Embracing security and digital transformation in the COVID-19 era
As the world emerges from a global pandemic, nations face a pivotal moment for government technology. Governments at every level are at the brink of digital transformation, but at the same time vulnerable to cyberattacks. Going forward, governments must invest in new technology and top-tier security software to deliver services while protecting critical infrastructure. They must also find new ways of solving problems while working within a system defined by decades-old processes.
Government innovators have brought startups into government, used city streets as a testbed, re-worked solutions during a pandemic, and developed new paths to procurements. While innovation in government technology has been fraught with fits and starts, fully-fledged, funded teams have been stood up across federal, state and municipal governments. From the U.S., to Brazil, to the U.K., and beyond—best practices in technology transformation are making a tremendous impact.
Still, government technology ecosystems are more complex than ever, and cybersecurity risks are increasing, with critical infrastructure in the crosshairs. My own work in technology leadership roles in city government in San Francisco and the City of New York is instructive in the way new models for partnerships and private sector innovation can be mobilized to address these issues.
Rapid application deployments and distributed workforce
Over the past year, government leaders have learned to appreciate strong, resilient digital infrastructure. In 2020, they worked feverishly to build and implement new systems to help meet the demands of COVID-19, from continuity of operations to distribution of social service benefits, and communication with the public about infection and vaccine rates.
At the same time, the urgency with which these changes were adopted often did not allow governments to fully improve security. Examples that made headlines across the United States last year included hastily implemented video conferencing solutions that disrupted hearings and public. Recent ransomware attacks on critical infrastructure have further made the stakes clear.
Recently, President Biden’s Executive Order on cybersecurity acknowledged the escalation of cyberattacks and the investments needed to combat them. Likewise, the European Union’s cybersecurity strategy, adopted in December 2020, highlights the importance of securing the increasing number of connected devices in the ecosystem.
Today, with digital transformation top of mind for many government agencies, the path forward must entail both: Consistent investment in new technologies that improve government services, and a simultaneous investment in top-tier security software and practices. Government leaders must understand the stakes, the incentives they are creating with their mandates, the tradeoffs, and the expertise they need to bring into their decision-making to seriously tackle both issues. In Lillestrom, Norway, the city leveraged Microsoft Azure to enable remote monitoring of its hydro utilities. In the U.S., Miami-Dade County’s Water and Sewer Department deployed Azure Synapse to provide data analytics insights into the county’s water systems
What are you incentivizing?
Government agencies are often responsible for implementing the priorities of elected leaders and are typically responsive to the incentives placed on them. It’s a demanding environment that requires fast decision-making and implementation for as little cost as possible, often at the expense of security. A recent report from the Water Sector Coordinating Council identified the creation of a culture of cybersecurity as the biggest challenge facing systems serving more than 100,000 people. Building that culture means aligning day-to-day work incentives with best security practices.
Key questions for leaders:
- How do incentives for agencies align with priorities for digital transformation?
- Are your technologists encouraged to work with real end-users to fully understand their needs?
- Is the work environment conducive to meeting security priorities?
- Do deadlines realistically allow for security standards to be implemented and tested prior to launch?
- Are there incentives for continual improvement and sustainable operations in addition to delivery?
- Have sufficient resources been allocated to allow teams to continue monitoring use and improving applications after they are launched for users?
What are the tradeoffs?
There are real tradeoffs when managing digital transformation. These include balancing speed to delivery, cost, public reception, and impact on resources for other projects. Government innovators must make deliberate decisions about priorities and be prepared to justify those decisions.
Key questions for decision-makers:
- What are the short-term and long-term costs and risks?
- If a solution is implemented too slowly, will operations suffer immediately?
- What are the long-term security risks of taking short cuts to get a solution deployed more quickly?
- Will spending less now lead to higher cost later?
- How do cyber events factor into this analysis? A single event can cost millions of dollars, while a stronger security option now could strain your immediate budget but be much less expensive over time.
Working with technologists
The Water Sector Coordinating Council report also indicated that technical expertise is critical to help leaders approach IT and OT transformation and security, particularly since business leaders don’t always have a full view of technical considerations.
This mirrors my own experience, in which technical advisors were brought in early in the process to provide valuable insight in the decision-making process, rather than only for implementation. They can serve not only as technical advisors, but also to help leaders identify the incentives and tradeoffs described above.
Key questions leaders should ask technologists:
- What can our current digital infrastructure support?
- How can we support technologists in implementing these priorities?
- How can we incentivize sustainable operational practices?
- Which problems are primarily technology-based, and which do you view as based in the underlying processes or practices?
With the dual priorities of digital transformation and security competing for focus in the public sector in the coming years, a vision for technology is not enough. Governments and their technology partners must consider the larger picture, which includes agency missions, executive priorities, and cost. Private sector partners who can manage these competing interests—and who offer technology and consulting solutions that make it easier to build with security in mind—can help minimize tradeoffs in development and support incentivizing both simultaneously.
Microsoft stands ready to support our government clients as they face today’s complex security environment and navigate the balance between digital transformation with security while finding better ways to secure and serve the public. Check out the latest e-book Building Trust with Secure Services for more information and best practices.