Indranee

Currently, the process requires administrators to manually remove or create access rights for officers.
Currently, the process requires administrators to manually remove or create access rights for officers.PHOTO: THE NEW PAPER

SINGAPORE - In order to secure its technology systems and prevent data leaks, the Government is working on new ways to reduce human error when managing IT access for its officers.

Chief among them is the development by the Smart Nation and Digital Government Group (SNDGG) of solutions to automate the process of removing and granting access for officers in the Government's more than 2,000 IT systems.

Currently, the process requires administrators to manually remove or create access rights for officers, said Minister in the Prime Minister's Office (PMO) Indranee Rajah in Parliament on Monday (Oct 5).

"The reliance on manual adjustments is prone to human error," she added in response to a question from Mr Liang Eng Hwa (Bukit Panjang) about recurring lapses in IT controls that were highlighted in both the latest and earlier Auditor-General's Reports.

Implementation of these new automatic processes will take some time, given how there are various steps that need to be retooled in each of the Government's different IT system, many of which were introduced at different points over the years, said Ms Indranee.

SNDGG is currently at work piloting software to automatically review the IT access of users and their activities.

This software will progressively be deployed from January next year and will be fully implemented for high-priority systems by December 2022. It will then be installed in all remaining systems by December the following year.

The Government is also automating the way such users' accounts are managed, whereby an agency can be automatically alerted to stop a user from getting access to its IT systems once the user has left the agency.

There are 38 agencies which have installed this solution, and Ms Indranee said that SNDGG is in the process of enhancing it so that it can automatically remove unneeded user accounts once staff changes are updated internally.

This solution will be implemented for 800 high-priority systems by December 2023, and all remaining systems by December 2024.

Such an automated solution will help staff in agencies better focus on other aspects of security in their IT systems, said Ms Indranee.

 
 

She added: "When officers are freed up from manual tasks, they are better able to focus on aspects of cyber security and data protection that cannot be replicated by a machine."