Why councils should look to cloud computing to unlock enhanced resilience and availability
As digital competence and engagement develops across the nation, the volume of data being generated is growing exponentially. For local authorities, a high majority of this data is personal and sensitive information that must be handled carefully. From council tax collection to social care and planning applications, councils are processing more data, and have the potential to gain more valuable insights than ever before.
Simultaneously, councils continue to face mounting pressures to meet rising demand for services with diminishing budgets. But as more services move online, the threat of increasingly sophisticated cyber attacks continues to dominate the headlines. How can local authorities continue to innovate and improve front line service delivery, while ensuring they do so in a safe, secure, compliant and cost-effective way? Scott Goodwin, Head of Local Government at Idox, explains how cloud migration can support councils in their security and compliance efforts, as well as unlocking a number of additional benefits as a result.
Digital momentum
The pandemic has acted as a catalyst for innovative use of data at a local level – using data insight to target support at the most vulnerable in society, shifting services to online platforms to encourage engagement, improve efficiencies and enabling local authorities to support a distributed workforce during the pandemic. For example, Idox was able to update Suffolk County Council’s online directory platform within 24 hours to provide a dedicated information source about how activities, local services, childcare availability, schooling and more, have changed in light of the pandemic, acting as a powerful resource for the community.
The increased use of digital services has evidently gathered momentum, with the value of data-driven innovation clear to see, but can these practices be sustained? In the face of a public health crisis, local authorities had no choice but to adapt to keep residents safe
and continue to deliver vital services. But with varying levels of data maturity across councils, for those local authorities less established in terms of digital practices, they have been on the back foot. While many will have gained the digital foundations necessary for further transformation, do they have the resources and skills to keep up that momentum?
The government currently spends £2.3bn every year on patching legacy IT infrastructure. It’s been reported that some of the equipment dates back over 30 years and even fails to meet minimum security standards, making it one of the most significant barriers to digital transformation in the public sector.
The announcement of a £37.8m fund for local authorities to boost cybersecurity as part of the Government Cyber Security Strategy will support councils in safeguarding the front-line services that are essential to keeping the nation going by mitigating risk of cyberattack. But will it go far enough to address the challenge of deploying and maintaining digital services across local authorities?
Since the launch of the government’s ‘Cloud First’ policy, there have remained several barriers causing hesitancy among local authorities to make the move, including budget constraints and concerns around disruption. But in order to continue reaping the benefits that come from digital transformation, migrating to the cloud will provide the ideal environment for councils to become more agile, scalable and resilient – ultimately enabling them to focus their attention on delivering improved front line services.
Security concerns
As data sets grow, coupled with the digitisation of services, so too are concerns around cyber security, data privacy and handling. UK councils reported more than 700 data breaches in 2020 and of the 777 incidents managed by the National Cyber Security Centre between September 2020 and August 2021, 40% were targeted at the public sector. Clearly, security and compliance cannot be overlooked, especially when you consider these recent examples:
Real world examples
- A cyber attack on Redcar and Cleveland Borough Council in 2020 is estimated to have cost it more than £10m, including replacement work to its infrastructure and systems and lost revenue from a reduction in enforcement and collection income due to systems being out of action
- Gloucester City Council experienced a cyber attack in December 2021. Reportedly linked to Russian hackers, the council’s online revenue and benefits, planning and customer services were all affected, with further impacts to several other online services. The council has cautioned that it could take up to six months to resolve the issue as servers and systems that have been affected will need to be rebuilt
- The London Borough of Hackney felt the after effects of a ransomware attack for many months, as the council had to repair its systems and struggled to deal with the backlog of services, demonstrating how issues can remain for long periods, and knock on effects can mean that new issues arise as restoration work takes place
- The recent Log4J IT security vulnerability caused concern across organisations and government departments that were unclear whether any of their infrastructure or services used Log4j, whether they might have already been compromised and how to mitigate any potential risk
“All these examples highlight one common theme – with so much pressure on councils to deliver front-line services with ever tightening budgets and a constantly evolving threat around data security, should councils be tackling this challenge alone? Local authorities don’t have the time or expertise to quickly ascertain whether a potential security vulnerability could compromise their online services. They aren’t designed to be IT infrastructure or cyber security experts and while no one should ignore the threat of cybercrime, they should rightly be focusing their attention on delivering front line services and instead partner with experts to keep their IT systems secure, maintained and compliant.”
Cloud resilience and convenience
As the cornerstone of society, public sector organisations together with the vital services they provide are a high priority target for cybercriminals. The risk of disruption to public services grows as cybercrime methods become increasingly more sophisticated. As such, local authority cyber resilience remains paramount to safeguarding public services. So how can councils maintain a high level of resilience? There are a number of guidelines to follow such those set out in the National Cyber Security Centre’s 10 Steps to Cyber Security. Included in these guidelines are recommendations to reap the benefits from a cloud services model: ‘Using concepts such as Platform as a Service (PaaS) and Software as a Service (SaaS) allows you to shift some of the responsibility for the management of the underlying technology and its security to the service provider, allowing you to focus more of your effort on the applications and services that are bespoke to you. You will also benefit from the vendor’s investment and expertise in security’.
In a cloud-based model, compliance is baked in from the start. Patching security vulnerabilities becomes the responsibility of the cloud solution provider, with far more resources, expertise and focus to prioritise security compared to a local authority seeking to maintain costly and outdated legacy models. Both local authorities’ and vendors’ reputation and success hangs on the highest levels of security and as such, it is the responsibility of the vendor to continually invest in research, infrastructure and talent to ensure that security is never compromised.
The recent high-profile examples of public sector data breaches demonstrate how crucial backup and disaster recovery strategies are for business continuity. Moreover, the operational challenges and potential financial penalties associated with any downtime make this even more critical. As such, councils cannot afford to rely on outdated on-premise backup solutions that can be slow and unreliable. Instead, cloud migration delivers sophisticated backup and recovery functionality that can restore data and services in minutes – providing peace of mind.
With a managed service, a local authority can offload the burden of IT compliance and headache of keeping IT systems secure and maintained. The cloud provider will manage the lifecycle of IT security assurance, building an environment where the system will flourish and perform as it’s supposed to, supporting front line teams as it was designed to.
Regulation and compliance
It’s not just cyber security and IT infrastructure that is a concern for local authorities. The ever increasing volumes of data that councils collect and process must be handled in accordance with certain regulations to protect people’s sensitive information, reputation, privacy and to meet legal compliance requirements. Regulations such as GDPR, The Data Protection Act 1998 and many other standards such as ISO27001 all ensure information security is consistently at the highest level.
Given the complexity and diversity of the public services that councils operate in, regulation compliance is high on the agenda for each department. From environmental health to social care, electoral services to development management, the rapid rate of legislative change and guidance within the UK local government ecosystem is a continuing challenge for councils to keep up with.
This is made even harder for councils when you consider the government-imposed targets that are associated with these regulated sectors. For example, the government has promised to increase housebuilding to 300,000 new homes each year by the mid-2020s in an attempt to tackle the chronic shortage of housing.
The 243,000 homes built last year was the highest in 30 years, yet more than 15% of English councils will soon have their planning powers restricted after failing to meet the government’s Housing Delivery test figures. While labour shortages and material costs are hindering these efforts for housebuilders, it’s also policy confusion and delays in planning that are adding to the mix as councils grapple with cuts to funding and skills gaps that heighten the challenge of processing planning applications effectively.
With a fully hosted and managed cloud environment, councils are empowered to fully optimise their processes and workflows so that they support the goal of meeting regulation targets. Moreover, working with a cloud provider with a strong heritage of working in the public sector and partnerships with key industry bodies means that any regulatory or legislative changes will be updated within the software rapidly and well in advance of deadlines.
Demystifying misconceptions
So, what’s holding councils back from migrating to the cloud? One issue that won’t come as a surprise is funding. A well-publicised lack of budget has been an issue within the public sector for many years but there is a common misconception when it comes to cloud migration that the initial and ongoing outlay will be cost-prohibitive. But if you compare the associated maintenance and management costs of outdated legacy models with cloud migration, it’s far more cost-effective than you might think. Return on investment can be rapid when you consider that typical in-house IT support tasks such as software patches, data storage and ongoing maintenance are all managed remotely by experts in the field. Additionally, when you consider that a cloud model can support the evaluation and streamlining of workflows, identifying those that can be optimised or even retired, this supports workload and cost-efficiency even further.
Another factor that has prevented councils from making the leap to the cloud is the fear that digital transformation could cause some job roles to become redundant. Cloud migration could be seen as an opportunity to upskill staff into new positions as skills around project management and innovation become a greater priority. One example is South Thames Gateway Building Control (STG). By deploying Idox’s Cloud for Building Control software, STG was able to unlock a number of benefits including a 37% increase in productivity. Notably, by digitising the application submission process for building control certificates, significant time was freed up for the scanning team, meaning they had opportunities to develop their skills and transition into new roles, rather than being siloed into one job.
The possibility of service disruption is another element that is understandably a concern for local authorities. There are a number of steps involved in the migration process such as scoping and data transfer, pre-live environment build and rounds of testing to ensure a smooth transition. Yet, migration doesn’t necessarily have to span great lengths of time. Depending on the scale and requirements, migrations could be gradual, or take less than 30 days to complete – with minimal service disruption involved. Especially for large-scale migrations, it’s imperative that councils maintain accessibility of their data during the migration to ensure service continuity. This is why it’s crucial to have a solid migration strategy in place, supported by a project manager and rigorous testing and documentation along the way.
Levelling up local government
The unprecedented nature of the last two years has caused significant upheaval and pressures on local authorities, especially considering the scale and speed at which change was required. This rate of service transformation, informed by data-driven intervention has been a dominant factor in lessening the impact of the pandemic, helping to protect the most vulnerable citizens and ensure the continuation of front line services.
Despite the overwhelming challenges of the pandemic, it has not lessened the other external factors that councils continue to face, including budget constraints, increasing security and compliance issues and rising demand for improved online services. It’s therefore paramount that the positive momentum in digital services that local authorities have spearheaded over the last two years isn’t left to stagnate and revert to previous inefficient methods.
The pace of innovation within local authorities must advance with a cloud-based approach so councils can exploit the huge potential of innovation that it brings, including technology such as artificial intelligence and automated functions. But it’s not just rapid, cost-effective scaling of services that the cloud enables, it’s also the high levels of security and compliance that comes from working with a trusted partner that can meet or exceed the stringent guidelines and government standards that cloud software providers must adhere to. With IT support functions including data storage, maintenance, software patches and security all managed and executed remotely, local authorities can free up time and resource to focus their efforts on public services with peace of mind that the back-end IT support is taken care of.