Zeus Cloud CEO Mark Grindey has warned that public sector IT services are no longer fit for purpose due to its poor tendering system.
He said that reports of constant security breaches, unacceptable downtime, epidemic overspending, and delays in vital service innovation that would reduce costs and improve citizen experience have become rampant.
“While the UK’s public sector is on the front line of a global escalation in cyberattacks, the number of breaches leading to service disruption, data loss and additional costs to rebuild and restore systems are unacceptable and unnecessary. A lack of expertise, insufficient procurement rigour and a herd mentality have led to over-reliance on a handful of vendors, ubiquitous infrastructure models and identical security vulnerabilities that are quickly and easily exploited,” Grindey said.
However, he argues that the system’s woes are not budget-related despite the public sector claiming a lack of funding.
” The root cause of inadequate security or inconsistent service delivery is not money, but how it is spent. Despite the challenges, there is hope for improvement. Grindey suggested that the current tendering process if reformed, can curb misdirected and excessive spending.
Grindey argues that the broken tender process fundamentally undermines innovation and exposes the public sector to devastating security risks.
Theoretically, an open tender model should ensure that money is well spent and guarantee that the best provider delivers the service. In reality, the vast majority of contracts are allocated to the same handful of large organisations.
“It would be fine if the services delivered were of top quality, highly secure, and fairly priced. They are not. The public sector is routinely charged three times as much as the private sector for equivalent IT deployments,” he said.
In addition to this endemic overspending, the reliance on a few vendors radically increases the security threat due to the ubiquity of infrastructure models. When most public sector organisations have relocated to the same public cloud hyperscaler and adopted identical security postures, it is inevitable that a breach at one organisation will be rapidly exploited and repeated in others, he added.
“The current tender process completely lacks rigour. Given the continued security breaches, why are these vendors not being held to account? Why are they still being awarded new contracts? Indeed, why are they winning the business to rebuild and recover the systems damaged by a security breach that occurred on their watch? Other managed services providers and cloud platforms can offer not only better pricing but also a far better security track record. Something is going very wrong in public sector procurement,” Grindey said.
He claims that the public sector is complicit in this overspending: any vendor attempting to charge a lower (fair) amount is automatically excluded from the tender process.
“The public sector has been ‘trained’ by the IT industry to expect these inflated costs, but there is also a reliance on dedicated Procurement Officers who lack essential sector expertise. Why, for example, is every single system used by Leicester City Council located on the same public cloud platform? It should be impossible for a system breach to extend and expand across every single part of the organisation, yet if the council fails to understand basic security principles, it will set itself up for expensive failure,” Grindey said.
The lack of expertise is a serious concern. Continued reliance on large IT vendors has made many public sector organisations dangerously under-skilled. Given the lack of internal knowledge, organisations often turn to incumbent vendors for information to support the tender process, leading to further price inflation. Furthermore, when a crisis occurs, he said that reliance on a third party rather than in-house expertise leads to inevitable delays that exacerbate problems and result in additional costs to repair and restore systems.
“The situation is enormously frustrating for IT vendors with the expertise to deliver lower-cost, secure systems. The misdirected spending has left public sector bodies woefully out of date. Not only are security postures frighteningly old-fashioned, but there are unacceptable delays in vital service delivery innovations that would transform the citizen experience and provide operational cost savings,” Grindey said.
Grindey said that change is essential given the escalating pressures facing all public sector organisations. In-house expertise must be rebuilt to ensure sector experts are involved in the procurement process, and pricing expectations must be immediately overhauled: avaricious IT vendors will continue to overcharge unless challenged. One option is to appoint an outsourced CTO with broad public and private sector expertise, an individual with the knowledge and experience to call out the endemic overcharging and sanity-check the procurement process.
“It is essential to move away from the herd mentality. Would, for example, an on-premise private cloud solution be a better option than a public cloud hyperscaler? What is the cost comparison of adding in-house security expertise rather than relying on a third party – factoring in the value of fast response if a problem occurs? It is telling that the handful of local authorities with a good security track record have not adopted the same big vendor, public cloud approach, but applied rigour to the procurement process to achieve a more secure and cost-effective approach. Others could and should learn from these organisations,” Grindey said.
“Good, effective IT systems underpin every aspect of public sector service delivery, and right now, the vast majority are not fit for purpose. It is, therefore, vital to highlight and celebrate the good performers – and challenge those vendors that continue to overcharge and underperform,” he said.
Sharing information between organisations to support strategic direction and day-to-day risk mitigation is vital to propagating best practices. Critically, by pooling knowledge and expertise, the public sector can begin to regain control over what is a broken model.
“While the public sector continues to flounder with inadequate security and a lack of knowledge, the IT vendors will continue to win. They need to be held accountable, and that can only happen if public sector organisations come together to demand more and hold the industry accountable,” Grindey said.
