Malaysian is asking and concern on PADU online system Pangkalan Data Utama (PADU Gov)

How safe is Padu Malaysia?
Is it safe to register Padu?

LGMS’s Perspective on Padu’s Security

“What the Malaysian government is doing is very outdated.” — Fong Choong Fook, CEO of LGMS Bhd

https://www.malaysia-today.net/2024/03/29/padu-developed-using-outdated-methods-says-cybersecurity-expert

Cybersecurity expert Fong Choong Fook, CEO of LGMS Bhd, highlights concerns about Padu’s development methods. While the system has seen distributed denial-of-service attacks, Fong emphasizes that the design itself must be scrutinized. Questions about security strategy, database structure, encryption measures, and data integrity need answers.

In the competitive landscape of modern app development, ensuring robust security is paramount. This exploration delves into the critical aspects of application safety, focusing on duplicated central databases, API-driven approaches, and the Padu system in Malaysia.

Duplicated Central Databases: Risks and Benefits

Duplicated central databases pose significant risks due to potential data inconsistencies and security vulnerabilities. They offer simplicity and direct control over data, which can be beneficial for initial setup and small-scale applications. However, the risks often outweigh the benefits, as they can lead to a single point of failure and complex data synchronization issues.

Risks:

• Data Duplication:
  • Multiple copies of data can lead to inconsistencies.
  • Synchronization challenges arise when data diverges.
• Security Concerns:
  • Centralized databases are vulnerable to breaches.
  • A single point of failure jeopardizes all data.

Benefits:

• Simplicity:
  • Easier setup and management initially.
  • Suitable for prototypes or controlled environments.
• Direct Control:
  • Developers have authority over queries and optimization.

API-Driven Approach: Flexibility and Complexity

APIs offer flexibility and scalability, allowing services to evolve independently and providing controlled access to data. The complexity of infrastructure and potential server stress are notable risks. Despite this, the benefits of an API-driven approach align with modern development practices, offering enhanced security and compatibility.

Risks:

• Complexity:
  • Requires additional infrastructure (API gateways, authentication).
  • More moving parts can increase complexity.
• Server Stress:
  • Frequent API calls can stress servers.
  • Proper load balancing and caching are essential.

Benefits:

• Flexibility:
  • APIs allow decoupling of services for scalability.
  • Services can evolve independently.
• Security and Compatibility:
  • Controlled access to data via APIs.
  • Modern organizations prefer API gateways.

Safer and Newer Approaches

Embracing microservices, cloud-native development, secure API design, and data sovereignty are contemporary approaches that offer increased safety and adaptability. These methods promote scalability, fault tolerance, and agility, ensuring that applications remain robust and secure in a rapidly changing digital environment.

• Microservices Architecture:
  • Break down applications into smaller, independent services.
  • Enhances scalability, fault tolerance, and agility.
• Cloud-Native Development:
  • Leverage cloud services for scalability, security, and reliability.
  • Use managed databases (e.g., AWS RDS, Google Cloud Spanner).
• Secure API Design:
  • Implement proper authentication (OAuth, API keys).
  • Regularly audit and secure APIs.
• Data Sovereignty:
  • Store data within the country’s borders (even in the cloud) to maintain sovereignty.

LGMS’s Perspective on Malaysia Padu’s Security

Cybersecurity expert Fong Choong Fook, CEO of LGMS Bhd, highlights concerns about Padu’s development methods. While the system has seen distributed denial-of-service attacks, Fong emphasizes that the design itself must be scrutinized. Questions about security strategy, database structure, encryption measures, and data integrity need answers.

Recent News on Padu 2024

• CyberSecurity Malaysia Affirms Padu’s Security:
  • Over 7.36 million Malaysians have updated their information in Padu, accounting for 35% of the country’s population.
  • Economy Minister Rafizi Ramli clarified that signing up for Padu is not compulsory, but existing information may be outdated.
  • Upcoming subsidy programs, such as the RON95 petrol subsidy, are expected to utilize Padu.
  • For more details, visit the official news articles: MSN, The Straits Times, Malay Mail, The Star, SoyaCincau, The Star.

So far we have seeing parties that both claim Padu is Safe or otherwise but we have yet to see evident that PADU gone through any cybersecurity scoring or online safety compliant audit. by experts . We are looking forward to create a safer enviroment for Malaysian

What is Sistem PADU Pangkalan Data Utama (PADU)

Pangkalan Data Utama (PADU), officially launched on January 2, 2024, is Malaysia’s comprehensive and secure national central database. Developed through collaboration between the Ministry of Economy, the Department of Statistics (DOSM), and the Malaysian Administrative Modernisation and Management Planning Unit, PADU aims for accurate analytics and digitalization. It provides a clearer picture of national household income, enabling more effective subsidy distribution and informed policy-making. Citizens and permanent residents aged 18 and above can register and update their information within PADU by March 31, 2024. While not compulsory, timely updates ensure eligibility for future aid and subsidies

As of March 19, 2024, 6.03 million Malaysians, which accounts for 27.4% of those eligible, have registered with the Central Database Hub (PADU). The deadline for registration ended on March 31, 2024, with approximately 10.85 million Malaysians signed up, nearly 50% of the total number of individuals aged 18 and above in the PADU database. The PADU system contains basic data collected from various government agencies, facilitating analysis, census activities, and the distribution of government aid and subsidies. While not compulsory, timely registration ensures eligibility for future benefits and policies.

Some other Question Malaysian is asking on Pangkalan Data Utama (PADU) 

1. What if one’s financial commitments and income change? Does one have to update one’s information in PADU every time there is a change? What are the repercussions if this is not done?
   • You will have to update the changes during the next update window as this will affect your eligibility to receive government’s aids and subsidies.
2. Is it compulsory to sign up for PADU? Will I lose out on subsidies if I ignore PADU?
   • Registering for PADU is not compulsory, but it will put you at risk of losing out on being eligible to receive future aids or subsidies from the government.
3. How do I register for a PADU account, and how long does the process take?
   • To register for a PADU account, head on to PADU and click on register. The system requires your full name, MyKad number, and postcode. All these details must match with what is currently stated on your MyKad.
   • You will need to provide your mobile phone number to receive a One Time Password to proceed with the next steps in your account registration process.
   • The next part is the e-KYC verification, which involves taking picture of the front and rear of your MyKad and a selfie to verify your identity.
   • The e-KYC verification might take up to 3 days to be processed, but generally it will be completed in less than a day.
4. Who is eligible to register for PADU?
   • PADU registration is open to citizens and permanent residents of Malaysia aged 18 years and above.
5. What are the benefits of registering with PADU?
   • Registering with PADU will ensure you wont be at the risk of being left out from receiving subsidies or social protection by the government, if eligible.