06-10-2019
Graeme Leighfield
When Becrypt began developing security technology for government more than a decade ago, relationships with Systems Integrators were the only viable route to understanding and accessing customer requirements. Our experiences today are of a vastly more diverse supply chain, with some major government programmes consuming our services as part of a collaborative ecosystem of Cyber Security SMEs.
The public sector is under intense pressure to transform its services by delivering better, more reliable experiences, more efficiently for UK citizens. Technology is at the heart of that ambition. User expectations increase exponentially as consumer tech evolves, added to which the opportunities emerging from private sector innovation in everything from AI to big data analytics are so significant that the public sector has an obligation to establish how they can be deployed for public benefit.
Nevertheless, unlocking the advantages of flexible, mobile, data-driven services requires effective cyber security. Public sector data is incalculably valuable - from citizens’ personal identifiable information to highly classified government records - the risk of compromise by accident or malicious intent must be appropriately managed.
Within one major government programme, we are actively collaborating with ten innovative SMEs working directly with government to deliver cloud-based services and mobile platforms that have functional and performance characteristics more typical of our faster-paced private sector customers than government systems of old, while achieving the ‘high assurance’ requirements of sensitive government networks.
This new way of working has been driven in part by a convergence of public and private sector requirements, both in terms of technology expectations and cyber threat. To help drive the required innovation, government departments now engage directly with SME’s through agile sprint processes, supported by lighter-weight contracting vehicles, leveraging the agility of SMEs and their desire to align innovation with emerging customer requirements.
While agile SME suppliers have flexibility to tailor solutions closely to public sector customer requirements, government’s relatively recent desire to avoid bespoke systems, combined with market convergence, allows the same R&D costs to meet the needs of broader markets. For example, here at Becrypt we have worked with the National Cyber Security Centre and other government departments to develop a ‘Cloud Client’ End User Device platform for accessing cloud and online services, leveraging open source components to develop a secure Linux-based operating system for access to cloud services. As a ‘born-in-government’ product, we have then been able to deploy the same technology across other security conscious organizations, such as those within the Critical National Infrastructure.
The wider marketing of products built for, or at least influenced by government is helped in part by the thorough technical due diligence or product assurance that government typically undertakes. Such activities are very resource intensive, but can nevertheless be a very effective mechanism for an SME needing to establish its first market for a new product. Using product assurance or system accreditation as a meaningful differentiator, is more viable for an SME than the alternative of competing with the vast marketing budgets of multinationals, allowing a beachhead to be created within government, before ‘crossing the chasm’ to adjacent markets where requirements now overlap.
There will of course always be an important place for System Integrators as part of the cyber security supply ecosystem for government, and indeed many are evolving internal structures to promote greater agility, innovation and collaboration through mechanisms such as ‘Intrapreneurship’. But in our experience, collaboration between cyber SMEs over recent years, combined with new public sector engagement models, has had a transformative effect on a number of key government IT programmes.
US
UK