Security challenges of unmanaged innovation in future cities and regions

Future cities, or smart cities, are driving numerous innovation initiatives - for example, creating apps using data from sensors and other sources to improve citizen experiences and run governments better. More open data sources are enabling small mobile apps to be developed quickly and at low cost points. The time is right for innovation and it is being embraced quickly. However, the same capabilities that allow innovation to flourish in cities and regions can also create security and management risks. A common example is employees using cloud-based file-sharing services that are not compliant with agency security policies, compromising government data and networks.

Uncoordinated deployment of applications also increases complexity that can eventually overwhelm chief information officers (CIOs) and their staffs. As a result, IT departments will struggle to balance two competing goals: ensuring the transparency and security needed for compliance and risk management without stifling the innovation essential to creating a sustainable future for their locality.

The freedom to develop and test new solutions is essential to fostering a culture of innovation. While a CIO who controls the IT environment too tightly could smother innovation, insufficient management and governance can open the door to uncontrollable “shadow IT” (software and hardware deployed outside the agency’s enterprise IT framework). Most government agencies have spent the last 10 years bringing such systems back into the enterprise, but the excitement and availability of new applications, and the ability to purchase them at low cost points in the cloud, could revitalize the shadow IT syndrome. Instead of hiding a rogue server under the desk as in the past, users now can simply use a non-compliant application in the cloud, sometimes free of charge.

The cloud offers many easy avenues for employees to deploy new apps that are potentially risky to their agencies. They can place sensitive data in unknown and possibly insecure clouds. They can deploy these new apps quickly without coordinating their efforts with the IT staff. While such deployments may provide valuable operational capabilities and services, they also create multiple points of security vulnerability, especially as workers and citizen services are increasingly mobile. The new capabilities also may be inconsistent with a local government’s enterprise architecture and technology roadmap. Such added complexity can eventually slow networks and services, hamper information sharing and drive up IT management costs.

In its “Cloud Adoption Practices & Priorities Survey Report,” January 2015, the Cloud Security Alliance noted that more than 70% of global and commercial respondents to their survey said they did not know the number of shadow IT applications in their organizations, although they wanted to. In some respects, today’s innovation sprawl shows that government employees are passionate about improving operational efficiencies, enhancing citizen services and strengthening mission capabilities. But it can also give rise to shadow IT that increases complexity, costs and security risks, ultimately undermining the benefits. Innovation thrives when given freedom and support, but it will strangle itself amid chaos and disorder.

I invite you to read more on this topic in our new white paper developed for U.S. local government leaders, Managing Innovation to Sustain Growth and Prosperity: How local governments can spark technology innovation while mitigating risk.