Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

[Updated] Singapore to bar public service officers from using internet at work next year

Nurdianah Md Nur | June 8, 2016
The move aims to "make the government's IT network more secure", according to an IDA spokesperson.

[Updated on 8 June 2016 at 11.15pm (Singapore time) to include comments from CA Technologies and Intralinks]

By mid next year, public service officers across all government agencies, ministries and statutory boards in Singapore will no longer be able to access the internet on their work computers.

To access the internet, public service officers will need to do so via their personal tablets or mobile phones that are not linked to the government e-mail systems. However, workstations will remain connected to the government's private network (ie. intranet), and can be used to send emails outside the internal network, Yahoo Singapore reported.

The move aims to "make the government's IT network more secure", a spokesperson from the Infocomm Development Authority of Singapore (IDA) told The Straits Times. The spokesperson added that IDA -- the lead agency for this effort -- has been trialling this with some employees within the agency since April.

Since some public service officers require internet for their daily work, certain ministries are looking at issuing separate computers for such personnel, reported Channel NewsAsia. Work e-mails are also allowed to be forwarded to public servants' private email if needed, according to The Straits Times.  

Commenting on the move, Aloysius Cheang, Asia-Pacific Executive Vice-President of the Cloud Security Alliance, said that it "marks a return to the past when internet access was available only on dedicated terminals." He expects "many public servants, including teachers and ministry employees, to be concerned over how this will impact their work and productivity."

Vic Mankotia, Vice President, Security and API, CA Technologies, viewed the move positively. "From a security perspective, this is a step in the right direction to a more secure environment, but it's not the only answer. A more effective way forward would be to manage identities, manage access, manage authentication and manage devices, for a smarter and more advanced ecosystem. After all, a managed ecosystem is a secure ecosystem," he told Computerworld Singapore.

Echoing the same sentiment, Allan Robertson, Senior Vice President, Asia Pacific, Intralinks, commented that the move "is not the cure-all [solution] to end cyberthreats today as [it] only addresses parts of the cyber security issues that many organisations face today."

"In today's connected world, the data perimeter -- the boundary that safeguards an organisation's sensitive data -- needs to reside within individual documents, in addition to within the IT infrastructure. [This is because] most data breaches might not be a result of cyberattacks, but rather, human behaviour, intentional or unintentional. Once the content leaves the well-protected organisation's firewall [such as in the case of forwarding work emails to personal accounts], the organisation no longer has control over the content," he explained. 

"As such, there is a need for a new data management approach and better solutions for all organisations. Using Information Rights Management (IRM) as a critical tool for managing the content lifecycle, the organisation can embed security protocols to each individual document so that they are secure wherever they travel in the world. This ensures that each piece of content both in the organisation's servers and those that are being shared externally are protected," he added.


Sign up for CIO Asia eNewsletters.