DailyPost 2631
DIGITAL INDIA – ACCESS & PRIVILEGES AUDIT
To the ones uninitiated to digital world at the enterprise level, and how the systems function smooth or otherwise, will have no idea what we are talking about. For them one password and that is the end of access and the consequent use of digital resources. We have landed in such a predicament in at least the third decade of this technology becoming commonplace, speaks volumes of the direction in which we are heading in the AI age. The sector who seems to be completely lost in this game is the political executive, legislature and higher echelons of the government represented by top-notch bureaucrats.
The current case of a lady MP losing her Lok Sabha seat speaks volumes of giving two hoots to creating a system, and simultaneously going out of the way to prove anything and everything, which still remains in the grey area. Generic governance has brought us to this level and certainly cannot take us any further. Imaginary enforcement and punishment for whatever its worth is not going to improve our reeking digital system. That does not seem to be the objective either. If your system is being accessed from not so similar geographies and unfamiliar IP addresses, does it not raise a red flag.
Not getting into the political debate at all, what is required is to understand the current access and privileges mechanism and how it can be made full proof. You can keep throwing people out of a reeking system, but that does not improve the system. How are the organisational digital assets being used is the biggest concern of any robust organization? What has the nature of compromise, if any, needs to be assessed? In this case you are taking care of the law making in this country to say the least. Every parliamentarian, minister, legislator, bureaucrat etc have rights and duties, legal mandates, jurisdiction, privileges inclusive special ones, and host of other they are bound to perform.
In the digital world how do you do that? The nature of access to digital assets; what can he do with it, when and where and at what time defines the translation of physical roles and responsibilities onto the digital mode. Whether there is policy to this nature? Out of that policy have we created an operational document and finally directives which all agencies associated with the digital asset creation and operations need to know and make it tangible. This is what we call as the business logic of the software represented by a portal, app or an ERP. When the parliamentarians don’t know themselves what they are using, the less said the better. Do we have these mechanisms in place? An access and privileges audit are a must. Might be we can start with a white paper. Digital assets just created and parted to people who cannot use or don’t want to use, is a mockery to the digital transformation, happening all around the place. Can digital checks not be put in place? Any number, much more effective than the physical world. Was the account of the MP suspended when the furore arose? That itself will explain where we stand. Who is the super system administrator in (non-technical) of the parliament portal in question?
LAW MAKERS NEED TO PUT THEIR HOUSE IN ORDER. BEREFT OF MOST BASIC TECHNOLOGY WE CAN ONLY BE A DEMOCRATIC RELIC.
Sanjay Sahay
Have a nice evening.