We are in an emerging era of modern government that is citizen centric, trusted, agile, digitally enabled, and inspired for future change, writes Cormac Deady, Head of Government, KPMG.
“Putting the user at the heart of design enables organisations to adapt and continue to deliver better quality experiences while also realising value in the investment when it matters most.”
Saoirse Stronge, Director, Management Consulting
The future of public service has arrived – it is rapid and responsive. In line with direction set in Connecting Government 2030, it is “trusted, human-driven, intuitive and inclusive world leading digital government service”.1 Modern public service is intelligent and agile, technologies, and platforms, enabling the citizen agenda with solutions that are secure, scalable, cost-effective, and trusted. To modernise, we expect public sector organisations to need a laser focus on being:
• connected for better experiences and to enable faster mission delivery. They are connected to their citizens, their employees, and to each other, with an ability to deliver rapidly, safely, and at scale;
• powered by modern technology and embracing innovations to accelerate digital transformation so the entire organisation – front, middle, and back – is aligned to shift points of interaction to reflect citizen’s needs and preferences; and
• trusted organisations value their citizens and their employees – implementing safeguards to protect their valuable data with the goal of creating transparency, ultimately helping to generate and maintain trust with citizens.
The future is a connected public sector organisation delivered at market speed.
Aligned and engineered around the citizen and the users of its services. It is a borderless organisation where people, data, and technology interact for new levels of productivity and value creation. This in turn allows the organisation to increase the speed to mission delivery, which is fast becoming a top priority for public sector organisations around the world. To increase speed to mission delivery, national, and local governments are combining separate business and technology strategies into a single delivery strategy, underpinned by modern technology which drives this strategy.
We saw some successful examples of this at the recent Public Sector Digital Transformation Awards, where many public sector organisations demonstrated really innovative solutions to a range of business and citizen-focused issues, delivering solutions rapidly through the combined power of broad team collaboration and modern technology.
So how do public sector organisations focus on the right things to modernise faster?
• Fulfil people’s needs (human-centred design): Organisations that only focus on processes and technology in their digital journeys rarely achieve the outcomes they need. Leaders need to clearly understand people’s needs with each experience. Human-centered design can help build equity into the experience from start to finish. It guides the experience creation process by helping contextualise to understand the high-level problem to be solved and empathise by talking directly to individuals the program most affects. Digital applications that provide a positive user experience have the potential to benefit everyone.
• Start small, move fast: With limited budgets and growing digital services demand, public sector organisations should deliver digital solutions fast so employees can be productive, and citizens can access services. An agile development approach can speed up outcomes and help ensure they meet users’ expectations since the approach focuses on continuous improvement and how technology affects people.
• Collaboration across the public sector network: On their journey to offer citizen-centric services, governments should embrace digital leadership, creating platforms that make it easier for departments and agencies to share and access data, and that enable the concrete actions that deliver more successful outcomes for citizens.
• Keep pace with innovation: To increase speed to mission delivery, organisations are combining what was previously siloed business and technology strategies into a cohesive and holistic delivery strategy driven by technology. To run at market speed, public sector organisations should reimagine the role of technology and how they apply it.
“Over the next few years, modern technologies underpinned by cloud will increasingly be woven into the fabric of government and public services.” Richard Franck, Director, Cloud & Digital Transformation Lead
The Government’s ambition for the digitisation of public services is clear, with multiple publications in 2022 outlining just that through targeted strategy and vision papers. The societal and economic benefits of this are also significant, with Ibec’s assessment that just a 10 per cent surge in cloud adoption within Ireland’s public sector could generate an annual economic benefit of €473 million2.
Many public sector organisations are already realising the value of cloud-based infrastructure and solutions today, but with ongoing efforts to make it easier for public sector bodies in Ireland to procure cloud services, such as the OGP’s infrastructure as a service (IaaS) framework, the rate of adoption and value realisation is likely to skyrocket over the coming years.
In line with this adoption trend, it is also becoming more prevalent that a multi-cloud deployment approach can leverage the benefits of multiple service providers to provide the flexibility needed to run workloads on any cloud depending on an organisation’s specific needs. This ensures that organisations can consistently migrate, modernise, and secure applications to leverage the best features of their underlying platform, wherever they are deployed. However, while a multi-cloud approach unlocks new benefits, it also creates new challenges. Understanding and managing the risks associated with your infrastructure and the data being distributed across multiple cloud providers is critical to success.
Without a robust overarching plan to architect and manage a multi-cloud environment, one of the most-exciting advances in cloud computing can become just a resource-draining IT initiative that fails to deliver on its promise. Here are some important early considerations that can help underpin your success in a multi cloud model.
• Comprehensive understanding of multi-cloud architecture: It is essential to align IT service management with your multi-cloud operating model and incorporate the right set of tools and technologies to support workload placement across diverse platforms and services.
• Establishing resilience: In today’s fast-changing and threat-laden environment, a new approach to resilience is indispensable – one that helps ensure your ability to ‘bounce back’ quickly from disruptions and maintain application availability. New functional capabilities and skills to embed resilience throughout solution design is the way forward and it will likely require businesses to give resilience greater priority.
• Leverage modern security practices: Security threats continue to soar in frequency, impact, and cost to the organisation. A modern multi-cloud security model features a common access-control model across platforms, applications and data governance. This enables the automation of key capabilities such as identity and access management, compliance for continuous monitoring, reporting, and testing of capabilities.
• Optimise total cost estimates: Amid different pricing models and various mechanisms to control costs among diverse cloud service providers, balancing the value of workloads with associated cloud costs is essential. An understanding of the total cost of hosting an application is a key performance indicator to monitor in order to maintain financial control as the pace of change accelerates.
Trust is now a defining factor in any organisation’s success or failure. Research suggests that a trustworthy organisation is one that demonstrates three key characteristics: ability, humanity, and integrity.
To take advantage of the new and emerging technologies effectively, organisations must incorporate trust into systems, processes, and products or services. Trust is built on consistent predictable action in the moments that matter, like keeping data safe, delivering the right product within the time frame you promised, using ethical business practices, complying with regulations, and partnering with credible third parties.
“The governance of technology must become a core part of governance for the whole organisation. Leaders will need to manage technology as rigorously as they manage their people.”
Sean Redmond, Director, Risk Consulting
Trusted data and analytics
A trusted organisation has traditionally been anchored by the behaviours and decisions of trusted people. As people increasingly integrate technology and data into their daily tasks and outputs, a trusted organisation also requires trusted data and analytics. Despite trust being critical to the success of organisations, a recent KPMG study identified that leaders question the trustworthiness of their data – 92 per cent are worried about the impact on reputation3.
In a recent poll run by KPMG Ireland at our Advancing Data Across Public Service event in October 2023, data quality emerged as the priority trusted data building block.
So how can public sector organisations focus on the right things to ensure trust in their data? Consider the following as a starting point:
• Quality of components
Are the inputs and building blocks good enough?
Do the analytics work as intended?
Is the data and analytics being used in an acceptable way?
Are long-term operations optimised?
Ethical use of emerging technologies
Another critical component of trust is using emerging technologies in ways that ethically and efficiently meet users’ needs and support the mission as well as comply with regulations. Delivering the promise of emerging technologies such as Al and generative AI is not possible without including humans in the loop. For example, Al has no perspective, point of view, or purpose and requires humans to train, test, and tune. Organisations should train the workforce to cultivate Al until it becomes a trusted core capability.
“Governments must continue to improve the usability and reliability of critical digital services. It will take time and many conversations for organisations to bring security into the digital experience at the right time. It is a needed change to develop many digital capabilities organisations must have to deliver their missions.”
Diarmuid Curtin, Director, Cyber Consulting Services
Secure and resilient operations
It is important to weave security and compliance into all systems and transformation activities. When citizens, and employees interact with their public sector organisations, they expect their entire digital experience to be secure. It is each public sector organisation’s responsibility to deliver on that expectation. People and data are no longer within the walls of specific places – in environments with no perimeters, cybersecurity has to be more flexible and agile to protect data, networks, workloads, and user identities as users interact in cloud, mobile, on premises, and remote environments.
Securing the digital experience is not new. What is new and critically needed is to build security in from the first vision of the citizen digital experience. Security is traditionally a separate topic, one that many believe gets in the way of innovation. Some project teams prefer to address security later in the development process to avoid delays and additional cost, but as we have seen both locally and globally, across both the private and public sector – it is vital to build security into the digital experience from the beginning.
Public sector organisations also need to consider the following to enable secure digital experiences:
• Cloud security strategy to secure cloud environments. Everything moves faster in the cloud, so some public sector organisations struggle to involve security early. It also takes specialised skills to deploy services and data into the cloud, to ensure alignment with organisational security objectives.
• Cloud security shared responsibility model: Public sector organisations and their service providers share the responsibility for securing their cloud footprint. They should work closely together to define and understand who is responsible for which security functions.
• Modern third-party risk management strategy: Public sector organisations need effective third-party risk management to evaluate and monitor risks before, during, and after contracts are in place.
• Delivery of an easy-to-use digital storefront to citizens, secured with multi-factor authentication to manage citizen digital identities.
• Identification of the capabilities employees will need, upskill or hire employees with digital capabilities — and provide an employee value proposition that includes upskilling and career development. Leaders should make sure each employee understands and follows organisation information security policies to avoid intentional and unintentional insider threats.
There are a multitude of opportunities available for public sector organisations to embrace emerging technologies to innovate how they interact with and serve their citizens. While the opportunities are significant, value will only be realised through the right level of readiness and preparation to properly leverage these solutions, and deliver innovate, safe, trusted solutions quickly and at scale.
Now is the time for governments to redefine their own functions, processes and limitations in ways that look ahead to a digital-first world.
The leaders will be the ones that:
• explore new delivery models, foster new technology ecosystems, and promote integration;
• put open data at the heart of their strategy and development;
• foster a culture of innovation where staff can fail fast, learn, and evolve, all while bringing greater value to their roles and to the organisation;
• examine and understand the organisational barriers that could be preventing them from taking advantage of this digital future; and
• take a risk-based approach to protecting data: look to prioritise key assets, prevent malicious activity where possible and be ready to detect and respond to threats quickly.