Is enough being done?

By Ilva Pieterse, ITWeb contributor
Johannesburg, 27 Sept 2016
AJ Hartenberg, T-Systems
AJ Hartenberg, T-Systems

Gartner has identified risk-based security as among the most important for government, according to a 'Top 10 Strategic Technology Trends for Government in 2016' report, published in June. It believes risk-based security has the potential to significantly benefit government performance within the next three to five years. How is South Africa faring in this regard?

Risk in the public sector is ten times greater than in the private sector, says Phoenix Distribution's CEO Simon Campbell-Young. "This is as a result of factors such as tenders being handled inappropriately, corruption in certain sectors that leaves budgets for infrastructure bare, and lack of awareness when it comes to risk management limiting the steps taken to prevent risks."

He believes the public sector must start seeing the real threats out there and put the appropriate budgets in place. "These organisations must realise that without the proper preventative and security measures in place, various risks can break a business," he adds. "The public sector should partner with security companies in the private sector to get them up to standard and to assist them with updates and upgrades to keep their standard of security high."

Phishield's director Bruce Goodwill says that the public and private sectors are equally at risk, as the recent attacks on public sector organisations such as Johannesburg Water prove. He adds that breaches of public sector companies could well lead to further risks on private organisations, and vice-versa.

"One thing all breaches have in common is the exfiltration of data for financial gain - whether that means accessing an organisation's bank account or selling that data on the black market," he says. "While there are a number of ways both public and private sector companies attempt to mitigate risk, the public sector still lags behind in some areas."

One of these is insurance against cyber fraud, Goodwill says. While a relatively new addition to the security portfolio, many companies in the private sector are covering themselves for the worst case scenario. The public sector, however, has not invested in this additional protective measure, despite the fact that these organisations have the same - if not higher - risk profiles.

In the opinion of portfolio manager of datacentre services at T-Systems, AJ Hartenberg, there is a perception that enough is being done, but, in reality, there are many challenges that the public sector faces in risk management. "There are policies in place, but there is not enough follow-through to ensure that end-users are complying with the rules." He also believes issues lie in the need for greater accountability and ownership of the importance of minimising IT risk. "Public servants need to be cognisant that it is a collective duty, and not the responsibility of a single department or IT service provider."

Change perceptions

The tools that are being used in the public sector are not always geared towards the appropriation of the remedies that need to be enforced within the organisation, he adds. "There might be a perception that they are the right tools, but are these tools being implemented in totality to address the risk profile identified?"

Cybercrime on the rise and attacks are becoming more complicated by the day.

Oliver Fortuin, BT Global Services

Hartenberg believes that by educating the public sector, through enablement and awareness events and providing information about what is at risk, we can work together to change the perception and the understanding of IT risks in the general industry that affects this sector.

He says the fact that there are so many different departments and organisations within the public sector creates its own risk factor. "The situation is further exacerbated by a lack of sharing the right information. It is vital that all departments take a collaborative approach and work together," he says.

Silo approach

Collaboration is essential to ensure that the public sector is getting the best possible solution for each risk area, Hartenberg continues. "Hindering this is a silo approach and multiple departments that operate in isolation can affect the risk profile of the organisation. It's important to consider partners that can provide the right services fitting for each area, especially as cloud becomes more prevalent and IT automation becomes standard. As these technologies start to drive up the value chain, the types of threats and risks become more advanced and must be dealt with accordingly."

A solution, he believes, is a methodical approach through a value assessment where the public sector looks at what is currently in place and what is still missing when it comes to risk management. "The outcome of the evaluation should identify the gaps and the areas of minimum risk, thereby linking it back to the acceptable risk profile that the organisation should meet. Thereafter, the roadmap then determines the key risks that need to be addressed and the plan of action to follow. A governance structure is set in place to ensure that the identified partners will address risk profile challenges."

MD of BT Global Services for Sub-Saharan Africa, Oliver Fortuin, believes we shouldn't be too hard on the public sector, as government organisations provide a wide range of essential services to the public, but are under pressure to deliver these services in real-time and at a high demand while significantly reducing the costs and improving the service.

"The public sector needs to not only deliver citizen-focused services, but do so with increased efficiency, and at less cost. The ability to deliver services efficiently and effectively requires increased collaboration across departments, agencies and other organisations, and technology is key in achieving this, where the public sector can no longer rely on legacy technology to service a market that is growing in demands, he says. "However, while this sector starts addressing this and starts investing in the key technologies of the future, they must also focus on IT risk, and ensure they are partnering with the right providers who will aid them in the protection of public services and citizen data, especially with cybercrime on the rise and with attacks becoming more complicated by the day."

The Top 10 Strategic Technology Trends for Government in 2016
Source: Gartner

1. Digital workplace

The digital workplace promotes collaborative workstyles, supports decentralised, mobile work environments, and embraces employees' personal choice of technologies.

2. Multichannel citizen engagement

Delivering an effective citizen experience requires a holistic approach to the citizen, and multichannel citizen engagement opportunities will deliver quantifiable benefits.

3. Open any data

Open data is accessible with open APIs and is not subject to any trademark or copyright.

4. Citizen e-ID

Citizen electronic identification (e-ID) refers to the orchestrated set of processes and technologies managed by governments to provide a secure domain to enable citizens to access core resources or services.

5. Analytics anywhere

The pervasive use of analytics at all stages of business activity and service allows leading government agencies to shift from the dashboard reporting of lagging indicators to autonomous business processes and business intelligence (BI) capabilities that help humans make better context-based decisions in real-time.

6. Smart machines

Government IT leaders must explore smart machines as enhancements to existing business practices, and possibly as foundations for new public services or ways of accomplishing business goals altogether.

7. Internet of Things

The IoT architecture operates in an ecosystem that includes things, communication, applications and data analysis, and is a critical enabler for digital business applications in all private-sector and public-sector industries

8. Digital government platforms

These platforms deliver services such as identity management and verification, payments, reusable application services, and notifications that are commonly used across multiple domains.

9. Software-defined architecture

Adding a layer of software to abstract and virtualise networks, infrastructure or security has proved to be a useful way of deploying and utilising infrastructure.

10. Risk-based security

Government CIOs must adopt a threat-aware, risk-based security approach that allows governments to make knowledgeable and informed decisions about risks in a holistic fashion, allowing for a wiser allocation of resources, more sound decisions about risks and their impacts on government missions, operations, assets and people, and engagement of senior leadership in risk-based decisions.

Innovating in the digital era: public sector tech trends for 2016
Source: Deloitte

Deloitte has identified trends that will disrupt the public sector operating and delivery models over the next 18 to 24 months:

1. Right-speed IT

There is an inherent tension between stability and agility in IT. Organisations are evolving different delivery models to span the continuum from high-torque enterprise IT and high-speed innovation.

2. Internet of Things: From sensing to doing

From `smart cities' to the military, the public sector is capitalising on the ever-expanding universe of connected `things'. But the real potential is unlocked when data are actionable and new approaches to data management and mission delivery models are considered.

3. Augmented and virtual reality go to work

AR and VR, technology that delivers context and immersion, have tremendous potential to retool training environments, improve communication, redefine the role of field service workers, and reshape government business processes.

4. Reimagining core systems

CIOs face enormous pressure to maintain core systems while also investing in emerging digital technologies. But what if those same legacy systems have the potential to become the foundation for driving innovation?

5. Autonomic platforms

Autonomic platforms transform infrastructure to be more intelligent, repeatable and scalable through virtualisation, containers, and the cloud. IT delivery becomes more automated, helping employees focus on higher-value tasks.

6. Blockchain: Democratised trust

Developed as part of Bitcoin, blockchain uses cryptography to store and verify information in a secure shared ledger without a governing central authority. Public sector adoption is nascent, but use cases exist that could drastically improve efficiency, costs, and reliability.

7. Industrialised analytics

Industrialised analytics represent a tremendous opportunity, but require innovative delivery models, new technical platforms, and novel governance tactics. These larger-scale data efforts can allow repeatable results and scale that can truly transform public sector entities.

8. Social impact of exponential technologies

Beyond efficiencies that exponential technologies like AR and robotics can help achieve, they also have the potential to drive positive social impact. The public sector has the opportunity to take the lead in developing public-private consortiums to take on the world's toughest challenges using these technologies.

Hot tech trends in public sector for 2016
Source: InformationWeek

InformationWeek believes the following trends will have a big impact on the public sector this year:

1. More focus on security than ever

"The large number of sophisticated cyberattacks against government organisations makes this a critical focus area for IT decision-makers in 2016," says Matthew Hopkins, research associate at VDC Research. "Steps have been taken to mitigate the risk of cyberattacks, but there is much room for improvement."

2. Making government open

Government agencies are working to improve their transparency, and working harder than ever on it in 2016. One reason for the urgency is the need to respond to citizens' technology expectations. "Citizens are quickly becoming accustomed to the convenience of arranging transportation with Uber, ordering and paying for their coffee with the Starbucks app, and purchasing their holiday gifts from their phone with Amazon," says Fred Damiano, chief innovation officer at nfrastructure.

3. Modernising computing infrastructure

IT experts predict that more agencies will address legacy hardware, datacentre overload, and establishing infrastructure that can handle up-to-date technologies.

The consensus is that it's time to modernise. Tony Scott, the US Federal CIO, said recently that legacy, outdated network infrastructure is causing `a crisis that's bigger than Y2K'.

Anthony Robbins, Brocade's federal VP, agrees: "The federal networks that exist today are too outdated and can't fully support the requirements of cloud computing, mobile, the Internet of Things, and big data."

Expect cloud discussions to move from the conference room to implementation phases. Among those discussions, says Michael Angelo, chief security architect for Microfocus's NetIQ, is deciding which cloud model to use. "FedRamp will continue to grow, but gaps will continue to be recognised," Angelo says. "Industry will continue to utilise the cloud, and will continue to realise that the cloud, while potentially able to save a boatload of money, is a serious exposure."

4. Staffing changes

"According to the Center for Digital Government, as of September 2015, one in four government employees was eligible to retire," says Katie Burke, government strategist at Laserfiche, an enterprise content management software company. "Organisations now must figure out how to fill the positions. And, more importantly, do they want to maintain these positions as-is, or re-focus the role to be more strategic in nature?"

Kronos' Regan referrs to a NASCIO report with similar results, adding: "Whether or not states are experiencing retirement postponement or record retirement, it is clear that CIOs are concerned about the state of their workforce."

Government IT organisations are challenged to meet many pent-up demands, including demands for hot tech skills. One answer may be increased dependence on IT contractors, as government moves from capital budgets to operational budgets.

This article was first published in the September 2016 edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.