When it comes to generative AI, how can the government to innovate at speed without undermining security and public confidence? That was the question put to Stephen Mowll, area VP for solutions engineering, EMEA at SailPoint, at this week’s Think Digital Identity and Cybersecurity for Government event.
Speaking about AI adoption with Rob Anderson, chief analyst for central government at GlobalData, Mowll noted: “Everyone’s talking about it. It’s the buzzword. But when you look in the market, a lot of people are still struggling,” he said. “People want the efficiency gains, the insights, the capabilities. But there seems to be progressing too quickly – a lot of investment has gone in without necessarily people gaining the benefits they were hoping for.”
The trust gap
The discussion returned repeatedly to the issue of trust. For Mowll, identity is at the heart of the problem.
“When we’re bringing people into our organisations, we’re giving them access to our data without necessarily truly understanding their business context for being there,” he said. “What access should this person have? When should we remove their access? And then we expand that into machine identities – accounts created to automate things for us. What’s their context? How do we understand when their access needs to change, and if it changes, do we know if it’s valid?”
Without clarity on these questions, the risk of misuse rises sharply. Mowll warned: “Every couple of weeks, you’ll read in the news about someone gaining access to information they shouldn’t via an AI agent. That’s a fundamental misunderstanding of the context of the different actors within the relationship.”
Legacy systems, new challenges
Public sector organisations also face the added complexity of siloed legacy systems. The danger, said Mowll, is that agencies can modernise without building in security from the outset.
If you liked this content…
11 emerging technologies the public sector needs – Forrester
Identity security: The critical shield for public sector digital transformation
MFA and data governance will be critical for risk management in 2025
Governments need to be mindful of shadow AI risk
Addressing the skills gap in gen AI and security
“When we see innovation, we want it. And then some of that stuff seems to fall by the wayside,” he said. “We need frameworks, structures that give us context – that let us modernise, but in a trusted way.”
He pointed to examples from industry where repeated attempts to centralise and modernise applications failed because identity and access management were not addressed. More successful organisations “score-carded all their applications – not just in terms of modernisation but also understanding the service they provide and the identities that relate to them. That helped them quantify which applications to modernise first, and what value they would get.”
For government, the value criteria may differ from the private sector, but the principle is the same. “Being able to trust a service, being able to understand the value to the citizen and the department – that just makes such a huge difference,” said Mowll. “It brings people together when they know what you’re working towards.”
Asked how to embed security across the lifecycle, Mowll indicated that policy alone is not enough. “We put a policy in place and expect people to just know it’s there. That’s not the case,” he said. Instead, he argued, departments need to think like advertisers – bringing the message into everyday working life. “Some of the most secure government organisations I’ve seen have created whole programmes of advertising, making security part of the culture. That’s when things really change.”
A public-private partnership
Mowll also emphasised the importance of collaboration. “The speed of adoption around AI is increasingly done when it’s brought together with the public and private sector,” he said. Many private firms have already embedded AI safely into their technologies, offering government a chance to learn and adopt without starting from scratch.
Ultimately, his message to the public sector was one of cautious optimism. AI can modernise services and unlock efficiency, but only if identity and trust are placed at the centre. “If we keep that foundation – if we build secure from the start – then we’re going to be far more successful. The rate of pace of change will keep up, but it will be trusted.”
