Thursday, December 6, 2007

IT SECURITY IN A DEVELOPING COUNTRY –A CASE OF MALAWI…..A CHALLENGE?

Having born, lived and worked (especially working with the government IT department) in Malawi, one of the so called developing countries .I have seen, observed and experienced some of the issues worth sharing on the Information Systems security status. I was privileged some years back to travel overseas in Japan where I was trained as an information security Specialist and also had a stint with one of the renowned Audit Firms in the world(KPMG), working locally as an Information Risk Management Specialist. The general observation is that In Malawi like in any other developing country the ICT Sector is growing rapidly. But …..One of the challenges is the risk associated with the new technology…….is there advocacy for this or we are just promoting the introduction and ignoring the RISKS and how to mitigate them ?

In any field ,the business assumptions - the way it was……….
“That products would not change dramatically, that the processes used to produce them would remain basically the same that the workforce would remain loyal, that new competitors would occasionally appear but the playing field would be level”
But the above is not the same especially in IT.

Today’s IT Environment is associated with the growing cost if security is to be achieved ,distributed , heterogeneous, complex ,higher expectation , increasing risk ,high business dependency .

What the IT function must deliver

• Security / integrity
• Effectiveness and efficiency
• Implementation to impossible timetables
• Reduced Costs - (“Total cost of ownership” - TCO)
• Service levels
• Innovative solutions
• Value for money
• And….source, implement and exploit risky new technology

The above may be achieved but has a cost to a developing country like Malawi in terms of resources, personnel and Government commitment. Even in countries where ICT is like a model to us the road has not been smooth as I quote:

“IT has been the longest running disappointment in business in the last 30 years!”
Jack Welch, Chairman, General Electric, World Economic Forum, Davos, 1997

“Technology can help fulfil a visionary dream, but often its use is closer to a sobering nightmare!”
Vesa Vaino, CEO Merita Bank, SIBOS, Helsinki, 1998

I am writing a book on the history of information Technology…in order to better understand why it is such a mess!”
Philippe Corniou, CIO, Renault, IT Governance Forum, Paris, 2001

IT investments did not have an impact on productivity in 53 out of 59 economic sectors”
McKinsey report 2001

The above means that for a country like Malawi to have a sound ICT infrastructure and services ,there has to be a big investment planning for all ;Government and the Private sector.
The business IT challenges is all about increasing consumer trust in technology and ensuring that IT contributes significantly and effectively to enhanced and sustainable shareholder value and these include:
– Improving the value for money obtained from IT investment
– Improving security and control in order to increase trust in consumer and corporate use of technology solutions
– Improving accessibility and reliability of technology based solutions
– Seeking greater opportunities for the exploitation of advanced technology for stakeholder benefit
– Understand and promote best practices in IT governance
– Ensuring that we have the human capabilities to deliver satisfactorily on these objectives

But is a pathetic situation that the Government of Malawi has no NATIONAL ICT POLICY (The draft is not yet approved despite being sent to parliament). And even at departmental level there is an ICT Policy in the department of Information Systems and Technology Management Services –it is just gathering dust in the shelves-NO IMPLEMENTATION!!! Even if you go to companies ,ask for the ICT Security policy –oops, only a few would produce it, even if they mean that they rely on ICT for their business-Kodi inu mwayiwala za Celtel –itapsa bwanji ? There was no back up services –Take care!

The issue here is , "let’s start taking this issue of achieving IT security serious" –Mbite!!!