Fixing the Public Sector IT Debacle

Public sector IT services are no longer fit for purpose. Constant security breaches. Unacceptable downtime. Endemic over-spending. Delays in vital service innovation that would reduce costs and improve citizen experience. 

While the UK’s public sector is on the front line of a global escalation in cyberattacks, the number of breaches leading to service disruption, data loss and additional costs to rebuild and restore systems are unacceptable and unnecessary. A lack of expertise, insufficient procurement rigour and a herd mentality have led to over-reliance on a handful of vendors, ubiquitous infrastructure models and identical security vulnerabilities that are quickly and easily exploited. 

Budgets are adequate. Better, more affordable and secure technologies are mature and proven. As Mark Grindey, CEO, Zeus Cloud, argues, it is the broken tender process that is fundamentally undermining innovation and exposing the public sector to devastating security risk.

Broken Systems

There is no doubt that the UK’s public sector organisations are facing an ever-growing security threat. Alongside public bodies in every developed country, state-sponsored attacks are designed to undermine the delivery of essential services. And the cost to recover from these cyberattacks is devastating, with councils spending millions to recover from ransomware attacks in recent years.

The ever-rising threat level is, however, just one part of the story. While public sector bodies are prime targets due to the level of sensitive data held, the impact of attacking critical infrastructure and the appeal of targeting a high-profile organisation, not every public body is enduring repeated downtime as a result of breaches.

Nor does a single hack automatically affect every part of the organisation, leading to a disruption of vital services for days, even weeks. So, what differentiates those organisations, such as Bexley Council and Bedford Council that have a good cyber security track record, from the rest? And, critically, what is the best way to propagate best practice throughout the public sector to mitigate risk?

Broken Tender Process

The issue is not budget. The public sector may constantly claim a lack of funding but money is not the root cause of inadequate security or inconsistent service delivery. The problem is how that money is spent. Despite attempts to improve the rigour of public sector IT investment, the current tendering process is fuelling misdirected and excessive spend.

In theory, an open tender model should ensure that money is well spent. It should guarantee the service is delivered by the best provider. In reality, the vast majority of contracts are allocated to the same handful of large organisations. Which would be fine, if the services delivered were top quality, highly secure and fairly priced. They are not. The public sector is routinely charged three times as much as the private sector for equivalent IT deployments. Three times as much. 

In addition to this endemic overspending, the reliance on a small number of vendors radically increases the security threat due to the ubiquity of infrastructure models. When the majority of public sector organisations have relocated to the same public cloud hyperscaler and adopted identical security postures, it is inevitable that a breach at one organisation will be rapidly exploited and repeated in others. 

Inadequate Rigour

The current tender process completely lacks rigour. Given the continued security breaches, why are these vendors not being held to account? Why are they still being awarded new contracts? Indeed, why are they winning the business to rebuild and recover the systems damaged by a security breach that occurred on their watch? When other Managed Services Providers and cloud platforms can offer not only better pricing but a far better security track record. Something is clearly going very wrong in public sector procurement.

The public sector is complicit in this overspending: any vendor attempting to come in and charge a lower (fair) amount is automatically discounted from the tender process. Why? There are multiple reasons, not least that the public sector has been ‘trained’ by the IT industry to expect these inflated costs, but there is also a reliance on dedicated Procurement Officers who lack essential sector expertise. Why for example, is every single system used by Leicester City Council located on the same public cloud platform? It should be impossible for a system breach to extend and expand across every single part of the organisation yet by failing to understand basic security principles, the council set itself up for expensive failure. 

The lack of expertise is a serious concern. Continued reliance on large IT vendors has resulted in many public sector organisations becoming dangerously under-skilled. Given the lack of internal knowledge, organisations often turn to incumbent vendors for information to support the tender process, leading inevitably to further price inflation. Furthermore, when a crisis occurs, reliance on a third party, rather than in-house expertise, leads to inevitable delays that exacerbates problems and results in additional cost to repair and restore systems.

Overdue Oversight

The situation is enormously frustrating for IT vendors with the expertise to deliver lower cost, secure systems. The mis-directed spend has left public sector bodies woefully out of date. Not only are security postures frighteningly old fashioned; but there are unacceptable delays in vital service delivery innovations that would transform the citizen experience and provide operational cost savings.

Given the escalating pressures facing all public sector organisations, change is essential. In-house expertise must be rebuilt to ensure sector experts are involved in the procurement process and pricing expectations must be immediately overhauled: avaricious IT vendors will continue to over charge unless challenged. One option is to appoint an outsourced CTO with broad public and private sector expertise, an individual with the knowledge and experience to call out the endemic over charging and sanity check the procurement process.

It is also important to move away from the herd mentality. Would, for example, an on-premise private cloud solution be a better option than a public cloud hyperscaler? What is the cost comparison of adding in-house security expertise rather than relying on a third party – factoring in, of course, the value of fast response if a problem occurs. It is telling that the handful of local authorities with a good security track record have not adopted the same big vendor, public cloud approach but applied rigour to the procurement process to achieve a more secure and cost-effective approach. Others could and should learn from these organisations. 

Conclusion

Good, effective IT systems underpin every aspect of public sector service delivery and, right now, the vast majority are not fit for purpose. It is, therefore, vital to highlight and celebrate the good performers – and challenge those vendors that continue to overcharge and underperform.

Sharing information between organisations, both to support strategic direction and day to day risk mitigation, is vital to propagate best practice. Critically, by pooling knowledge and expertise, the public sector can begin to regain control over what is, today, a broken model. While the public sector continues to flounder with inadequate security and a lack of knowledge, the IT vendors will continue to win. They need to be held to account and that can only happen if public sector organisations come together to demand more and hold the industry to account.

Mark Grindey

Mark Grindey's role as the CEO of Zeus Cloud and its affiliated brands positions him as a key figure. With over a decade of experience in the tech industry, his experience, skills, and understanding of the evolving landscape of technology is highly valued.

Driven by the belief that every business (regardless of its scale or budget), should have access to the power of cloud computing, Mark has dedicated himself and his business to revolutionising the cloud making it available for everyone. He wants to make the industries easier to access and more affordable and does this by improving on pre-existing technologies and opensource systems.

Through Mark's unwavering commitment and extensive expertise in the field, he and his business are making significant changes to the cloud industry.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...