Passport Seva's Simli on How to Build In SecurityTechnology Leader Shares Insights for Government Agencies in India
When Passport Seva, the agency under India's Ministry of External Affairs that manages all passport services, underwent digitization and a technology overhaul, it emphasized building in security in a structured manner, says Golok Kumar Simli, the agency's principal consultant and head of technology.
"Right from conceptualization to defining the solution architecture and the deployment, there needs to be a clarity of purpose," Simli says in a video interview at Information Security Media Group's recent GovInfoSec Summit in Delhi. "What are you proposing, and what do you plan to achieve? You need to have a good visibility of who your stakeholders are and what they are doing within the environment."
Simli advises government practitioners to adopt a risk-based approach to security and ensure risk assessments are done prior to any technology investment. He believes a structured approach can benefit all government agencies struggling with information security challenges.
In this video interview, Simli offers insights based on his experience implementing a 24x7 security operations center staffed by ministry personnel and a service provider. The SOC is designed to help the agency proactively detect and respond to security incidents in near real-time, he says. He also discusses:
- Security strategy recommendations for government agencies;
- Lessons learned from running a proactive security program at a government agency;
- Insights on effectively managing service providers.
Simli is principal consultant and head of technology for Passport Seva under India's Ministry of External Affairs. He has more than 22 years of experience in information and communications technology projects, including more than 10 years in government. Previously, he worked at the Reserve Bank of India as well as in in the oil and gas, power, and banking and finance sectors. His major projects have included mission mode projects under NeGP, the National e-Governance Plan of India; government data centers for secure and centralized information sharing; cloud technology; and capacity-building and change management in government departments.