Matin Kaddour (Australia) - Data Loss Prevention within Australian Government Agencies

All businesses have data they need to maintain and protect, but within governmental institutions, the stakes are generally much higher. With the multitude of security risks faced, and given the wealth of sensitive information maintained - be it financial (particularly tax and social security information), medical or health, legal, foreign - the damage that can be caused by data loss within the Australian public sector is immense.

In 2008/09, the Australian Government Information Management Office reported that 31% of Australians used the internet for most of their contact with Government - double that reported only three years earlier. The heavy reliance on information transfer between the public and public service is exacerbated when it is considered that in 2009/10 the Australian Government Budget aggregates estimated that the public sector comprised nearly one third of all Australian GDP.

A recent Information Systems Audit Report tabled in Western Australian Parliament in March 2010 found 52% of some 56 government agencies assessed had not established effective controls to manage IT risks, information security and business continuity. The report showed that most agencies lack comprehensive management, technical and physical controls over their laptops and PSDs. The most common risks were found to be network attacks and infected computing systems. Effective change controls had not been established in 31% of agencies and 33% had not established effective controls for management of physical security. Click here for the full report.

With threats to national security growing at an alarming rate and becoming increasingly sophisticated, Australian government agencies need to be attaching a greater level of importance on data loss prevention (DLP). DLP systems identify, protect and monitor all levels of data - from data storage to network security to end-point protection. In order to protect the integrity of personally identifiable and materially sensitive information it is essential that governmental agencies shift from passive detection to active DLP.

The following characteristics are essential to achieving an active DLP solution within governmental institutions:

  1. Enable easy deployment for immediate prevention
  2. Empower users to remediate incidents in real time - alerting users of suspected breaches, allowing instant remediation or authorisation of legitimate communications
  3. Utilise innovative multi-parameter data classification and correlation engines that combines users, content and process to deliver accuracy
  4. Enable multi-protocol inspection and enforcement
  5. Recognise and protects sensitive forms - including file/form matching based on pre-defined templates
  6. 6Identify unconventional government communication behavior

Given that the public is increasing its contact with the Government via the Internet and the evident lack of DLP, albeit passive detection, there is an imperative need for Australian Government agencies to shift to active data loss prevention - a shift that requires a combination of effective DLP technologies and processes.


Matin Kaddour has over 13 years of sales and marketing experience in value added-distribution and at various vendors within the Australian IT industry. He currently holds the position of Country Sales Manager at Computerlinks Australia, a global leader in value-added distribution for Security and Internet technology solutions.



« Tom Brand (UK) - External, Internal or Hybrid - What Cloud is Best for Who?


Christian Sundell (Finland) - Managing Users and their Entitlements Centrally - When, How and Where to Start? »


Do you think your smartphone is making you a workaholic?