This blog is the first in a series where I have directly canvassed opinions from people within our industry. This first time I was pleased to spend some time with David Jones, CIO at the Crown Prosecution Service . He and I had one of those pleasing rolling conversations that covered a number of areas, and I was delighted to discover that I’m not the only one in InfoSec who believes we have lost the argument about consumerisation. His forthright views on it were very compelling.
Before sharing his comments, it’s worth giving some context. Anyone who works in the Public Sector either directly or as a supplier will be in little doubt that the CSR has well and truly landed, and is about as welcome as the Mother-in-Law on a chaps’ night out. Always one to try and remain upbeat though, it strikes me that the forcing of the agenda means a number of topics in the Public sector are converging into one place right now. These are broadly Open Government, Consumerisation and Efficiency.
I’ve written a lot about Open Data as a topic. To be blunt, it’s my money you are spending, and I want you to tell me how you are spending it so I can hold you to account if you are hosing it about unwisely. I’ve seen some commentary complaining that it will cost money to do it, and it’s hard to give it context and blah blah blah. Hmm, how about, publish it, and we will decide if it needs fine tuning? And Open Gov doesn’t just mean checking up on spending. The recently announced Public Data Corporation will mean a sea-change in how Government is held to account, since if it’s done properly, there should be less dark corners to hide it.
The consumerisation debate is coming down the line faster and faster with seemingly more and more tacit Government support. It seems to me that HMG are almost actively supporting it – just count the number of iPads, i- this and i-that hanging around Government Departments these days or magazine articles quoting Senior Civil Servants and the like wishing for MacBooks for Christmas. David’s take here was that we have matured from the situation where the IT department could control the great unwashed some 10 years ago, and in the last decade every step we have taken is about simplification and consumerisation. The natural endpoint here is ‘bring your own kit’ (my words not his). You can see examples of this across every industry, not just our own. David likens software and hardware provision to food 20 years ago.. ”everything was sanitised to the extent that very few cared about the source so long as it works and is cheap. We may move back to the equivalent of organic, i.e. realise security/source is important and that time is now..”
So, if we accept the argument that things have changed, what are David and his peers in Government going to do about it? He sees his role as one that “ensures the business moves at the best safe speed and in an increasingly mobile, instant information world and this implies I need to work to meet the contradictions in requirement of speed, accessibility, fashion and security.” Projects such as the one he is running using tablets to present evidence in court are key to this. The tablet works because it presents information in a natural way, barristers can even ‘swoosh’ through pages on the tablet as they would paper documents. It’s intrinsically more secure than carrying huge piles of paper about, and it allows the CPS to exploit the expenditure they have made previously in electronic records keeping, another theme David is keen on. He wants to change the perception that IT projects fail within Government, and core to that is reusing previous project deliverables in new and efficient ways. He is constantly looking for ways to speed up processes and present the outcomes of previous projects in different ways, focusing entirely on efficiency gains.
The final topic we discussed was the PSN. I think it would be fair to say that many of us in the industry are frustrated with this at the moment. There are a huge number of vendors in the market that could offer innovative and different solutions to this project, but it does rather appear to be the same organisations involved as ever, and can feel rather like a closed shop. The net result of this can be some laughable concepts being floated within PSN as solutions – a universal encryption key for users being one of the daftest. PSN needs to address security at its core, if it is to service the demands of efficiency and consumerisation in the context of open government, since none of these emerging topics will be served by a static security framework that is unable to cope with the demands of the changing technology use landscape.
The CPS is an organisation with InfoSec requirements that are more sophisticated than many public sector organisations, but David’s approach can be used by all. Flexibility in terms of how information is delivered, a realisation that you don’t need to keep re-inventing things (just re-use what you have in a better way) and an understanding that security is the enabler for open gov and consumerisation, not a barrier to working.