Upgrading legacy public sector IT to the secure cloud in the UK
From the viewpoint of public sector agencies and organisations, the past year and a half have seen the demands being placed on IT systems explode like never before. At the beginning, the IT teams of governmental agencies were challenged just like the private sector, needing to quickly figure out and implement remote working strategies for most of their staff.
Unlike the private sector, where profits were at stake and bigger budgets come into play, IT departments within public sector organisations were initially working just to maintain service continuity within their communities.
At a time when government focus was being routed towards battling the pandemic in medical facilities, most public sector IT teams had to make do with their existing resources, which often included archaic legacy systems that were ill-equipped to deal with the surge in usage during a public health crisis.
Faced with overwhelming demand and often utilising systems that might have been created 20 to 30 years ago with only incremental updates since, public sector IT also had to contend with a rising trend that was already underway prior to the events that were unfolding. As the pandemic hit this transformation accelerated: how to best secure IT systems, networks, and data as more and more staff were performing more of their workloads online.
After all, security might not have been the highest priority back when a lot of these systems were first conceived, and not all of them would have been built with internet connectivity in mind. The move to have staff working from home would have bought this to the fore, making it immensely more difficult for IT departments to update devices, add security patches to them, and otherwise keep legacy, on-premises systems up-to-date and securely functioning for the foreseeable future.
Since these systems were not created with security in mind at the outset, they rely on iterative security upgrades and patching. The effectiveness of these will really come down to a smorgasbord of factors – not least of which is that legacy public sector IT systems have probably been cobbled together from numerous service providers over the years. Effective security updates will require efficient distribution from providers, as well as ensuring IT teams have complete visibility over the dispersed network estate.
Another issue is that the security of public systems will often come down to the security of the networks that these systems rely upon. As anyone trying to make use of a public Wi-Fi connection will attest to, if those networks aren’t secured or if they are being hosted by the public sector organisation itself, that could open the door to a host of potential vulnerabilities, including compromising the systems that are connected to it.
Data, the new ‘red tape’ of governance
A frequent trope about governmental agencies is that they are cumbersome, mired in bureaucracy, red tape, and inefficient processes. Technological innovation of public services has been slowly changing that perception, speeding up processes as more and more systems get digitized and public sector IT teams become the guardians of vast troves of sensitive data.
Forward-looking organisations are looking at having all their traditional red tape – extensive paperwork like forms and licenses to be digitized, and the applications for such to be hosted in interoperable systems. For example, a person applies for a store permit, and the system uses their pre-entered information to accelerate the application process – all of which is hosted online, and the newly-acquired permit becomes part of that individual’s digital data footprint in his or her local council.
Hence, sensitive data of potentially millions of users will become the new ‘red tape’ of an innovative public sector. But as the pandemic has illustrated, such centrally stored databases can become key targets of cybercriminals.
As more red tape becomes digital, public agencies cannot afford to let their data be compromised, or for their systems to go down under a cyber intrusion. After all, if all application procedures are hosted online and the system goes down, citizens will not be able to access their public services.
In the UK, the National Data Strategy was recently updated to reflect the growing reliance on valuable datasets as a means to fuel innovation in the aftermath of the pandemic. And the public sector has cottoned on to this reality, with UKCloud’s State of Digital and Data survey of more than 300 public sector IT professionals and business leaders discovering that 97% of respondents are looking at the potential of digital technology to enhance outcomes and services being delivered to citizens.
Secure, cloud-first policy for public sector IT
At the core of this innovation push should be a cloud-first policy for their new systems. Instead of sticking with creaking legacy systems and hoping for the best, leveraging a secure cloud – with a focused security posture already baked into that cloud environment – should be the priority for the UK public sector.
This focus on security and the accessibility of sensitive data from legacy systems is what has made UKCloud stand out. UKCloud specialises in minimizing security risks from legacy IT and will even help rehost traditional systems using its specialist technologies such as UKCloud for VMware.
While modernising legacy infrastructure will be a big part of bringing UK public sector organisations up to date in the near term, over the long term UKCloud excels by tapping the capabilities of secure multi-cloud to deliver uncompromising security for taxpayer data.
UKCloud sidesteps the potential security pitfalls of hyperscale public cloud operators by hosting systems and storing data in UK-based, government-grade data centres. UKCloud operatives are not just technologists, they are security specialists cleared at the highest levels of government to deal with the storage, management, and protection of sensitive workloads.
This highly skilled team has been tasked with sovereign data protection by other UK public agencies, including the UK Home Office which migrated their legacy systems over to UKCloud. As such, they are cleared to handle multiple security tiers including workloads classified as Elevated OFFICIAL, Assured OFFICIAL, and even Above OFFICIAL grades.
85% of public sector organisations have said they would migrate more holistically to the cloud, if they could have cloud-hosting tech that could mirror their present IT environment, making the shift more manageable for public sector staff who lack adequate skills training and resources.
UKCloud’s multi-cloud offering can help organisations better prepare, as besides UKCloud for VMware to ease legacy rehosting friction, the public secure cloud provider also provides a flexible Platform-as-a-Service offering where local software vendors can develop Software-as-a-Service (SaaS) solutions tailored for the UK public sector.
UKCloud for Red Hat OpenShift streamlines application development by removing the complexities of managing underlying cloud or on-premises infrastructures. Instead, developers can standardise workflows across multiple environments – ensuring governance processes and data requirements are adhered to, but still allowing them to build open-source and cloud-agnostic solutions that can evade any dependence on hyperscale public cloud platforms or the risk of vendor lock-in, that can hamper innovation and growth.
Having the ability to mix and match agile solutions will be invaluable to UK public sector associations to drive value from innovation tools amidst a necessity to transition to a secure cloud.
2 October 2023