The public sector is certainly hot these days – definitely in the hot seat, in hot water. Concerns about public sector finance persist, with the discussion in some cases targeting specific causes beyond just vague notions of overspending. The Economist recently came down pretty hard on public sector unions.
However, for some tech vendors, the public sector really is hot – as in a hot opportunity. Despite revised earnings and warnings about public sector forecasts by some tech vendors, others are instead optimistic. Steria, a French IT services company, is not too concerned about the lingering malaise of the public sector, although it has not been immune to the crisis. A UK public sector spending moratorium in 2010 brought all projects of more than £1 million to a temporary halt, for review. Steria and other suppliers and service providers held their breath through much of the fall.
In the past few days, almost every conversation I have had with a CISO has somehow stumbled onto the topic of the data breach at the US Department of Defense (DoD) and subsequent release of that information through WikiLeaks. Many CISOs have told us that their executives are asking for reassurances that this type of large-scale data disclosure is not possible in their organization. Some executives have even asked the security team to provide presentations to management educating them on their existing security controls against similar attacks. Responding to these questions is tricky: “It’s like treading on a thin ice,” commented one CISO. If you tell them everything is under control you may create a false sense of security. If you tell them that it is very likely that such an incident can happen within their organization – it may be a career limiting move.
I would recommend giving the executives a dose of reality. I do many security assessments for our clients and often find that many organizations are solely relying too much on technology and infrastructure protections they have. Today’s reality is very different. We often operate in a global context with large and complex IT environments making it hard to monitor and track data and we are sharing a tremendous amount of sensitive information with business partners and third parties. All of these realities were faced by the US government as well and probably all contributed to the circumstances that led to the disclosure of data.
As many of you try to extract the lessons learned from this episode, here is my take on it – It is a failure of not a single security control but a set of multiple preventative and detective lapses.
Failure of preventative controls: Governance, Oversight and Access Control
“School Bond Measure Fails” seems a common headline these days. In fact, a quick Google search found that school bond measures and tax levies have just this fall failed all over the US, notably in Santa Clara County, which was characterized as “tax friendly.” However, despite the hardships of raising money for schools, per-pupil spending continues to increase – having increased steadily from just over $500/pupil in 1919-20 to $11,674/pupil in 2006-07, according to the National Center for Education Statistics.
One place that the expenditure has been going has been toward technology investments. The number of computers in public elementary and secondary schools has increased: in 2005, the average public school contained 154 instructional computers, compared with only 90 in 1998. More importantly, the percentage of instructional rooms with access to the Internet increased from 51 percent in 1998 to 94 percent in 2005.
Forrester’s Smart City Tweet Jam was a great success. On Tuesday morning/afternoon/evening, smart city followers around the globe participated in an hour of intense tweeting on smart cities. We touched on a range of issues from the definitions of a “city” and a “smart city” and the evolution toward the goal of becoming smart to the challenges city leaders face and the business models that enable adoption of technology-based solutions. We ended with a contrarian view that “smart cities” might just be a fade. But that was quickly refuted with reminders of the growing challenges faced by cities and the imperative of facing these challenges in a sustainable manner.
One hour, 62 Twitterers, and 389 tweets later we were exhausted – at least I was. But we were pleased to have aired and shared our opinions about the challenges, the potential solutions to those challenges, and the paths and business models that will make those solutions possible in the short-run, and hopefully sustainable in the longer term. Below are some excerpts from the conversation. But there were many interesting points of view and contributions to the discussion. I've included here a visual representation of the key words and topics discussed during the Tweet Jam, created using ManyEyes. For the more stats and the full transcript, check out #smartcityjam.