After an eventful year for technology in the public sector, it’s an opportunity to reflect on the learnings we can apply in 2017.
Looking at some of the major developments, there are certain stand out trends that will continue to have major implications for IT delivery and security. The first is the growing number of connected devices that are being adopted, both in everyday life and in business.
This is resulting in a plethora of data being produced which can be used to garner insights and enhance machine
learning. The rise of connected devices is also putting more pressure on networks to deliver more services, at a faster pace. Keeping up with the change in consumption and demand will continue to test both the private and public sector in the years to come.
It goes without saying that these trends have all contributed to the growth in cyber-attacks we saw last year. Notably there were attacks on an NHS Trust, caused by a virus infecting its electronic systems and it was revealed that more than half of data breaches in public sector are caused by human error. This comes as no surprise, unfortunately, as human error continually plays a role in cyber security risks for organisations on a global scale.
Getting comfortable with the cloud
One significant trend last year was that the growing number of data centres being built or relocating to the UK is creating more interest from government CIOs in considering the options that the cloud has to offer. There is a general feeling that the data is best located – both for availability and security – if it resides in the UK. These executives now need to think about how they will maintain the strong security policies that exist on-premises when they start moving data and services to the cloud.
Gartner claims that security will be a key public sector cloud adoption driver by 2018. Indeed, cloud service providers such as Amazon Web Services and Microsoft put significant investment behind their security capabilities to build confidence in the cloud as a secure hosting option. Recent figures have shown that healthcare and local government are the most likely UK bodies to suffer security breaches, so organisations must act quickly to avoid becoming the next victim of an attack.
With many cloud options now available, we are also seeing public sector organisations migrating straight from on-premises to a Software-as-a-Service (SaaS) cloud computing models. Previously, this was done gradually, by moving to Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), before adopting SaaS.
From a security point of view, the SaaS model does not provide the compliance that many of these organisations need. They cannot control the security of public cloud beyond measures like multi-factor authentication (MFA). Therefore, their best option is to store data and services across both the cloud and on-premises and keep in mind that just because they know where their data is held doesn’t mean that it’s adequately protected from hackers.
Investing in cyber security
Recent government efforts have also demonstrated that a more serious stance is being taken to bolster the UK’s cyber security defences. In November, Chancellor Philip Hammond announced a £1.9bn investment in a new cyber security strategy for the UK. It will involve strengthening technology used to defend against attacks, advising businesses on how to do so and tackling the cyber security skills gap. We’ve already seen action being taken to improve the nation’s pool of talent, with plans announced to turn Bletchley Park into a school that will create a new generation of cyber security professionals.
In addition, the government’s work with the national cyber security centre (NCSC) is a sign of its proactive approach to improving defences. The NCSC will be well-equipped to provide recommendations to the public and private sector on where researchers have identified growing threats, and how they can counteract them.
Coming into a new year is an ideal time to revaluate current processes and where there is room to streamline them and bolster security. It is no longer a case of if a hacker will try to attack, but when.
The cloud will continue to play an important role for cyber security in 2017 and it will be a crucial time to prepare for the impending European General Data Protection Regulation (GDPR). It is not due to be rolled out until 2018, but adopting the new requirement can take anywhere from between 6 to 12 months.
Now is the time for public sector leaders to ensure that they are considering security alongside every technological innovation and regulatory change to ensure that they, and the citizens they have a responsibility to, are protected at every step.