How improved security brings greater convenience to citizen services

By Oracle

Chris Pickett, Senior Director, Enterprise Security and Information Management, at Oracle Corporation Asia Pacific discusses common misconceptions about cloud security and how it can support the public sector.

There’s one vital rule when building DIY furniture from Ikea: always count the number of items before starting to build. This prevents customers from constructing a domestic masterpiece, only to find out they’re missing an important piece at the end.

When adopting the cloud, security is that missing piece that organisations often overlook. With user-friendly security, however, citizens can interact with the government more efficiently and public sector staff don’t have to face headache-inducing processes.

Chris Pickett, Senior Director, Enterprise Security and Information Management, at Oracle Corporation Asia Pacific shares how cloud security can help redesign citizen services and enable greater trust and efficiency. He also debunks common misconceptions about the cloud to prove it's a valuable tool for improved security. 

Boosting convenience for citizens

Pickett shares how the cloud can be a valuable tool to make government agencies more secure, and at the same time bring greater convenience. “Security that is complex to implement and operate is prone to missteps and misconfigurations”, so convenience is key, he shares.

The City and County of San Francisco looked to boost its security while rolling out new programs and applications, including services to help emergency responders and public health staff, Oracle wrote.

The pandemic brought with it a greater level of information-sharing between citizens and governments, whether it was contact tracing or vaccine information. But citizens are less likely to share this vital data if they feel government security is not up to scratch, Pickett says.

The county adopted Oracle Cloud’s security tools to specifically manage the digital identities and access of the organisation’s users. These tools created a secure sign-in portal for staff, suppliers and citizens to access the organisation’s services.

This single platform adds greater convenience as users only have to sign in once. Previously, the average user had to access more than 10 bookmarked links to access applications, each with unique usernames and passwords.

Adopting Oracle Cloud also reduced the time taken to adopt a new app from around a month to just a few days. This is key as governments around the world used digital services to interact with citizens, from telehealth to telework, during the pandemic, Deloitte highlighted.

Helping cybersecurity teams

Governments are facing competition with the private sector for cybersecurity talent, Pickett explains. That is why it's more important than ever for governments to make this work appealing.

Pickett recalls one organisation in APAC that needed to upgrade its handling of sensitive data, and progressively adopted Oracle Cloud across its organisation. They did this even though it already had cloud systems from other cloud providers in place.

The organisation migrated their CRM (Customer Relationship Management) system into Oracle Cloud first, followed by their ERP (Enterprise Resource Planning) environment and core mission-critical application. So what set Oracle’s tools apart during this journey?

At each step, the organisation’s cybersecurity team gained confidence in their own ability to manage the security of their cloud environment. This “is often understated in terms of its importance” to organisations adopting the cloud, he says.

Tackling misconceptions about cloud security

It’s a misconception that cloud technology and improved security are not compatible, Pickett shares. He highlights three ways to rethink how security works in the cloud.

First, some assume that computers kept within the walls of a government agency are more secure than the cloud. But the cloud provides security advantages that on-premise systems find difficult to attain, Pickett explains.

This includes providing automatic security updates to systems and databases across an agency at a pace and scale that is difficult to replicate on-premise, he highlights. Cloud providers such as Oracle Cloud can take on some of the burden previously held by individual government IT teams.

Second, another misconception is that the responsibility for data security lies totally with cloud providers, when in reality they’re shared with the agency. A key role of the cloud providers is to enable agencies to more efficiently exercise their security responsibilities in the cloud, Pickett notes.

By way of example, Oracle Cloud provides enables agencies to see what’s happening with data security. This includes helping them audit their user’s access to data, discover what data needs to be masked, and understand what data is sensitive, Oracle wrote.

Third, adopting cloud doesn’t imply governments have to lose control and custody over data, especially in terms of mandating data is kept within a particular physical space, such as the cloud provider’s own data centres. This is especially important as many government agencies insist data is kept within their own data centres.

Oracle Cloud can bring its cloud technology to agencies’ own data centres, combining the benefits of the cloud while keeping it within the chosen physical location. By making security clearer and more convenient, “I would contend that cloud is an ideal environment for managing sensitive data”, Pickett shares.