Technical debt is hampering the public sector’s digital transformation ambitions, according to Veritas field CTO, Richard Wainwright.
Wainwright (pictured) weighed in on the challenges of navigating the public sector tech landscape, which also include data-related issues and cybersecurity concerns.
“Public sector organisations have got lots of grand ambitions about moving to artificial intelligence (AI) and digital change, but many of them are struggling to stay current, let alone innovate,” he told Think Digital Partners.
Wainwright emphasised the importance of having the foundations in place before implementing AI, particularly in terms of data management and protection. He maintained that if historical big data and digital transformation projects have failed, there is no foundation on which to leverage AI solutions.
“Where they struggle [is] to either to maintain or manage the growth of data, even to categorise it… If you think about the AI story, it’s very difficult for them to separate out personally identifiable data in a way so they can actually use it as a way to train the models.”
“It’s a core problem of keeping things up to date before you start talking about security,” he said.
Wainright also noted that the issue of AI hallucinating – the creation of false information – can be extremely dangerous in the public sector. However, he said that can be overcome “by good planning, good training and putting the right data into it and being very specific about the use case that it’s for, rather than trying to apply it to everything and everything.”
The need for multifactor authentication
Wainwright also highlighted the need for proper onboarding and offboarding processes, as well as the use of multifactor authentication.
“We recently added some AI smarts into our core data protection platform, which if it sees a user doing something strange, it kicks them out of the session will makes them re-authenticate. That limits the damage that the bad actor could [inflict],” he said.
“Multifactor authentication also allows them to make sure that that person is who they are. And some clients are also moving toward multi-person certifications. So if you’re about to do something that is destructive, it requires more than one person to be involved. So how do you minimise the impact of the breach by controlling the damage they can do?”
It’s about people as much as tech
Wainwright also noted many organisations don’t have adequate onboarding and offboarding process, leading to vulnerabilities.
“It’s giving people access to data they shouldn’t have,” he said. “Bringing those concepts together, it’s as much about the people process as it is about the underlying tech. We’ve got an amazing recovery platform to help people get there, but unless they have policies in place, and configurations in place, it’s not going to work.”
