Mark Shephard, Regional Director UKI, Middle East & Africa Zscaler
When asked to think of organisations that are at the forefront of technological innovation, a whole host of young, modern companies may spring to mind. One that might not be on the list is the UK Government. Indeed, government departments, agencies and bodies are often regarded as ‘dinosaurs’ in terms of technology adoption, but the reality nowadays is actually very different.
Despite the widespread perception, I am seeing the public sector proactively embrace the cloud and digital transformation – in my opinion, they are sometimes taking bigger steps than the private sector. The Government Digital Service (GDS) is a great example of its commitment to leading digital transformation of government. Not many landmark organisations have a designated person or team in charge of building platforms, standards and digital services.
Why is the government moving to the cloud?
One of the biggest reasons the public sector is driving digital transformation is cost. An example of how public organisations can successfully save IT spend is by embracing a cloud-based security service, which requires less capital expenditure (capex) and resources for administering IT hardware infrastructure.
The government is trying to reinvent how staff access the internet securely to keep their systems safe in a cost-efficient manner. Indeed, with little hardware to store and maintain, and with no expensive appliances to patch and monitor, costs can remain much more manageable. When there is an efficient and secure cloud system in place, governments can allow and encourage their staff to work remotely. The government is then not only saving money on purchasing and managing expensive appliances, but it has an opportunity to reduce the size of office space, thus reducing costs in rent.
What about the security risks?
Of course, one of the biggest concerns about using the cloud is security – something that is an even greater concern for government agencies given the value and nature of the data they are responsible for. The UK Government stores far more data than the private sector, and much of it is extremely sensitive. Agencies collect data on everything from income and investments, to health conditions and criminal convictions. Citizens can choose whether to hand their credit card to a retailer, but they’re compelled to give their most private information to national and local agencies. In return, they demand a greater degree of information security.
Protecting government data in a cloud-based, mobile-enabled world demands a “trust nothing, inspect everything” approach. Without a drive towards digital transformation, organisations might fail to understand that this could mean a large, and much needed, shift in the way they are protecting themselves. Legacy organisations often have traditional security appliances that create a hard perimeter around their datacenter – and subsequently a barricade between it and the internet – which unfortunately does not lend itself to a fully secure environment or effective cloud adoption. To give but one example, SSL encrypted Internet-bound traffic might not be scanned due to performance limitations of hardware or for the sake of fast access to data and applications of mobile and remote users that are not sitting inside the hardware-secured perimeter, adequate security measures are not met.
The data protection challenges in government organisations are, in many ways, unique. Cloud benefits such as agility, mobility, cost control, and performance are every bit as important to government agencies as private industry, but the stakes are higher. It cannot be denied, however, that the future of IT is cloud centric and mobile enabled, which is why it’s so promising to see the public sector take the reins and pursue digital transformation at a healthy pace. The increased sensitivity of data and the task of transitioning away from on-premise systems may seem daunting, but the cost benefits and superior level of security outweigh these concerns. The government recognises this and is paving the way for a much more efficient and secure approach to business, which many private organisations could learn from.
Software Defined Wide Area Networking (SD-WAN) has essentially been created for today’s working world, which is often dispersed, flexible, remote and in the cloud. This technology delivers business-class and simple cloud-enabled connectivity, and therefore offers fast access to cloud-based applications. It’s not a surprise that it is becoming much more appealing to both private and public sector organisations.
If an employee is working from home, a coffee shop, or an airport, the SD-WAN connection enables the user to access work with a direct breakout to the internet, without a time-consuming detour via the data centre. However, security is the Achilles heel of an SD-WAN concept. As the SD-WAN itself enables the fast-direct access, security can no longer be provided through the hardware at the corporate data centre – at least not without slowing down access to the cloud considerably.
However, improving the user experience is not supposed to compromise security. Our enterprise account director Amir Kahn will be discussing how secure digital transformation does not need to be an oxymoron at GovSec, on 9th of May 2018.