It is important to weave security and compliance into all systems and transformation activities. When citizens and employees interact with their public sector organisations, they expect their entire digital experience to be secure. It is each public sector organisation’s responsibility to deliver on that expectation. Dani Michaux and Cormac Deady of our Infrastructure and Government team explore below.
People and data are no longer within the walls of specific places – in environments with no perimeters, cybersecurity has to be more flexible and agile to protect data, networks, workloads, and user identities as users interact in cloud, mobile, on premises, and remote environments.
Securing the digital experience is not new. What is new and critically needed is to build security in from the first vision of the citizen digital experience. Security is traditionally a separate topic, one that many believe gets in the way of innovation.
Some project teams prefer to address security later in the development process to avoid delays and additional cost, but as we have seen both locally and globally, across both the private and public sector – it is vital to build security into the digital experience from the beginning.
Governments must continue to improve the usability and reliability of critical digital services. It will take time and many conversations for organisations to bring security into the digital experience at the right time.
Key considerations for the public sector
Organisations need to consider the following:
- Cloud security strategy to secure cloud environments. Everything moves faster in the cloud, so some public sector organisations struggle to involve security early. It also takes specialised skills to deploy services and data into the cloud, to ensure alignment with organisational security objectives.
- Cloud security shared responsibility model: Public sector organisations and their service providers share the responsibility for securing their cloud footprint. They should work closely together to define and understand who is responsible for which security functions.
- Modern third-party risk management strategy: Public sector organisations need effective third-party risk management to evaluate and monitor risks before, during, and after contracts are in place.
- Delivery of an easy-to-use digital storefront to citizens, secured with multi-factor authentication to manage citizen digital identities.
- Identification of the capabilities employees will need, upskill or hire employees with digital capabilities — and provide an employee value proposition that includes upskilling and career development. Leaders should make sure each employee understands and follows organisation information security policies to avoid intentional and unintentional insider threats.
Get in touch
Security of personal data is critical for the success of public sector digital projects. If you are planning or reviewing your digital experiences, we can help. Contact Dani Michaux or Cormac Deady of our Infrastructure and Government team for an initial conversation.
We look forward to hearing from you.
Dani Michaux
Partner, EMA Cyber Leader
KPMG in Ireland
Cormac Deady
Partner, Head of Government & Public Sector
KPMG in Ireland
