“The numerous cyber-attacks launched in recent years against advanced information societies aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of international and also local security threats. Given the seriousness of the cyber threats and the interests at stake, it is therefore imperative that the comprehensive use of information communications technology solutions be supported by a high level of security measures and be embedded in a broad and sophisticated Cybersecurity culture. For this reason, the cyber threats need to be addresses at both global and national levels” - National Cybersecurity Framework of South Africa
The IFMS has secured what is referred to as the ‘IFMS Cloud’ hosted by SITA. This is a private cloud which simply means that the IFMS data is hosted in an environment that will actively protect it against unauthorised access. A delegation from the IFMS has assessed the facility, particularly focusing on physical security aspects amongst other things and made sure that the IFMS is in line with the National Cybersecurity Framework of South Africa. The delegation comprised of representatives from all partners, namely, National Treasury, the Department of Public Service and Administration (DPSA) and the State Information Technology Agency (SITA).
It is anticipated that the initial footprint of the IFMS platform will be hosted in the data centre as part of SITA’s strategy to deploy all government Oracle-based solutions in their IFMS Private Cloud. SITA plays the role of providing Information Technology, Information Systems and related services in a maintained information systems security environment on behalf of participating departments and organs of the state. In this regard, the IFMS will receive the services of a maintained comprehensive information systems security environment, according to approved policy and standards.
Due to the strategic nature of the IFMS for the South African Public Service, it is imperative to ensure that any harm that can be caused by a security breach and the risk inherent in the potential service failure due to such a breach, be identified, addressed and eliminated in advance. This will thus protect state information from any cyber-attack that could potentially undermine the functioning of the public sector information systems.