Singapore has embraced technology as a crucial engine of the nation, where digitalisation is a key pillar of its public service transformation efforts. It leverages data and harnesses new technologies to continuously better citizen services as part of broader efforts to build a digital economy and digital society. Against this backdrop, digital technologies and solutions need to be made secure to ensure there’s no disruption to citizen services and to make sure citizen data entrusted to the government is protected.
Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia, acknowledges the work culture is shifting significantly due to the COVID-19 pandemic, especially in the Asia-Pacific region. Remote working or hybrid working has become the new default and will likely stay this way for the foreseeable future.
In the early stages of the pandemic, government agencies and corporations understandably used Band-Aid measures—ad hoc technology and make-shift solutions—to stay afloat and ensure continuity. Considering the suddenness, sheer scale, and severity of the situation, many of these provisions can’t be seen as genuine digital transformation.
This raises two fundamental questions: what will modernising the delivery of citizen services look like in 2022 and beyond? And how can governments improve security and infrastructure to deliver seamless citizen-centric digital services?
OpenGov Asia had the opportunity to speak exclusively with Sascha Giese, Head Geek™ at SolarWinds, to talk about transforming digital services in the public sector and how SolarWinds can help governments in their digital transformation journey.
Sascha has more than 10 years of technical IT experience, four of which have been as a senior pre-sales engineer at SolarWinds. As a senior pre-sales engineer, Sascha was responsible for product training for SolarWinds channel partners and customers.
Culture Shift to Remote Work
Sascha started by exploring the big question about the direction of the workforce and its evolution. In his role, he works with IT professionals in different countries and contexts and has gained a wider and richer understanding of the remote working shift. Most people, he feels, don’t want to go back to the days of fully working from the office after experiencing the benefits of remote work during the pandemic.
Another phenomenon is the “Great Resignation,” which is the ongoing trend of employees voluntarily leaving their jobs. According to The Great Resignation Update, three main reasons why employees quit are burnout, inflexible jobs, and leaving for a more caring culture providing organisational support for employee well-being.
To solve this problem, many companies have adopted hybrid work, which allows employees to alternately work from the office and their home. As the whole workforce shifts, however, it’s particularly difficult for IT teams, as organisations generally weren’t prepared for this massive transition. In the best of times, IT usually takes a long time to deploy or accommodate any change, upgrade, or platform. The pandemic demanded instant change, so mistakes were bound to happen.
The fact is, even now, this is an evolving situation. With new strains and seasons come new measures and needs. This lack of certainty and clarity means no one fully knows what the work model is going to be. Regardless, Sascha firmly believes the future of work is hybrid—a fluid mix of remote and in-office working. Whatever the case, he’s confident IT teams can manage the situation.
Helping the Public Sector Undergo Real Digital Transformation
Mohit believes 2022 is the year where genuine, long-term digital transformation will happen in the public sector. In this constantly evolving digital landscape and VUCA environment, how can governments simultaneously deliver digital services quickly and keep them safe? And how does SolarWinds help the public sector in attaining a secure digital transformation?
Sascha explained most organisations, both public and private, want to increase their presence with more services and better access. Hence, they’re always exploring ways to provide more digital offerings across any platform and device—anytime, anywhere. For this to happen, he says, the public sector must leverage technology across the entire gamut of services, from birth, education, and living to taxes, business, registrations, and more. Technology is no longer an enabler but a disruptor of business models. It can improve lives in a way previously unimaginable.
Singapore is an excellent example of an advanced country when it comes to delivering digital services, in Sascha’s opinion. Through Government Technology (GovTech), it harnesses the best info-communications technologies to make a difference in the everyday lives of Singaporeans. The nation also regularly involves citizens in participating and co-creating technologies with the government, determining the services they wish to have.
An important and indistinguishable aspect of digital services is security, especially for citizen data in the public sector. Citizen data is extremely valuable and needs to be simultaneously secure and available. Maintaining the balance between the two aspects is especially challenging.
To store and secure citizen data, many organisations adopt a cloud strategy. Due to different regulations and compliance requirements in every country, however, organisations can’t put everything in the cloud.
One of the customers SolarWinds supports is a national health organisation linked to a European Ministry of Health, and SolarWinds has helped them improve the delivery of public health services. The customer initially started with basic server monitoring nearly eight years ago and has subsequently moved on to the management of applications and databases. As the organisation continued to grow, the support SolarWinds offered expanded to supporting the network team, where it monitored connectivity between regional branch offices and its headquarters.
In line with the wider government’s direction to create a “cloud-first” initiative, this organisation is shifting resources to a private cloud and uses SolarWinds tools to forecast the impact of data transfer from various locations. This includes placing parts of the monitoring system in the cloud.
In terms of data management, the organisation moved all sensitive data to a private cloud with limited access. It uses the public cloud for the rest of its data, as the public cloud has limitless resources and numerous technologies a private cloud doesn’t offer.
Maintaining Cyber Resilience Amid Perpetual Ransomware Attacks
As cyberattacks continue to happen, maintaining cyber resilience is a critical part of the modernisation of digital services in the public sector. Without a doubt, the most common of these is ransomware. Bad cyber actors are getting more ruthless as they target critical infrastructures, including public health systems and water cleaning facilities. Such attacks suggest human lives don’t matter anymore—they’ll do whatever it takes, even if the attacks cause real danger to people.
Sascha believes mitigating ransomware attacks is a big step towards better security and elaborated on two ways to diminish the damage. As soon as there’s an indication of suspicious activities, the first step is to shut down the machines before any further degradation or infection can occur, preventing the worst. The second line of defence is backups. These backups must also be regularly tested and updated to ensure their efficacy.
Due to the huge amount of data governments have, the backup process is much more complicated. Moreover, data is likely to be highly distributed because branches of local authorities have different sets of data. Additionally, the level of expertise of the IT teams in each agency might vary significantly. Therefore, governments need to find a baseline for security measures.
Mohit points out there’s no such thing as 100% safe from ransomware attacks, so the pertinent question is “how do agencies measure their level of security, and how can they be reasonably safe from such attacks?”
Nearly every industry was confronted with the rise of high-level cybersecurity breaches, highlighting the potential risk of incomplete security policies and procedures. SolarWinds makes a yearly IT Trends Report and polls thousands of IT executives about certain topics—this year’s topic is about security, reveals Sascha.
The findings of the IT Trends 2021 Building a Secure Future uncover a reality in which exposure to enterprise IT risk is common across organisations, but perceptions of apathy and complacency surrounding risk preparedness are high as businesses exit a year of pandemic-driven “crisis mode.”
The findings are based on a survey fielded in March/April 2021, yielding responses from 967 technology practitioners, managers, and directors from public and private sector small, mid-size and enterprise organisations worldwide. Most IT leaders feel their organisations are prepared to manage and mitigate cyberattacks. For Sascha, when people feel secure, they lower their shields and become complacent.
To measure the effectiveness of security protocols, certain tools can be used to check for network security threats, including penetration testing tools and vulnerability checkers. Sascha offers an interesting and progressive idea for security measurement: organisations should hire a group of hackers on the dark web to hack them so they know the vulnerabilities in their systems.
Another thing organisations can do is rely on proper tools for basic mitigation. Sascha believes organisations need to adopt a zero-trust model, which is a security framework requiring all users—whether they’re inside or outside the organisation’s network—to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Rooted in the principle of “never trust, always verify,” organisations must assume they’ve already been breached. Instead of providing permanent access, organisations should provide temporary access for project-based work, external employees, or contractors to minimise the risk of a breach.
Mohit agrees zero trust is the future. The problem is there’s a lot push back from team members, as it complicates their tasks. The question then becomes “how do you implement this unpopular yet crucial methodology?”
In response to this question, Sascha reflected on the December 2020 SUNBURST cyberattack on the SolarWinds software build environment, which illustrates a concerning new reality for the software industry and illuminates the increasingly sophisticated threats made by outside nation-states to the supply chains and infrastructure on which we all rely. The breach was a wake-up call for the software development community, and one of the biggest learnings is security requires constant vigilance and learning and must be part of the mindset of every security team member.
Early on, SolarWinds recognised it was likely a target because of its position as a market leader in monitoring and because it serves a plethora of companies – private, public, small, and large – worldwide. It’s a gateway of sorts, making it a highly valuable target. And while the company believed its prior security practices were representative of the practices within the larger software industry, armed with what they learned from this attack, they further sought to secure their environment and systems against vulnerabilities through its Secure by Design initiative. This includes, among other things, adopting zero-trust and least privilege access mechanisms, addressing risks associated with third-party applications, and, most recently, implementing a triple-build process that aims to set the new standard in secure software development.
From the beginning, SolarWinds has been open in its communication with its customers. The company published its findings from the cyberattack weekly, has worked with various agencies to offer information and remains committed to sharing its learnings broadly given the common development practices in the industry and their belief that transparency and cooperation are the best tools to help prevent and protect against future attacks.
Sascha’s main advice to the public sector is to manage their supply chain, as many organisations don’t even know who has access to their resources. Although organisations might have perfect control of their own environment, they usually don’t know what happens with external parties.
Building Citizens’ Trust in Government Services
When talking about trust in government services, Sascha recognises there’s still a generation not used to the digital world—mobile phones, the internet, online transactions, etc. Governments can’t instantly become fully digital, as there are still those who won’t or can’t cope with these changes. The more they’re pressured, the more they’ll resist giving their personal data to governments, creating a further lack of trust from this community.
Governments need to explain to the public why they’re going digital and how it benefits citizens—all citizens. The public needs to be involved from the beginning, and they need to understand why these changes are necessary to make each citizen’s life better and easier.
Sascha spoke about a SolarWinds product designed to solve a problem for which solutions are still lacking in the market. Many technologies are available to monitor data in the data centre and the cloud separately. However, many organisations don’t monitor the connectivity between on-premises environments and the cloud. When something isn’t working, organisations have to start troubleshooting and figure out what went wrong.
SolarWinds NetPath™, a network path analysis feature included in SolarWinds Network Performance Monitor, SolarWinds Network Configuration Manager, and SolarWinds NetFlow Traffic Analyzer, warns IT professionals where a problem is located. NetPath measures the performance characteristics of each network node and link, making it easy to spot slowdowns. It monitors connectivity from the users to the services and determines what infrastructure is in the path and where traffic slowdowns are occurring. It provides additional infrastructure data only when it appears to be related to a real problem.
With NetPath, organisations can isolate network slowdowns and determine the actual person they need to contact to solve them. This tool fills the gap in the market, as Sascha points out. At the end of the day, troubleshooting is a game of responsibility.
In closing, Sascha emphasises SolarWinds has done a lot to offer excellent digital products and put various security measures in place at the same time. SolarWinds establishes trust by putting significant investment into providing excellent and secure services.
