- Security TWENTY
- Women in Security Awards
How can the public sector both transform and stay secure? asks Steve White, Head of Transformation Accounts, at cloud firm Yotta.
Public sector organisations have had to juggle multiple competing demands over the past two years while having to deal with many operational disruptions. Many are undergoing a process of digital transformation. While they stand to reap rewards from doing this: from faster, more efficient operational processes through to enhanced citizen engagement, there are also significant challenges they will need to negotiate and ensuring cyber-security is among the most urgent.
Updating on-premise legacy systems, is a particularly tough obstacle. That’s largely because doing this should go in hand in hand with the implementation of better cybersecurity measures to ensure networks and sensitive data are protected from cybercriminals. The issue is that these legacy infrastructures and systems were not built or developed from the outset with security in mind. On top of that, the effectiveness of security depends on multiple variables, including how efficiently suppliers provide updates and how frequently public sector bodies apply them. It also depends on the security of the networks these systems sit on. If the networks themselves aren’t secure, how can the systems be?
Added to that, as public sector organisations continue on their digital transformation journeys, cyber-attacks are getting more sophisticated and more frequent. Thus, strengthening cybersecurity strategies can no longer be put on a backburner. So how can public sector IT teams deliver on cybersecurity and protect their systems from hackers?
Steady but slow so far
One potential route forward is to adopt a ‘cloud first’ approach. It has been the direction of travel for some time. In 2013 the UK government specified that all central government departments take a cloud-first approach on any new technology purchases unless they could demonstrate that a different approach was more economical or provided a better value proposition.
Of course, they stand to tap into a wide range of operational and business benefits from opting for cloud. These include always-on availability; enhanced operational management, flexible pricing and being able to scale up and down as and when required. In addition, there is the peace of mind that comes from knowing that cloud service providers can take care of updates.
In line with all this, Gartner predicts that more than 85% of organisations will embrace a cloud-first approach by 2025 and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies. However, despite the prediction and mandatory government policy, cloud uptake has been fairly slow so far across some areas of the public sector.
One of the main reasons for the slow uptake, is gaining the buy-in of senior leadership around the benefits of digitalisation and cloud software in transforming outcomes and achieving savings for the organisation concerned. Another factor is the lack of skills and capabilities within some organisations around technology procurement.. Finally and perhaps most frustratingly, with local governments holding vast amounts of data (that is only said to increase in the coming years), perceived security concerns continue to hold public sector organisations back from migrating to the cloud.
Benefits of cloud first
Such are the benefits these organisations stand to gain from adopting cloud first approaches, it is important that these barriers are overcome. And it is especially key that the last named myth around perceived security risks is debunked. The reality is that despite the perceptions outlined above, adopting a cloud first approach is. in itself, a good step towards implementing better cybersecurity practices.
In fact, the data saved with cloud service providers may likely be safer than the information stored in a computer’s hard drive. The security measures undertaken by large providers like Amazon Web Services (AWS) and Microsoft Azure are more robust and powerful. Unlike in-house IT teams who have to juggle a myriad of concerns and tasks, the sole role of cloud hosts is to carefully monitor security, making it much safer. Also, the servers are usually located in warehouses that most workers don’t have access to, with several layers of controls, the files stored on cloud servers are encrypted, therefore far harder for cybercriminals to access.
Additionally, cloud providers conduct regular and consistent security updates. This means that public sector organisations and their security teams don’t have to worry about forgetting to run an update, or employing an IT expert to constantly maintain their servers.
Another aspect worth mentioning is the growing usage of artificial intelligence tools by cloud service providers, the purpose of which is to help better protect the data. Today’s advanced AI capabilities can run the first level of security analysis, with the reliable algorithms being now able to identify possible system vulnerabilities and alert the team before the hacker causes any damage.
Finally, it’s redundancy. Unfortunately, power outages do occasionally happen, but the biggest cloud providers are prepared for such eventualities. If one of the servers goes down, the organisation can still access its files from a back-up one, ensuring business continuity.
The bottom line is, if the organisation hosts itself, the problem is in its hands. But if it works with a cloud-solution provider, they’re there to take care of the laborious task of keeping systems up and running, freeing up the organisation’s time to concentrate on more business-critical tasks.
Keeping cyber central to digital transformations
For public sector organisations accelerating their digital transformation plans, embracing cloud and adopting cloud-first strategies can help them gain greater resilience and operational efficiencies that ultimately improve the bottom line. Such benefits would be much appreciated across local governments in all parts of the country, especially with the current IT and data skills shortages. With the security advancements made to cloud over the years, organisations can be better protected against more sophisticated cyber threats whilst ensuring compliance with appropriate data regulations.
That significantly relieves pressure on IT professionals, especially if they partner with a trusted and reliable provider, who works as a true extension of their team. Then, they can confidently move forward with their digitalisation strategies, with cybersecurity as the backbone that will help them succeed.