The rapid shift to digital leaves many public services exposed

Barry Cashman, Regional Vice President for UK and Ireland at Veritas Technologies, explores the digital vulnerabilities facing utilities and how to keep data in safe hands

It’s time for public sector IT managers to rethink their data protection strategy.

At the start of the pandemic, public sector IT teams faced similar challenges to their private sector counterparts – working quickly to develop and introduce remote working strategies so that the cogs of government would not get out of hand. don’t stop. At the same time, the need to improve interactions with the public has rapidly accelerated the transition to digital government.

As a result, utilities have seen a huge shift to the cloud, as public sector organizations have been able to move away from aging and legacy platforms, in favor of adopting shared services and new technologies such as Microsoft 365, to enable better communication and collaboration between colleagues. as well as the public. But, while the cloud has been an invaluable tool over the past year and is seen as a key enabler of the government’s digital transformation goals and data-driven initiatives, if security measures fail to keep pace, transformation initiatives could become more of a hindrance than a help.

The dangers of rapid digital innovation

When organizations introduce new solutions into their technology stack, protection capabilities need to be extended to cover it. But in the face of a global pandemic that no one could have seen coming, companies had to innovate quickly and their security measures have not kept pace. This created a vulnerability lag, where systems and data were left unprotected and open to attack. Veritas’ Vulnerability Lag Report explores how this gap between innovation and protection affects a variety of organizations, public and private; only three-fifths (61%) believe their organization’s security measures have fully maintained since the implementation of COVID-led digital transformation initiatives. This means that 39% experience some form of security deficit.

While such rapid digital transformation has brought many benefits to public sector organizations, there is a dark side to this accelerated innovation. In the rush to digital transformation, security has taken a back seat. As a result, there may be significant loopholes just waiting to be exploited by cybercriminals for their own gain.

In the UK, nine out of ten organizations have experienced downtime in the past 12 months as a result of cyber breaches. Much of this disruption has taken the form of ransomware; the average organization experienced 2.57 ransomware attacks that resulted in downtime, with 14% being hit five or more times.

Lindy Cameron, head of the National Cyber ​​Security Center (NCSC) said in October this year that ransomware “presents the most immediate danger to the UK”. A series of ransomware attacks on public sector institutions, from Hackney Council to Redcar and Cleveland Borough Council, have resulted in services being taken down, data leaked and millions of pounds lost.

Public sector transformation: Ministries rely on ‘legacy’ systems

Ash Finnegan, Head of Digital Transformation at Conga, discusses the current state of digital transformation in the public sector. Read here

What are we focusing on to close the vulnerability gap?

As criminals continue to seek to exploit organizational security vulnerabilities, what should public sector IT leaders focus on?

The UK government expects all public sector organizations to meet its Minimum Cyber ​​Security Standard (MCSS) and advocates a “cloud first” policy, which directs central government to consider the use of environments public cloud before looking for alternatives. But with the need to rapidly deploy cloud services to keep utilities operational at the start of the pandemic, many are now falling behind when it comes to cloud management.

While 80% of respondents had implemented or expanded cloud capabilities as a result of the pandemic, only 58% said they could confidently state the number of cloud services currently in use in their organization. And this lack of internal insight extends further; only 65% ​​of organizations’ stored data is classified or tagged. More than a third are ‘dark’ – it’s unclear what that data is, let alone where it’s stored.

A comprehensive data protection strategy requires a thorough understanding of the data that needs to be protected. How can institutions protect what they cannot see? These types of blind spots are a beacon for cybercriminals who are relentlessly focused on finding weaknesses.

But that’s only half the problem. Let’s say data transparency is not an issue – you know exactly where your data is stored in your multi-cloud architecture. But do you understand where your responsibilities lie? As has been the case for too many cloud customers, not all third-party cloud contracts are read or understood in as much detail as one would hope. In fact, previous Veritas research found that most organizations still believe their cloud service provider (CSP) is responsible for data protection and privacy.

However, the majority of CSP end-user license agreements contain clear clauses that the customer is responsible for protecting their data. The question is, how can public sector organizations even begin to realize their responsibilities – and the gaps in those responsibilities – when they don’t even know how many cloud services they use or what data is stored there?

Harnessing digital technology in the public sector can only be achieved by taking a more proactive approach to data management based on visibility and standardization. For the public sector, this also means creating data protection strategies that cover shared services, ensuring critical data is backed up and secure, while remaining compliant with regulatory regimes and legal demands – this can be as difficult as it may seem when visibility is lacking.

What is clear from our research is that the public sector cannot slow down when it comes to closing the vulnerability gap created by digital transformation initiatives driven by COVID. In the race to ensure data security catches up with innovation, illuminating dark data, taking responsibility for cloud services and workloads, and implementing a comprehensive data protection plan will be key to eliminating the risk.

Written by Barry Cashman, Regional Vice President for UK & Ireland at Veritas Technologies