Securing New Technology in the Public Sector
Modernizing Authentication — What It Takes to Transform Secure Access
Emerging technologies are making their mark on public service, but secure management is vital to national security and to the delivery of citizen services.
By Ger Daly and Kevin O’Brien
One of the foremost missions of government is to improve the delivery of public service and meet the rising expectations of citizens. To achieve these goals, government agencies are beginning to embrace cutting-edge emerging technologies such as cloud, mobile, biometrics and the internet of things (IoT).
In a time where cyber-attacks on individuals, businesses and governments are becoming increasingly common, technology adoption alone won’t be sufficient. Today, secure management of intelligent technologies is vital both to the delivery of citizen services and to national security.
A recent Accenture survey of public service technology leaders in nine countries (Australia, Finland, France, Germany, Japan, Norway, Singapore, the United Kingdom and the United States) found that emerging technologies—also known as intelligent technologies—are already playing a pivotal role in helping agencies achieve better outcomes for citizens and meet mission-driven objectives.
At the same time, the survey respondents were pragmatic, recognizing that technology is only one part of a wider industry shift—one in which leadership, adaptability and skills development will be paramount. The majority of leaders (92 percent) said that improving citizen experience is their primary goal in adopting emerging technologies. Significantly, 73 percent cited reduced organizational risk and improved security as expected benefits from investing in intelligent technologies.
While new technologies can potentially play a transformative role in enabling public service organizations to meet their objectives, the security challenges that come with deployment must be understood. The IoT revolution is upon us, and yet security has not been a priority for software developers, device vendors or the public.
In the late 1980s and early 1990s, the creators of the public internet and World Wide Web gave very little thought to security. As a consequence, significant efforts had to be made subsequently to retrofit security capabilities and frameworks onto a mutable, ever-expanding digital ecosystem.
Now that we are farther down the road, we need to consider what actions government agencies should undertake to ensure that advanced technologies are planned for and adopted in a way that protects data and alleviates privacy concerns.
Make security a top priority across the organization.
A recent study of 200 C-level security executives found that 48 percent are very concerned about insider data theft and malware infections in the next 12 to 18 months. To prevent such incidents, public sector organizations must work with their suppliers and partners to ensure that security is applied holistically across the whole organization and the “internet of everything” chain.
As smart meters, smart cars, mobile banking and e-commerce, and similar technologies proliferate and combine rapidly into linked, interdependent chains, security is often limited to the device (or even only to subcomponents of that device). Security must be built into the software application layer, as well as into the devices, platforms and networks they use, in order to protect the entire data chain. Governments must be a leading driver for this requirement.
Ensure the security and integrity of data.
Data must be protected from theft, manipulation or destruction when shared across organizational, domestic government and national boundaries. As commercial, sensor-driven, mobile and cloud data holdings continue to grow, a wider network of public and private sector stakeholders will have a legitimate need to access and manipulate data sources.
For example, citizens may need to access their country’s citizen services portal securely from overseas. Or local authorities may need to leverage social media and other online information to conduct a background check on a new employee.