EDITOR’S NOTE: This is the second in a three-part series focused on information security and the public sector – more specifically, local government.
In the first of our 3-part series for local government, 5 IT Trends Changing Local Government, I talked about the changes upcoming generally for information technology management, and how those changes will manifest in the public sector – specifically for local government.
Reminder: this includes cities, counties, public utilities, maritime ports, and any other organization designated as a “special-purpose district” (usually with taxing authority). The following prognostications involve moving the narrative from IT in general to IT security, and the challenges that will accompany those changes.
Note that the changes to which we must adapt include moving the data center and applications out to the cloud (in all its glorious incarnations), while simultaneously pulling in all manner of IoT devices to improve telemetry, efficiency, and cost. This IT transformation is a double whammy, and as the pressure to implement these “smart” technologies grows from elected officials, figuring out how to stay in front of security problems with a shrinking employee pool requires new approaches.
Already, local government IT is moving from internal management to service providers – to include the spectrum of cloud services.
The mid-market (to include local government) will, in terms of the evolution of security, minimize points of control, not controls, and focus on contracts with service providers rather than continuing to staff all IT functions internally.
This is just a reality of the market: the value proposition for working in technology for the public sector is not consistent with that being offered in the private sector, and the bulk of resources are preferring to contract with, rather than be directly employed by government. Over time, IT professionals will be permanently gravitating to work in managed services: cloud data centers, analytics and business intelligence, value-added resellers, and managed service providers (both IT and security). One key benefit is the ability to now create expectations for service levels without worrying about employee churn.
There are two keys to success here:
Stated another way, you’re going to be depending on resources for security that do not report directly to you, and your leverage will be legal, rather than the threat of poor performance evaluations and nasty notes in personnel files.
In part 3 of this series, I’ll talk about an organization that is working to crack this very code, and using the focus on security management of operational technologies (control systems for water, energy, and waste that will NOT be moving to the cloud) to create the larger discussion and prepare the organization to adopt new technologies, while not creating a large set of unmanaged vulnerabilities.