As digital technology and connectivity evolve, Indonesia, which is well known for having the world’s fastest growth in internet users, faces both huge opportunities and major risks. The nation has been on a digital transformation journey for some time and has made major strides in policy, infrastructure and programmes.
The pandemic has accelerated these plans and forced a rethink of strategies. Nonetheless, the public sector has done a credible job in going digital to continue citizen services and operation in a VUCA environment and in the face of ever-changing citizen expectations.
Part of the digital transformation that the Indonesian public sector has successfully implemented is the modern and remote workplace. Access to the latest technology and collaborative tools has helped public sector officials maintain their work productivity while ensuring optimal resource utilisation.
While the government has quickly adapted and come to terms with the new reality of remote working, there are numerous challenges that governments across the world face. Paradigm shifts in culture and thinking, policy, safety, infrastructure and skillsets are a few areas that need attention.
Additionally, the government must build a solid cyber security system to ensure that its digital infrastructure is secure, especially as machine-to-machine (M2M) technologies, the Internet of Things (IoT) and cloud computing advancement continue to make these agencies more vulnerable to a range of cyber-attacks. The mounting security concerns require the implementation of an appropriate security plan that is both realistic and cost-effective eventually.
The focus of OpenGovLive! Virtual Breakfast Insight on 17 November 2021 was on how a secure infrastructure within the public sector can be built for a digital and remote workforce. The was a closed-door, invitation-only, interactive session with senior digital executives from the Indonesian public sector.
Remote working as the mainstay of businesses, agencies, and organisations
Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
Remote working is here to stay and there is no escaping it, Mohit asserts. “The world has been forced to adapt to the new reality.”
Virtual culture has taken centre stage in the past two years of living with a pandemic and there is no turning back. What is pertinent for both the private and public sector is how they view technology. “Will technology be seen as an enabler or as a hindrance?”
As organisations find their footing in this new normal, the benefits of remote working should be acknowledged and harnessed. Working remotely can increase productivity, engagement and collaboration more effectively than in typical offices. However, with employees working from home on their devices, how can the security risks be mitigated?
For Mohit, that is a problem that can be resolved but should not be the reason to prevent the embracing of remote working. Security, like all other endeavours, is a risk. Risks come with every decision that is made because nothing is 100% certain, there is always an element of the unknown.
He urged delegates to not “hide behind security” as the reason not to modernise. Precisely because it is inevitable, organisations need to “understand it and plan for it.”
Developing a virtual culture is no longer an option but a necessity that entails intentional thought in several key areas:
- Building team communication and working relationships
- Emphasising the importance of employee contribution to a strong team culture to business success
- Encouraging collaboration
- Scheduling regular catchups and informal meetings
- Asking people to create meeting content with a clear agenda and context
Governments around the world are adopting quickly to a remote working model. The aspects to consider include strategising ways to increase productivity, improve employee satisfaction and culture, harnessing more possibilities for continuous learning, fostering better collaboration and work relationships and improved mental health.
Hybrid is the future, Mohit believes, and the focus should be on what plans and technology are needed for the secure development of a hybrid workplace. To be effective strategy and platforms must have constructive synergy.
Mohit advises delegates to work with partners and is firmly convinced that the transformation need not be done alone. Partners bring a wealth of expertise and experience that will make the journey far easier to manage and navigate.
Staying secure in the “new normal” of remote working
Garry Ng, Asia-Pacific Director, Lenovo, elaborated on Lenovo’s secure solutions for remote workforces.
“Cybersecurity is harder than ever,” Garry opines. “With a wide cyber surface and more access points, the exposure is magnified. Attacks have been on the rise year on year.”
Government institutions are common targets because of the sheer amount of data they collect and store, the vast and diverse networks they maintain and the massive employee base.
By the very nature of the service they offer and the history they need to have of citizens, they have complex, linked personal data sets – a goldmine for cybercriminals. Further, the distributed workforce and the variety of devices that end-users utilise to access services and digital offerings, make security even more difficult to manage.
Attacks are so fast, so often and so sophisticated that most are never even noticed by IT departments until they are long done.
Garry feels that a distributed and remote workforce is fast becoming the norm. Since 2020, many people started working from home and it seems unlikely that returning to the office full-time will happen. With a VUCA future, many businesses will retain the current status quo, having only necessary employees in the office or using some version of a rotating workforce.
With this remote working situation, organisations have to (and had to) provide devices for their staff. However, each of these devices could be vulnerable to attacks. That is the single most difficult thing to trace, he says.
IT departments are losing control of the devices because there is no clarity on where devices are actually being deployed or used. They have no idea if data is being downloaded from devices. Do organisations know if /when devices are lost, attacked or compromised?
“Against that backdrop, how can organisations protect their employees outside of a safe (office) infrastructure? How can organisations manage devices and networks, patch them and make sure they are secure?” he asks.
For Garry, a robust plan to manage and secure devices outside the office is the key. This includes:
- Endpoint security
- Device and application control
- Device management
- Data protection in case of theft/loss
- Mobile threat detection – across both mobile and PC devices
With the fundamental shifts in IT structure from perimeter-based network to perimeter-less network, the attack surface has also changed from having every in-network device that links with the outside world to having every endpoint at unknown networks and devices. Consequently, the security focus has changed from filtering, monitoring and restricting network inflow and outflow, to protecting, managing and servicing every endpoint.
The problem has changed, especially for the government, he believes. Cybercriminals know that both risk and reward are high when it comes to governmental institutions. They will attack the most well-known, hard to protect vulnerabilities in the system – parts and pieces that have not even entered the system yet – and inject themselves as “amicable” parts of the system (such as firmware, BIOS, HW, OS, common applications, etc.).
What is clear is that this shift from a closed-protect network to an open-distributed network has happened and is expected to only accelerate in the future. As such, cybersecurity solution needs to be applied to the entire lifecycle of every piece of the system.
Garry acknowledges remote work is here to stay and that organisations need to be committed to tackling the challenges of security in this new model. He reiterated that the solution is not one-size-fits-all because every organisation is different. There is, therefore, a need to tailor-make or, at the very least, tweak solutions for each organisation.
Lenovo’s end-to-end security offers OS-to-Cloud security, below-the-OS security and supply chain security that can provide safety for organisations pivoting to the new reality of work.
Pivoting to remote working as the “new normal”
Setiaji, Chief of Digital Transformation Officer, Ministry of Health of the Republic of Indonesia, spoke next on strategies Indonesia’s public sector have taken when implementing remote working.
“We are faced with the new normal,” Setiaji concedes. “With employees working away from the office, the nature of activities that employees engage in has also changed – remote Access, Video Conference, Digital Signature, Office Online Tools, Emails, Voice Calls.”
Work-from-home or remote working means managing the accompanying issues of data security, connectivity, digital literacy and deploying effective working tools. The trend towards greater digital dependency will only rise, he contends. As it stands, there are more than 170M internet users currently and they are only set to grow.
What is concerning, is that the more than 811 million cyber-attacks that took place between January to August this year alone – the most being malware, trojans and information leaks.
He acknowledged that these challenges in security ought to be confronted, not swept away or trivialised. Against that backdrop, what should organisations be doing?
For Setiaji, the key is to adopt collaborative tools so that employees will be able to work from home anytime, anywhere, from any device over a web browser. They must also be more efficiently supported and better secured.
In the end, in an increasingly digital landscape, technology is here to stay and will be foundational to any strategy. Organisations need to embrace technology to survive, thrive and stay relevant.
Interactive Discussion
After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences, and facilitate discussions that impart professional learning and development for participants.
In the first poll, delegates were asked about challenges they face when the remote work concept was initiated in their ministry or department. Most delegates (40%) expressed that a lack of focus and productivity was an issue followed by security (30%) and poor communication (20%).
Delegates expressed concern about work culture and productivity as it is difficult to know what employees are doing.
Mohit agrees that this was an initial challenge but, for the most part, has been overcome using the tools available in the market. Combined with solid SOPs, appropriate accountability measures and performance metrics, these early setbacks were laid to rest.
“The rest of the world is using the pandemic as a catalyst for change,” Mohit observes. “The private sector has pivoted and government institutions need to follow; if not, their employees will begin to work for people who will give them what they want.”
When asked which virtual working method their ministry is planning to implement after this pandemic to embrace digital transformation in remote working, an overwhelming majority of the delegates voted in favour of a hybrid working model (74%). The rest of the delegates indicated a physical working model (26%).
Mohit believes that the minority who want to move back to a physical space may well get what they want because that is the easier, more familiar model. Organisations may want to hide behind the excuse of “security”’ to bring back the old, but that is not forward-thinking, he contends.
“Moving backwards is easy, but the future is not behind us; the future is ahead.”
Some organisations are at a crossroads, looking to make a hybrid work sustainable – and this is an inevitable journey, Mohit assures the delegates. If there is good productivity in the current model of hybrid work, it is important to leverage that. If safety is an issue, then work with partners that can help to keep data secure.
Concerning nervousness around security, Garry points out that it is a fine balance between the security organisations want to have and productivity. The moment it frustrates and affects productivity, it becomes a problem, he firmly believes.
The world is in the thick of the digital revolution, says Mohit. People can work from anywhere anytime. We only need to change the culture and the perspective. It is much the same as cloud adoption; people eventually overcame their initial nervousness and is now a preferred option.
“Like there are the options of private cloud, public cloud and multi-hybrid cloud, organisations need to move into a ‘multi-hybrid work capability’,” Mohit is convinced.
The next poll asked delegates to indicate challenges they face in managing the data on the cloud in the context of employees working remotely. A huge majority indicated that control or governance is the main challenge (73%). The rest of the votes were split between lack of expertise (11%), multiple cloud management (11%) and cost management (5%).
When asked about the importance of cybersecurity practices in remote workspaces, most delegates indicated that it is extremely important (81%) followed by important (19%).
Mohit emphasised that cybersecurity is an outside defence perimeter that is a “must-have,” just as “cloud is a must-have.” The key to managing this inevitable future is to pre-empt it with good policy and governance.
On whether delegates have a solid cyber security system to ensure that the digital infrastructure is secure, most delegates indicated that their ministry has a moderate security system (53%), followed by delegates who felt that their ministry has a solid cybersecurity system (43%).
A delegate pointed out that cyber threat is always evolving. The question of security is a conversation that never ends. The best thing to do is to constantly monitor, test fresh solutions, review and employ innovative technologies.
The final poll inquired what delegates thought is the step to be taken to keep the focus on cybersecurity while working remotely. Most delegates (42%) felt installing and updating anti-virus was key, followed by avoiding clicking on suspicious links (36%). The remaining delegates were split between others (11%) and keeping work and home devices separate (11%).
Mohit opined that cybersecurity is about doing all the above; it is much bigger than can be imagined – people have to do everything.
Conclusion
Wrapping up the session, Garry emphasised the importance of recognising the new challenges in remote working. The drive towards the next digital wave must be done securely and cost-effectively in a flexible digital environment.
He encouraged delegates to consider the cost of compromise when it came to adopting technologies to cope with the future of work.
Before bringing the session to an end, Garry thanked everyone for their participation and the robust discussions. He encouraged the delegates to keep the conversations about data security alive and to connect with him and the team if they would like to explore how Lenovo could help in their journey.
