error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content

      It is important to weave security and compliance into all systems and transformation activities. When citizens and employees interact with their public sector organisations, they expect their entire digital experience to be secure. It is each public sector organisation’s responsibility to deliver on that expectation. Dani Michaux and Cormac Deady of our Infrastructure and Government team explore below.

      People and data are no longer within the walls of specific places – in environments with no perimeters, cybersecurity has to be more flexible and agile to protect data, networks, workloads, and user identities as users interact in cloud, mobile, on premises, and remote environments.

      Securing the digital experience is not new. What is new and critically needed is to build security in from the first vision of the citizen digital experience. Security is traditionally a separate topic, one that many believe gets in the way of innovation.

      Some project teams prefer to address security later in the development process to avoid delays and additional cost, but as we have seen both locally and globally, across both the private and public sector – it is vital to build security into the digital experience from the beginning.

      Governments must continue to improve the usability and reliability of critical digital services. It will take time and many conversations for organisations to bring security into the digital experience at the right time.

      Dani Michaux

      Partner, EMA Cyber Leader

      KPMG in Ireland

      Key considerations for the public sector
       

      Organisations need to consider the following:

      • Cloud security strategy to secure cloud environments. Everything moves faster in the cloud, so some public sector organisations struggle to involve security early. It also takes specialised skills to deploy services and data into the cloud, to ensure alignment with organisational security objectives.
      • Cloud security shared responsibility model: Public sector organisations and their service providers share the responsibility for securing their cloud footprint. They should work closely together to define and understand who is responsible for which security functions.
      • Modern third-party risk management strategy: Public sector organisations need effective third-party risk management to evaluate and monitor risks before, during, and after contracts are in place.
      • Delivery of an easy-to-use digital storefront to citizens, secured with multi-factor authentication to manage citizen digital identities.
      • Identification of the capabilities employees will need, upskill or hire employees with digital capabilities — and provide an employee value proposition that includes upskilling and career development. Leaders should make sure each employee understands and follows organisation information security policies to avoid intentional and unintentional insider threats.

      Get in touch

      Security of personal data is critical for the success of public sector digital projects. If you are planning or reviewing your digital experiences, we can help. Contact Dani Michaux or Cormac Deady of our Infrastructure and Government team for an initial conversation.

      We look forward to hearing from you.

      Dani Michaux
      Dani Michaux

      EMA Cyber Leader

      KPMG in Ireland

      Cormac Deady
      Cormac Deady

      Partner, Head of Infrastructure & Government

      KPMG in Ireland

      Other articles in this series

      Placing the citizen at the heart of services
      Explore more

      Accelerating digital transformation to meet citizen’s needs
      Explore more

      Delivering a trusted service with ability, humanity, and integrity
      Explore more

      Emerging era of modern government that is citizen-centric, trusted, agile, digitally-enabled
      Explore more