Which technology trends are impacting on your organisation?
In the terms of technology trends, we follow Gartner quite a bit. They talk about a nexus of various technologies around social, mobile, cloud and information analytics. Those are the four big things and seeing them converging in some way is a big challenge for us, especially with the constraints we have with regulations, compliance and security.
As a research organisation, we are looking at technology trends which are maybe three or five years down the line. We’re looking at protecting consumer and enterprise users who might be using a plethora of devices, and protecting the data on those and access to various elements of data.
We’re trying to solve some problems around securing data in the cloud, especially across international borders, looking at homomorphic encryption so that the data is always encrypted in the cloud and as you access it. Finally, we’re looking at adaptive systems: threats that are unknown, and where data does not have a previous signature, and we pick it up as an anomaly to stop threats before they have an impact on an organisation’s infrastructure and data.
Social technologies are interesting. That’s because CTOs and CIOs, especially in the public sector, are being told that “we need to do more with less or less with less.” We can get people collaborating together and working smarter together.
The other thing is a nexus. In my sector, big data meets cloud computing because we need cloud computing to address computational challenges that we couldn’t before: trying to match demand for energy with supply for energy. Supply from renewables is very variable. As a maths problem, it’s very easy (linear programming) but as a computational problem, it’s massive. To get enough computational resources to resolve all those problems, it’s driving us to use cloud technologies.
In health, we can’t afford to be leading edge. We wait for others to plough that furrow. Use of technology at point of care is now a big area. Mobile working and assistive technologies are other areas that are becoming quite prevalent, mixed in with the general consumerisation of IT.
People have access to facilities outside their workplace that are, in some cases they claim, superior to what they can access within work but we’re constrained by CESG and governance requirements.
Medical devices are now much more IT-centric. They all come with some form of database attached to them and we’re trying to work how to manage that technology.
For us, the biggest issue is mobile computing and being accessible to our clients. With an irreversible trend towards the use of mobile devices in recent years, our domestic and international client base expects us to be available 24/7. The adoption and use of new technology has been key. It has changed fundamentally how we work.
Traditionally, the legal sector was very paper-driven. That has changed considerably. Ten years ago, law firms had libraries of documents and books. That’s all completely changed now. Most of our resources are online and lawyers communicate electronically, reducing the need for paper document retention.
From a client perspective, cloud computing is becoming a significant issue that people are aware of and want to know more about. We still see a lot of clients who are quick to rush into it. Obviously, there are attractive cost savings, but there are also some serious legal issues that people need to be aware of (for example, around data protection and security). These ought to be examined carefully before any deal is struck with a cloud supplier.
To take the SEM as a good example, we know what demand for electricity on the island is like and we know how much energy we can buy from Great Britain or produce here in Ireland. We don’t know how many waves there will be or how much wind there will be.
We could just lump the data into Amazon web services or the public cloud. The challenge from network operators was: “If we do that, do we have a risk from a security perspective?”
If you sign up for a public cloud service from Amazon, the person who enters the information into the cloud takes responsibility for whatever happens to the data. Once we had a measured, common sense discussion, we found a way of doing it. Everybody understood the implications and people either signed up for it or didn’t.
We manage data on behalf of the organisations that we supply services to: 12 government departments plus many of their non-departmental public bodies and agencies. We define the criteria for what we’re responsible for and what they’re responsible for as a data owner. There’s a certain common theme of having data in the cloud and then accessing that data through any device. We’re starting to look at a ‘bring your own device’ pilot strategy and the classic one is: “How can you use an iPad on a secure IL3 network?”
We found in IBM that as people were starting to use more androids, iPhones and their own laptops for work, we were really struggling to get people to install the policy for that device. The CIO, Janet Horan, just said: “We’re just going to change the terms of employment for you as an IBM employee and it’s your responsibility to make sure you conform with the policy.” For a lot of CIOs, it’s getting people to buy into it for good business reasons but there’s a cost that people have to accept.
The introduction of the senior information risk owner (SIRO) and information risk owner roles ensures information governance receives a greater focus. There is now one identifiable person with overall responsibility. The Information Commissioner’s Office has shown a greater willingness to fine health organisations, which previously hadn’t happened. With the introduction of other types of technologies and ‘bring your own’ computing, we have to ask: “What is the business benefit of this and why does that outweigh the risk?”
How does it change the organisation and the IT skills for ordinary managers?
Those people need to develop skills not only around technology but contract management and supplier relationship management, the business value that the technology brings and the risks associated with that. Those people are quite hard to get and they need to be represented at the top table of the organisation as well, so they have the authority to call a halt on ‘bring your own device’ or flag up the risks to other senior members of staff.
Information management is becoming more important than the devices themselves. Managing the technology per se is easy. One of the big health trusts in England was fined because an outsourcer hadn’t managed the destruction of hard drives. If you get into a situation where a public sector organisation can be fined for the misdemeanour of an outsourced partner, that starts to drive and reinforce a risk aversion that I don’t think is healthy as we move into an era where technology becomes more important and more ubiquitous.
Treating information as an asset is a shift in the thinking as well. There is a reluctance to delete data just in case it’s needed later but good records management dictates that records should be deleted after a certain amount of time.
We collect lots of data related to the individual but we introduced a very simple system recently of sending out text messages to remind patients of their appointment. The debate was over whether they had given their permission to use their mobile telephone number for that purpose. The mobile number was maybe a relative’s number and the service user would not want it used for that purpose.
I was recently working with an airport operator in Great Britain on how to ensure that there were enough people in duty-free taking money from customers and a minimum number at security taking the same money from them.
Seventy per cent of people arrived by public transport and we could easily put GPSs on the buses. We had to go to the regulator to ask: “Is it legitimate for us to take that information about anonymous people and share it with this other regulated entity?” It turned out that it was but it made me think that you have to be so careful about re-purposing data even if it’s a really good legitimate idea.
There are established registers in health (the cancer registry is one of the biggest ones) and those are already very defined data sets. You know what you’re gathering and why you’re gathering it. There are mechanisms to capture some of that very key clinical data but for a lot of other associated data, it’s not clear what you are going to keep.
The trick is getting it right at the start, when you’re collecting the data. It’s much more difficult to retrospectively go back to a database and seek consent to do something new with it. With proper planning from the beginning, it should be possible to collect data in the right way and obtain sufficient rights over it.
How do you design for the fluid world of cloud computing in the future?
We’ve just signed off a project initiation document to go to the market for consultancy to define the requirements for a public sector data centre. I mean that in the widest sense of the public sector; it’s not an NICS data centre. Today, we’ve got the silos of data managed in various places in various ways by various providers. We’re going to procure a specialist consultancy to look at how we’re going to define our requirements for that.
Once we look at building, buying and partnering, the cloud is attached to that because providing a cloud service off the back of that allows you to do some very creative things with SMEs.
If DFP were able to provide land as part of a total package and that land has got the appropriate connectivity, a private sector partner can come in and encourage SMEs in Northern Ireland to build apps and sell that off the cloud in a government apps store.
I’d imagine that it’s not even as easy as a reduction in the IT headcount because those people who are freed up from looking after their own data centres are then freed up to work on other projects and look at deriving better value elsewhere in the organisation.
Within IT and within health, we come up with solutions and then we look for a problem for those to solve. I always challenge those trying to sell a concept: “What is the business need?” You need to firstly identify the problem and then say: “Let’s look for a solution to that problem.”
Will IT become a commodity and make a seismic shift?
I think it will and that’s a very good way to describe it. I often joke about shared services being a utility but that is predicated on the fact that IT is a utility.
There is a danger for organisations in that they lose the in-house skills whereby they are able to make informed decisions around the security of their data, procuring new communications, online services or bespoke development of systems. Let’s be honest; large organisations can’t lift something off the shelf. There’s a certain amount of configuration if not development work that needs to be done. To lose those skills in-house, you are then required to go out and engage consultancy and then you’re at their mercy.
Small to medium sized enterprises will leap at that cloud because it’s just a commodity they can turn on. But for bigger organisations, some of these things aren’t a utility, like clinical systems. For financial management enterprises on this island, the data is their business. That’s what makes the money and they are never going to want to give anyone else latitude to affect the performance and scale of that data.
Will there be a different role for chief information officers?
I think it has changed. Over the last 10 to 15 years, they have been coming out of the wiring closets and data centres and are looking at business value and how those systems affect profitability within organisations.
I chuckle to myself sometimes because my background is as an IT professional and you sometimes think there’s an elitism among us and a sense that the world revolves around the way we see it. My grandfather was a blacksmith and the world has moved on from the days where that profession was a very important part of the Northern Ireland economy. IT might be in danger of going the same way whereby it’s a different set of skills used in different places and it becomes ubiquitous.
Where’s the value in big data?
The difficulty within health is the growth in data being captured. Storage is becoming cheaper but the management of the items that are stored is becoming more expensive and more risky.
Limiting people in terms of what information they are holding and how long they are holding it for is crucial to us. It’s about having the right quality of information available when you need it.
There are lots of medical devices that now gather huge amounts of information and have their own built-in databases. How that information links with the primary patient record is always going to be a challenge.
We are now doing evidence-based policy and decision-making based on the data we have gathered through HR Connect. That’s a conundrum because, on the one side we’ve got that and on the other side we’ve got a mailbox size limit. That’s predicated on a retention and disposal policy. So, we’ve got a policy in place but some people ignore the rules and blow their mailbox limit, and we the service provider end up carrying the can.
We were researching chips that will process data in real time: 40GB per second line speed moving up to 100GB per second line speed. We are looking at how we can take that research and apply it into the financial services market, how we can use our malicious content solutions, how we can apply that into a different market vertical and look for malicious trades, and how you can extract new levels of value from huge datasets and unstructured data.
We are the technology partner for the All England Lawn Tennis Club. We have done Wimbledon in the cloud for the past three or four years. As a big data exercise, one of the things we do is Point Stream which measures the movement of players and tennis balls around the court. We also do the scoring system and the fault system.
Today we can do that profitably for 32 tennis courts but in 10 years’ time every hospital in the world, home care patient or supermarket could have the same level of instrumentation and we can’t anticipate that.
The open data initiative which is coming out of Whitehall is basically anything that is not confidential or individual-centric should be made available via a portal. But it is not clear what that means or how it will be managed. You probably can’t charge for it because it’s already been paid for and you’ve got things like Google maps that are already providing free data.
Something that we are finding difficulty with is the relevance of the paper record versus the digital and what is a legitimate format for that record. Then we get into a debate about if it’s ‘born digital’ then that’s ok but what if it’s information that has been scanned in? We still refer back to the printed patient note as being the primary record and that’s very old-fashioned and expensive.
We’ve put in place an electronic document management system to eliminate paper records and move towards digital to ensure we have a statement of record. Then on the other side, in our finance systems, we still have to retain the original paper invoice. Even if we scan them in electronically, we’ve got to maintain them for seven years.
There is, of course, value in retaining the original, paper version of certain documents, and sometimes there is a legal obligation to do so. But with the vast majority of documents, I can’t imagine there’s a real need to keep hard copies. From our perspective, we work a lot with original documents and we keep those which we need or which our clients need, but we are moving towards retaining many documents in an electronic format only.
Name one issue that will have the biggest impact in the long term.
Security and trust for the digital economy: verifying that people are who they are, the trust involved in terms of doing business with government or private companies; that is a technical challenge to resolve. And also the ethics around the technologies that might be used to resolve those.
Simplifying the management of IT infrastructure. The things we are building to support applications are getting so complex: it’s virtualisation, virtualisation, virtualisation. For IBM it’s about simplify, simplify, simplify. At the end of the day, the core part of the job is fundamental IT service. It’s just getting harder and we need more expertise.
Information technology isn’t going to keep doubling in capacity every 18 months. It’s going to wind down towards 2020 and as an IT provider, we need to work out what the next thing is. That will be fascinating.
The shift in thinking towards viewing information as an asset and making technology more need-driven than idea-driven.
Legal professionals are keen to adopt technology and use it as efficiently and cost-effectively as possible. In terms of moving towards the likes of the cloud, I think it will be interesting to see how that develops. It may be appropriate for certain information to be stored in the cloud provided there is adequate protection and security. Law firms in particular are dealing with commercially sensitive, confidential, and personal data all the time, and therefore data security is critical for us and our clients.
Agile procurement. For us in the public sector, being able to procure things in a different way provides a challenge. It’s actually nothing to do with the procurement per se and there’s a real fear of writing an open-ended cheque.
Citizen-centric IT enabled processes:
NI Direct is our citizen-centric portal to government services. We can extend this vision to drive out the manual processes that exist in government organisations and put them on the portal; this would simplify and automate many transactions and processes.
Stephen is IBM Ireland’s leader for Smarter Computing. He advises IT leaders on how cloud, business analytics and optimised systems can help them to survive and profit by delivering more responsive and efficient IT services. Stephen has also held leadership positions with IBM’s consulting, software and systems businesses as an IT strategist, architect and specialist.
Stephen is Head of ICT for the Northern Health and Social Care Trust and has worked in ICT for over 15 years, more than half of which have been within the healthcare environment. He holds a degree in computing and information systems, an MSc in computers in education, and an MBA.
David is Technical Marketing Manager at the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast. He joined CSIT from Invest NI, where he was responsible for technical service delivery as well as being Starting Up and International Trade Editor on nibusinessinfo.co.uk. He also held product management and pre-sales roles at Lagan Technologies and spent five years in systems engineering and policy advice within the Northern Ireland Office.
Peter is an ICT lawyer and a Partner with Arthur Cox Solicitors, and has extensive experience of advising public and private sector clients on the procurement and contractual aspects of ICT outsourcing projects. He has advised on some of the largest ICT procurements undertaken on the island of Ireland in recent years, and his experience extends to advising on related technology, regulatory and competition law issues.
Paul is the CEO of Enterprise Shared Services (ESS) for the Northern Ireland Civil Service, and is a Deputy Secretary in the Department of Finance and Personnel. ESS manages the delivery of common corporate services, such as finance, IT, HR and training, primarily to the 12 Civil Service departments and their agencies. Paul’s career spans around 30 years in the ICT software and services sector, in the UK and internationally.