Security fears must not restrain public sector digital transformation

Deloitte’s survey of digital transformation in government showed security concerns are one of the top 3 barriers impeding government organisations taking advantage of the digital opportunity, along with insufficient funding and too many competing priorities (Source: DU Press UK Digital Transformation Journey). There are a number of steps that can be taken to mitigate these fears:

Establishing an effective risk management framework

Such risks include, but are not limited to, strategic, mar­ket, cyber, legal, reputational, political domains, as well as a broad range of operational risks such as information security, human capital and business continuity. Having a process in place is really critical to allow government departments to focus on digital transformation with the peace of mind that the majority of risks will be detected and handled promptly and in the right way. This will include everything from identifying the risks, assessing them, selecting the right risk responses and monitoring and reporting on risks

Building in strong cybersecurity resilience

As dependency on digital technologies is higher than ever now, cyber-attacks are right up there not only as threats to public sector digital transformation but as a threat to the functioning of government and national security. But these new technologies can also help government and industry in identifying and addressing cyber risks and threats and, if designed and implemented correctly, can combat some of these threats as they arise. For example, in the online world, cloud-based approaches can enable instantaneous transmission of patches across a network. And artificial intelligence (AI) can automate detection of malware and mit­igate risk at scale, automating routine decisions and fostering a focus on the highest priori­ties, such as open source vulnerabilities.However, at the other end of the technology spectrum, many public sector departments also continue to rely on archaic sys­tems that retain vulnerabilities—more fundamental modernisation strategies, including shared services for secure computing platforms and new technology approaches ranging from identity and access management to encryption, can reduce risk significantly. So, accompanied by sound governance, government departments can adapt new technologies to support overstretched security staff who focus on results while still ensuring compliance. These experts can then address high-priority risk items even as constrained budgets remain the norm in the sector.

Cementing digital leadership in the public sector

Developing digital leadership will enable public sector leaders to effectively weigh the risks of transitioning to digital government against the benefits, by drawing on the lessons from other government departments as well as the private sector. Such informed leaders are also more likely to be more steadfast in their support for a digital government programme, even in the wake of collateral damage from the fallout of any digital failures or disruptions.

Adopting a multi-expert, collaborative approach

Finally, acknowledging the public sector does not possess all the required security expertise and compliance know-how is critical. Last year’s WannaCry ransomware attack, in which 45 NHS sites in the UK and over 100 countries were hit, shows that cybersecurity has never been more a more pressing issue for the public sector. Blackpool Council, for example, worked closely with the American firm Fortinet to become an early adopter of enterprise firewalls deployed at the heart of its infrastructure, making them resilient to such an attack. Their motivation was driven by the problems created by a previous attack, in 2009, called the Conficker computer worm (or virus). Without a broad, collaborative approach, bringing in expert cyber advice and support from the outside government, WannaCry could have been much more successful with its disrupting and subversive agenda.

As with any risk, 100% prevention is never guaranteed. And it’s a tough one because adversaries only have to succeed once to create massive damage. So the focus goes well beyond simply security, IT and systems to the people, processes, and data essential to carrying out public sector goals and objectives. Risk management is not simply a compliance exercise and should not be ring-fenced off somewhere in a remote part of government; for digital transformation to succeed, it should be at the heart of departmental, agency and local authority mission delivery