Exercising strategic control during digital overhauling is the need of the Government Departments for retaining ownership of data/information, says Golok Kumar Simli, Chief of Technology, Passport Seva Programme, Ministry of External Affairs.
Thanks to the eGovernance initiative of Government of India and the current Digital India drive which aims to automate manual, paper-based cumbersome legacy processes, bring transparency, accountability, reduce decision making errors, encourages paperless and cashless environment, enhance policy controls and provide real time reporting capabilities.
While Departments are expediting their digital overhauling, retaining the ownership and supervisory control over Data, Information and other critical assets pitching hidden challenges especially when several agencies are involved. These challenges get multifold in the absence of a Strategic Control Team from within the Departments.
On the one hand, power of IT and the associated application software has boosted the Digital Drive and Digital Transformation journey of the Departments to a wider arena benefiting and empowering the common masses on a speedy track but on the other hand, it has opened up new challenges in keeping complete control of the critical assets including data and information.
Added to this, the availability of anywhere, anytime service requirements through internet as a viable medium has provided new opportunities for the cyber criminal and hackers and the risks to valuable and sensitive data/information in the cyberspace are greater than ever before. Internet is an essential ingredient today for citizens, customers, suppliers, employees, and other stakeholders and partners to get access to the business information they need and allows businesses to use information more economically and effectively.
Internet-based digital foundation
The Internet-based digital foundation ‘The Cloud’, is also unveiling new and innovative business model and pricing mechanisms for both the service seeker and service provider, be it private or public. The other advantages of cloud-based Internet-enabled services are reduced cost, quality of product/services, option to choose/reject, greater economies of scale, and increased effectiveness.
In my view, Internet enabled e-Business’ greatest promise is access to more valuable information to more people and more efficiently at a much reduced cost, comparable to a traditional on-premises infrastructure which has many limitations in terms of demand, scalability and agility.
While putting the business system of Government departments on ‘Internet-enabled cloud’ would offer unlimited opportunities in meeting the unprecedented demand with increased efficiency, agility and reduced cost, it also tends boundless risk by providing greater access to data/ information, not only to legitimate users but also to dissatisfied business users, disgruntled employees, peeved stakeholders, cyber criminals, hackers etc.
Then comes, the use of emerging technologies such as AI, 5G, NLP, RPA, IOT, Big Data, etc. enabling us to think differently, create new opportunities and business potentials and evolve new business models whose deployment will be critical in the coming decade.
While, the next technological revolution will be powered by edge computing and multi-cloud strategy accessed over internet around the cyberspace, the question is, how closely the Departments get involved even while planning and defining the basic requirements of Data security fundamentals, I prefer to term them as Confidentiality, Integrity, Availability and Sustainability (CIAS).
Are we in a position to transform data into actionable insights? Although putting the business systems on the Internet offers potentially unlimited opportunities for increasing efficiency and reducing cost, it also offers potentially unlimited risk. The Internet provides much greater access to data, and to more valuable data, not only to legitimate users, but also to hackers, dissatisfied employees, criminals, and corporate spies.
True to my knowledge and experience, whenever we talk about process improvement and service delivery transformation by leveraging technology, specific information infrastructure and application software, Government Departments mostly engage and seek participation from the industry, both as partner and service provider/system integrator/implementation agency to accomplish a particular task/project.
In addition, there are business stakeholders. While the project passes through the various phases, right from conceptualisation stage to Operation and Maintenance (O&M) phase, supervising and controlling these actors in retaining the ownership of the project without compromising the security and integrity of the data/information is a major challenge.
To have effective control mechanism over data and information, in spite of various actors playing their respective role, Government Departments needs to have in-depth exercise and convincing methodologies having their own personnel in place. In the process, as the role and responsibilities of the industry and private sectors has increased significantly. Formation of a Strategic Control team from within the Department has become utmost important in keeping control of its data and information.
The Strategic Control team would help Line Ministries/Departments to have control over critical assets; security and privacy of the Government data by retaining complete protection on Data/Information, identity and make changes in Business Requirements/Processes; Software Code/IPR and associated documents; test coverage to New Code, new Code Changes to Production Environment; Intrinsic Security; Build-Release-Deployment (BRD) setup; adherence of Service Level Agreements; Audit Trails; Sustainable Outcome and smooth Exit Management from existing Service Provider to Next Service Provider.
The team needs to be engaged right from Conceptualisation Stage to preparation of DPR; RFP/FRS; Bid-Process-Management & Selection of Implementing Agency; SRS; Software Development and Coding; Test Coverage and Testing; O&M Phase and Exit Management. It is important to note that Strategic Control in a scenario where software/system development has been outsourced to a PPP operator [Service Provider], it does not involve control over every last line of code.
Thereby, controlling code writing or dictating finer aspects of design would only serve to reduce the degrees of freedom available to Service Provider in configuring his solution to meet his Service Level obligations under the contract. Hence, Department personnel so engaged as part of an Institutional Mechanism and to exercise the Strategic Control role should understand this complexity of service delivery process.
All about teamwork
The Strategic Control team should be part of an institutional mechanism in the form of Special Purpose Vehicle (SPV)/Programme Management Unit (PMU), and it is crucial for the Departments to create such Institutional mechanism having sufficient numbers of functional and technology personnel required for the project.
It should be also ensured that the set-up continues for the entire life cycle of the project. These multi-faceted personnel would help the Department and decision makers assuring that the ownership of the Data, Information and Critical assets remain within its ambit.
The strategic control unit would also ensure reducing the risk that the organisation may encounter, while they opt to source the high risk role by engaging external resource (ER) as domain experts that are deeply technical in nature such as Application Software, ICT infrastructure, Data Security etc. and would ascertain that ER will not abuse the power vested in the role.
It is also vital to monitor the very nature of Create-Read-Update-Delete (CRUD) activities being performed in the system and high priority security logs being generated by the system on a real time basis.
In essence, Strategic Control Framework would help enable the government departments and public sector organisations defining control over the targeted outcomes; security and privacy over Data/Information; make required changes as regards policies/processes/business requirements and have the capability of smooth exit management. In addition, it would also ensure that the Government Departments/Public Sector Organisations has complete control over the Strategic assets like software application, code, associated documents, databases and core digital foundation.
- Golok Kumar Simli
- The author is Chief of Technology, Passport Seva Programme, Ministry of External Affairs, Government of India.