Written by Jon Taylor, Principal Consultant at Conosco
The public sector often comes under close scrutiny, but in the midst of a global pandemic the ability to efficiently run a test, track and trace system has added pressure. In the past month, we’ve witnessed first hand how poor public sector data management has impacted public trust. Over 16,000 positive cases went unreported due to technical oversight, leaving IT professionals stunned and outraged.
The cause of the issue? An Excel spreadsheet. With a column limit of 16,384 – records were no longer being counted after the cut-off point. As a result health services were not receiving the full and correct information, meaning as many as 48,000 people were not notified that they had been in contact with someone who had tested positive for coronavirus.
As Public Health England (PHE) faces questions about public sector data management, we share 6 lessons that can be learned as a result of the Track and Trace blunder.
- Don’t use Excel
- Legacy Infrastructure can be your downfall
- Use the cloud for scalable data storage
- Choose an ACID-compliant database
- Upskill your IT team
- Use a vulnerability scanning solution
Don’t use Excel
Given the rapid development of the testing program, it’s likely PHE used Excel as it was the most readily available option. The familiarity and easy creation of macros to perform data transformations also made it very convenient. But beware! When adding or changing values in Excel, there is a heightened risk of compromising the data due to human error.
For small-scale projects that don’t require automation, Excel is fine. But in the public sector where large amounts of data need to be processed, manual data entry, collation, and sending is not a viable option to ensure accuracy and validity. The more complex the public sector data management is, the more complex the solution.
Legacy Infrastructure can be your downfall
When we talk about legacy IT infrastructure, we are referring to outdated systems that are often incompatible with newer hardware and software. Many public sector organisations use legacy systems due to cost constraints and lack of technical knowledge. However, migrating to modern cloud systems doesn’t necessarily mean you need a bigger budget. In actual fact, the cost of employing people to maintain, monitor and manage legacy systems could be higher than transitioning to the cloud.
The physical and feature limitations of legacy infrastructure shouldn’t be underestimated. Security vulnerabilities could leave your data unprotected and at high risk, whilst outdated software licenses might mean you’re using an old version of Excel, with even smaller datasets than the latest version.
Use the cloud for scalable data storage
In the face of austerity, organisations in the public sector need to demonstrate cost savings. With unlimited server capacity, cloud solutions give businesses the flexibility to store as much data as required whilst guaranteeing integrity. Businesses are able to scale data storage infrastructure on demand leading to better quality service, higher productivity and better protection against security risks.
According to a report by Ponemon Institute, organisations spend around $3.86 million (£2.9 million) recovering from security incidents. The cost of a breach is far, far more than the cost of maintaining secure cloud solutions.
Choose an ACID-compliant database
In the public sector, a data breach can expose malpractice and destroy public trust. The use of a cloud database for collating and storing public data is a more robust option and a far better alternative to manual data entering within Excel. What’s more cloud databases can hold many millions of rows of data, avoiding the risk of information being missed from important reports (Excel has a hard limit of circa 1 million).
One term you should search for when selecting a database is ‘ACID’. ACID-compliant databases ensure that updates and changes to the information are automatic, consistent and durable, thereby dramatically reducing the risk of error.
Upskill your IT team
One of the biggest barriers to successful digital transformations is the IT skills gap. Many organisations do not embrace new technology, choosing instead ‘to do things as they have always been done’. As a result, software that’s inefficient for the task at hand (in this case, Excel) risks causing project failure and deeper issues further down the line.
Ensuring your team and the third parties you work with have the technical expertise, training and knowledge to deliver the right solution is vital. Where large amounts of data are involved, consider getting your business Cyber Essentials certified – a scheme that will teach your employees how to mitigate business risk and security threats. By presenting the certification on your website, your customers will know that you are continually working to protect their data.
Use a vulnerability scanning solution
There is so much information about data protection best practices online. But how can you take that advice and apply it to your business’s specific objectives, processes, and technology?
A Vulnerability Scanning Assessment will identify the points of failure in your software and IT infrastructure, enabling you to contextualise generic security advice to your organisation. You’ll then be in an improved position to prioritise and fix any gaps in security, enabling you to meet the requirements of GDPR. Running automated scans on a monthly, quarterly, or annual basis can give your organisation the peace of mind that issues will be detected and can be properly managed and mitigated fast.
The Excel issue could have been prevented – we must learn from it
The ability to share personal data across the public sector has had an enormous benefit on the delivery of services to the population. However, with so much sensitive information, it’s crucial that the government invests in effective public sector data management and creates a clear data infrastructure across the board. Otherwise, they could quickly lose the trust of millions of citizens.
If your data is compromised not only do you risk reputational damage, but you could face the consequences that come with it. By law, all data breaches need to be reported to the Information Commissioner’s Office (ICO) within 72 hours. Following an investigation, it can then fine the business if it finds improper practice. Fine’s can be up to 10 million Euros or 2% of an organisation’s entire global turnover- as seen recently with British Airways.
How can Conosco help?
By understanding your business objectives, we can tailor solutions that will help you achieve your goals and vision for the future. The integrity of your data is of paramount importance to us. Before we start any cloud migration project, we’ll address the risks and ensure you have the right service model for your business. With 24/7 IT support and a Security Operations Centre (SOC) monitoring your environment, you will have the assurance you need that your data is secure and your IT infrastructure is protected.