Security is far more than a mere IT issue. It is a reputational issue and, for government agencies, it is at the heart of their relationship with the citizens they serve and protect. Connected government and other cross-agency initiatives put new pressures on public sector CIOs, particularly when these initiatives go hand in hand with IT modernisation and digital transformation efforts.
The combination of digital transformation and government data sharing increases the risk of compound security breaches, where multiple sets of data are compromised or new threats arise from unforeseen quarters. Unisys research has found that 59 percent of U.S. Federal IT executives claim that IT modernisation efforts have increased the list of IT security challenges they face.
"Security and privacy must be built into all aspects of the end-to-end service as the responsibility of everyone involved"
Preventing data breaches is high on that list, and rightly so. According to the 2019 Unisys Security Index, citizens across Asia Pacific say their top security concern is unauthorised access to or misuse of their personal data.
Percentage of population concerned about these issues:
As government moves towards digital transformation, it needs to revise its approach to security, particularly in relation to cross agency initiatives.
Just how seriously it takes into account citizens’ privacy concerns will have a major impact on the success of those initiatives.
Sharing data elevates risk and concern.
Across the APAC region, citizens’ concerns are elevated when data is shared between government agencies, as was highlighted in the 2018 Unisys Connected Government research. Of the 5,000 people surveyed in Asia Pacific, just 41 percent fully supported their personal data being shared to enable government to deliver more targeted programmes and services, the same number also fully supported personal data being shared so that they would not have to repeat providing the same information to different agencies.
The reasons why some people did not want their data to be shared across agencies included:
• My data would not be protected from internal accidental security breaches.
• Government will not protect my data from an external attack.
• Unauthorised people within the government would access my data.
This suggests that convenience, which often drives citizen preferences in such matters, is not, by itself, a sufficient motivational factor.
Data sharing accepted, but concerns remain. That said, there is strong support from the public—65 percent or higher across Australia, Malaysia, New Zealand, and the Philippines (2019 Unisys Security Index)—for police to share information with other agencies to help them solve crimes, foil attacks at events, or enable early intervention to prevent child or spousal abuse. This preference is similar in the U.S.: a survey of nearly 2,000 U.S. citizens living in eight states found that 77 percent accepted that their data was being shared between government agencies .
Despite the broad acceptance of agencies sharing data, many respondents registered concern about how these agencies actually protect their data and privacy. Common concerns include a lack of clarity about how the government would use the data (69 percent), infringement on privacy (68 percent), lack of protection from security breaches, even if accidental (66 percent), an external cyberattack (65 percent) and access to their data by unauthorized government officials (63 percent). Of citizens who expressed concern about data sharing, more than half (53 percent) said they do not trust the government.
Balancing security and customer experience.
The secure digital transformation of government services can both alleviate concerns and improve citizen satisfaction, but only if the competing needs–security and convenience–are met in the right order. The Philippine Statistics Authority found that by digitising its services and incorporating Unisys Stealth™ to keep information secure, agencies are enabling the wait time for requested documents such as birth certificates to be dramatically reduced, increasing citizen satisfaction ratings from approximately 20 percent to more than 80 percent.
Government agencies need to get the balance right between making services user-friendly and having adequate safeguards. Moreover, securing citizens’ personal information is no longer solely the responsibility of a single agency. There is now a requirement to secure both the citizen-facing digital service and the multiple back-end agency systems required to deliver them.
Wanted: a holistic approach to security. Lack of trust combined with increased and more complex risks suggests that government needs to re-think its approach to managing security. Yet government tenders often specify security and data privacy as non-functional requirements.
Unisys believes that, rather than being treated as a separate component of the design, and the responsibility of the CISO, the Privacy Officer, and Security Architects, security and privacy must be built into all aspects of the end-to-end service and thus be the responsibility of everyone involved.
Privacy and security measures must be pervasive and internalised, not established on the perimeter.