The power of cloud: protecting citizen data from cyberattacks

14th February 2023

Civica’s Rachel Brier explains why cloud technology is the answer to protecting citizens’ data

Public sector organisations are digitising fast as they strive to deliver better and more cost-effective services. However, this puts them at increased risk of cybercrime. Recent high-profile data breaches and cyberattacks have cost millions and damaged public trust. With cloud technology, organisations can make the most of digital delivery while minimising their cybersecurity risk.

Convenience brings risk

The shift to digital is transforming how public sector organisations work. Online services have replaced paperwork and queues for council services. Machine learning is helping local authorities to predict where they should focus their resources. And cloud systems make it possible for council teams to work more efficiently, from anywhere.

This digital convenience does, however, come with risks. While they save money and greatly enhance what councils can do, digital services can also be vulnerable to cybercrime. Because of the sensitive data they carry, public service organisations are an especially popular target for hackers. According to insurers Gallagher, councils in the UK were hit by an average of 10,000 cyberattacks a day in the first half of 2022. Data from the UK’s National Cyber Security Centre (NCSC) shows that around 40% of the incidents it managed between September 2020 and August 2021 were aimed at the public sector.

The consequences of an attack can be serious. Data breaches have left many councils in millions of pounds of debt and have disrupted or disabled services, with staff sometimes forced to resort to pen and paper. Residents have received incorrect benefit amounts or have not received payments on time, and changes to council tax bills have not been applied, leading to residents paying incorrect amounts. It can take months to recover from a cyberattack. This can all cause lasting damage to a local authority’s reputation.

Technology is the key

For public service organisations, protecting against cyberattacks is not only about technology. Employees need to understand, for example, how to spot and avoid targeted attacks such as phishing, and to use correct password protocols and authentication.

But technology is the most important line of defence. Regardless of how security-aware its people are, a council needs its IT estate to be protected against constantly evolving cybersecurity threats. This means managing a never-ending cycle of patches and upgrades to legacy systems, which is expensive, time-consuming and places a huge burden of responsibility on IT teams.

Cloud: where the security is

Cloud solutions offer a way out of this situation. With a cloud-first IT strategy, hardware, software and security management are all managed by the cloud provider. On the face of it, this may itself feel like a cybersecurity risk. What if the provider is compromised?

Acknowledging this concern, in 2020 the NCSC published a whitepaper identifying 13 security benefits of cloud services. The paper points out that they solve the big security challenges faced by traditional technology environments, such as always knowing exactly which services are exposed to the internet and having a consistent approach to crucial security tasks such as authentication and monitoring.

The difference with cloud is scale and resources. Microsoft, whose Azure platform underpins Civica’s cloud software, spends billions of dollars each year on cybersecurity and employs thousands of security specialists. Cloud platforms like Azure run in highly secure data centres and have their security capabilities constantly updated to deal with ever evolving cyberthreats. The move to cloud means a move to state-of-the-art cybersecurity.

It may feel counterintuitive that the best way to protect citizens’ data is to put it in the cloud. But today, that’s where the greatest amount of cybersecurity investment and expertise is concentrated. By moving to the cloud, public service organisations can equip themselves with the highest level of cybersecurity while passing responsibility for it to the cloud provider. This leaves teams to focus on what they do best – creating and delivering better public services for the citizens they serve.

Rachel Brier, Divisional Managing Director, Revenues & Benefits, Collections and Digital Solutions