Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Data security is essential for Government

May 2015 Government and Parastatal (Industry), Information Security

By Simeon Tassev, director and QSA at Galix

Cybercrime is a burgeoning threat, not only to business but also to governments all over the world. The increasing number of highly publicised examples of cybercrime activities being used against governments or for political gain highlights this trend.

The need for controls to protect unauthorised access to sensitive information is clear. However, while cybercrime may be the main driver behind these efforts, data security covers so much more than just cybercrime. Worldwide, data protection legislation is driving a growing body of best practice with regard to securing information from all manner of threats, both internal and external, and government will benefit significantly if they become part of this movement in order to prevent data from falling into the wrong hands.

With regards to data security in government, breaches are a global phenomenon, perpetrated for a number of reasons including financial gain, political leverage and more. South Africa is no different, as recent events have highlighted, and cybercrime is one of the biggest culprits of such events. From commercial enterprises to the public sector, cybercrime costs billions of Rand each year, and revisions to local legislation are thus underway in an effort to curb this alarming trend.

However, online threats are by no means the only danger to sensitive information, and many incidents of data breaches have occurred as a result of the simplest of methods, from printing confidential documents to copying unauthorised files onto a USB drive and simply walking out of the building. Government is faced with a number of challenges in this regard. There are so many ways of leaking information, from email hacking to unauthorised copying of information and everything in between. In addition, different departments have different priorities and different sensitive data.

Levels of classification

Compounding this is the fact that there are currently many different levels of maturity across the organisation, so it is not possible to have the same standards applied across the board. As a result, while frameworks and guidelines can be put into place, specifying the type of controls that should be in place, the specifics and details will vary from one department to another.

Ensuring data security requires governments to control the flow of data, understand their infrastructure, and most importantly, begin security with the process of collecting data. Starting from the beginning of the data lifecycle is key from the perspective of auditing and forensics. Understanding which information is confidential or sensitive, and classifying data accordingly, is essential. From there it is possible to implement logging, monitoring and alerting systems to flag incidents of unauthorised data access. This is crucial, however, it is only one element in the chain of security, as it provides no protection – only a reactive view of events once they have already occurred.

Once data classification and monitoring has been implemented, government can examine other technologies for the protection of information. The key here is to understand what data there is, and what government priorities are. This comes back to the importance of data classification, as without this no organisation, government or otherwise, can implement proper controls. It is simply not practical to protect everything, particularly in light of the rapid rate at which data volumes are expanding, so prioritisation is essential.

Agile adaptation

Simeon Tassev, director and QSA at Galix.
Simeon Tassev, director and QSA at Galix.

Preventative technology is the next step, along with vulnerability management and continuous vulnerability monitoring. Data security requires an understanding of the environment as well as the potential risks, which are constantly evolving, so security needs to adapt in an agile manner to these changes. Network access controls, mobility management systems and more can then be implemented on top of this.

When protecting data, there are many technologies that can be used to develop a tailored and layered solution to address the various requirements of government. However, any security solution starts first and foremost with the data itself.

Data must first be classified, after which policies, procedures and frameworks need to be implemented and enforced across all departments. Without these, security, no matter how sophisticated the technology, cannot be enforced. Data security begins with strategy, not with specific tools, and hinges on a solid understanding of where data is, what data is, and which information is sensitive, confidential or in need of protection.

For more information contact Simeon Tassev, Galix, 086 1 2 GALIX, simeon@galix.com





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
Employees are SA’s biggest cyber threat
Security Services & Risk Management Information Security
South Africa experienced a 46% increase in insider cyber risk in 2026, surpassing the global average of 44%. What is more, 63% of South African companies surveyed expect insider-driven data losses to increase.

Read more...
Surge in AI-enabled cybercrime and a 389% increase in ransomware
News & Events Information Security
Cybercrime no longer functions as a series of isolated campaigns; it operates as a system, with malicious hackers operating across an end-to-end life cycle and compressing the attack life cycle with shadow agents.

Read more...
Claude Mythos wake-up call
Technews Publishing AI & Data Analytics Information Security
AI has crossed a critical cybersecurity threshold and frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Rise in malicious insider threat reports
News & Events Information Security
Mimecast Study finds 46% of SA organisations report a rise in malicious insider threat reports over the past year: reveals disconnect between security awareness and technical controls as AI-powered attacks accelerate.

Read more...
New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.