There is no escaping the inevitable truth looming over public sector organisations; citizens are looking for more from the digital channels being built by government agencies.
From seamless interactions to easy identity verification, citizens are becoming digital connoisseurs with an attuned taste for on-demand personalised services. So the question is: how can public sector organisations deliver personalised citizen-experiences without negotiating on information security?
Michael Richards, Senior Technology Specialist for Business Productivity at Microsoft explained to the Cyber Security 2017 conference at CeBIT Australia, and we were lucky to hear some of his tips to help government organisations balance security with innovation.
Striking the right balance between information security and digital transformation can be a difficult task for any organisation looking to build a digital transformation strategy, let alone government agencies that also need to ensure they protect critical data assets.
Although we need to treat the public sector with a hint more caution that the private sector, it’s clear that the adoption of new technologies is inevitable if government departments are to deliver effective and life-changing services.
The conundrum, according to Richards is that nobody wants to implement new technologies that may put an organisation at risk of serious security breaches and cyber threats. Richards lets us know what it takes for an organisation to develop a security mindset that supports innovation:
“Traditionally cyber security is built on a fortress model. We lock all doors and hope that it will hold against any attacks,” explained Richards. “Organisations need to adopt a more forward looking model, not only because it stifles innovation, but hackers don’t have the same regulatory constraints as corporations. Their methods are constantly evolving.”
But the higher the security measures go shouldn’t mean that daily tasks become harder to perform. If security departments stand in the way of productivity, it may be due to a lack of understanding of business outcomes. This approach also puts organisations unwittingly at risk as users are willing if they can’t get things done. To avoid this kind of situation, security professionals needed to deliver secure business outcomes rather than security for security sake.
A framework that strikes the right balance between information security and innovation should be focused on:
- Building a resilient security posture
- Data and how it’s used - not on compliance to an arbitrary network classification
- Strong global standards - they beat local prescription in the long run
- Privacy protections on use, not location
- Building a security growth mindset.
If you're keen to learn more about digital transformation in the public sector, then register to receive the GovInnovate 2017 program here!