An otherwise slightly frustrating day has been brightened up by some really interesting conversation about local government digital today. A (digital) coffee with @bmwelby at the start of the day was followed by an equally good (and also digital) pre-lunch chat with @PhilRumens, @pmackay, @_BforBen and others.

My first observation was how easy it is to use tools like Twitter, Google+ and Google Hangouts to bring people together to discuss common topics of interest. Having seen another of my local government IT colleagues take the bold step of allowing access to the ‘normal’ internet earlier this week, I’m amazed that we still have to put effort into making the case for removing some of the Stone Age barriers which stand in the way of our users getting stuff done. Nothing we talked about today was sensitive, and I feel better off for having had the opportunity to connect with colleagues who are working on the same challenges I am grappling with (with zero travel cost to the public purse too!). And I know that it’s not just tech enthusiasts who want to have these sort of easy collaboration tools at their disposal to help them with their work.

Some broad areas of agreement emerged from these conversations (although the other participants may want to correct or clarify my recollection!):

• I think we all recognised the importance of reflecting localism, and the need for local government digital to be firmly plugged into the different communities which councils serve.
• And we were also very focused on trying to make sure that councils can offer their residents and businesses the best of digital technology and service redesign, and make sure that we use shared endeavours to achieve this for the lowest possible cost. We made several references to work which has been developed from the recent Local Gov Camp event, exploring ways to help make this easy.

We discussed several ways that sharing could be useful, in particular:

• Sharing our roadmaps so that we can easily check where other councils are working on similar areas and spot opportunities to collaborate.
• Sharing the processes and content we produce as we redesign services for digital.
• Working towards shared standards so that we increasingly build reusable components that other councils can use, and sharing our design principles and lessons learned to help other councils get the most progress for least cost.
• And this would be supported by making our code open source too (although I realise that this isn’t a new idea, and others have pointed out that code which is already open source isn’t always being reused).
• And we should also be sharing our data, ideally as open data.

What I found particularly interesting about the conversations were the challenges we will need to address to make this possible. Key issues which struck me as particularly important were:

• The need to adopt clear principles of sharing as the foundation of a collaborative approach. It seems self-evident to me that using something like the Open Government licence would be in the best interests of local government as a whole. But I don’t think that this is an accepted principle in all quarters, and as councils look towards income generation to help offset the effects of budget cuts I can see this becoming an area of some debate.
• The need to pick the right tools to enable the different elements of sharing. Tools like GitHub are perfect for sharing of code, but there needs to be something to bring the various components together in a user-friendly form to create a ‘hub’ for digital collaboration that will be useful for techies and non-techies alike.
• The need for a ‘gravitational force’ which can draw digital collaboration together. From the perspective of the councils I work with, we’re already benefiting enormously from sharing together and with other councils whose work is helping us drive forward our digital change. But too often this relies on use of our contact networks and keen enthusiasts publicising their work. This is powerful and effective, but also somewhat haphazard. It would be great to see a ‘core’ for local government digital collaboration, building on what feels like promising foundations and becoming the natural first reference point for sharing digital work.
• And it isn’t all about what councils create. Citizen hackers and a range of groups are creating useful digital tools which could be used much more widely. It would be ideal to use our work to provide a way for the products of their efforts to be made available for public benefit too.

There’s been a conversation bubbling around lately about the need for a single Local Government Digital Service (one LOCAL.GOV.UK if you will). If memory serves, the current round of this discussion was kicked off by @dominiccampbell, and I’ve read some interesting contributions to the discussion since. These include:

• @Copley_Rich, who supported the case here
• @bmwelby, who has recently posted a short series of well argued points here
• @socitm, who have responded with a counter argument
• And I’ve just read @PhilRumens’ useful and simple summary of why one local gov digital isn’t really a thing

I’m not at all convinced that the argument makes much sense: ‘digital’ is a much bigger thing than ‘websites’, and local government is not the same thing as central government. That’s not to say that we shouldn’t be looking to share services and to do our work as efficiently as possible. The two councils I work for have had their budgets cut by c 40% / 50% between 2010 and 2018, and our focus is absolutely on protecting the money we have left to maintain the frontline services our communities rely on. But having had a year’s experience now in leading work to put in place a shared technology platform across two councils, I think it’s easy to understate the complexity involved in making shared services succeed. A shared digital platform across several hundred councils would be enormously challenging.

I think the place to start is to understand the business of local government. The ‘local’ bit really matters, and councils need to respond to a great variety of local needs. And that’s before you get into the complexity of different responsibilities across different types of council. I don’t find a single local government website plausible — Councillors will (rightly) feel strongly that their council’s digital presence needs to reflect what matters to local residents, and this will inevitably mean that content and emphasis will need to differ across boundaries.

The array of legacy business systems will also mean that an apparently neat solution of one local digital service will be highly complex. Different approaches to insourcing vs outsourcing; security vs flexibility; different contract timescales; and the growing use of cloud services inevitably mean that the information and processes needed to enable true digital services are not simple to join up. And unlike central government, there isn’t a lead agency for each service area so similar work can often be done very differently across authority boundaries (to pick a simple example, some Councils charge for garden waste collection but others don’t).

But I’m not even convinced that ‘one’ is the best answer here. Other colleagues have commented on how the current local authority software market feels very tired, and even medieval in its nature. We desperately need to encourage new suppliers to enter the market and help us drive innovation in local service delivery. I think that a monolithic approach will mitigate against this and take us back to the old fashioned monopolies which we need to move away from. A local approach means that we can encourage small and medium sized enterprises to test out new ideas at a manageable scale, and provide an environment to incubate new ways of delivering services. I’m convinced that variety can be a strength here.

Overall, my main concern about the suggestion of one digital service for local government is that any ‘win’ from savings on content management systems will quickly be lost many times over in lost opportunities for service change and the complexity of governance issues. But that’s not to say that there isn’t much which we can share.

A model based on sharing and reuse of technology, content, service redesign and digital principles has a lot to offer for local government, and I see lots of examples where that’s already happening. Examples include:

• Open sharing of code and content: such as templates from the Department of Culture, Media and Sport (which have been used by Shropshire Council for their intranet development)
• A thriving ecosystem of people who care about public services sharing their thinking, with Local Gov Digital, Monmouthshire & Lambeth being just a few among many
• Collaboration to work together to change the way we deliver services, such as pan-London activity to share our procurement activity and use collective pressure to reshape the market we buy from
• And there’s lots of really valuable work coming from the Government Digital Service which can be directly used in a local government context, saving substantial amounts of work (the Government Service Design Manual is a great example of this)

There’s lots more potential here, and I’m sure that we can keep pushing hard to make more of these opportunities. But I think it’s important that we focus on what’s practical and best suited for the environment we work in, and that we work iteratively to build momentum across the sector. There’s too much we need to do to spend time on Grand Schemes which won’t actually address the big issues we need to fix.

But overall, I think the argument is probably best made by @MartinHowitt.

‘nuff said.

Getting the right balance between security and flexibility has become a really hot topic across local government of late.

Traditionally, the way we’ve kept information safe is to implement as many security controls as we possibly can. We make sure that we have full control over everything and that’s made us feel confident that there won’t be any incidents where sensitive information will get lost.

But the reality is more complex than that. Questions we need to ask ourselves include:

• Are we designing our systems to reflect the way that our organisations need to work in future?
• Are the controls we’re implementing proportionate for the information that we’re trying to protect?
• Are we in danger of simply adding barriers which consume precious time, getting in the way of the real work?
• Are some of our technical controls actually increasing risk, as people do things like print material or use personal email so that they can get things done while they’re away from their desks?
• And can we actually afford to provide all the new devices which will help people work in a more mobile way if we insist on providing less flexible ways of accessing our systems?

To quote Mike Bracken from an interesting article I read recently about some of the ICT challenges the US government is dealing with: “In many government services you really only see two voices: the voice of security and the voice of procurement. The voice of usability isn’t in there as well.”

There are two really important reasons why these questions are critical for councils in the current environment…

As I’ve mentioned before in a number of my posts, councils of all political shades are working to deliver services through a more diverse range of partnerships than ever before. For many this is the only way to keep those services running in the face of truly dramatic budget reductions. This means that as well as more collaboration with central government, other public services such as the NHS and Police, and big private sector providers; councils also need to find ways to make it easier for community groups and the public at large to work with us to help find new ways to keep critical public services running. It’s essential that ICT teams find ways to help this succeed, rather than creating barriers which stand in the way of our business strategies.

We also need to find ways to help our people work more productively, taking away the obstacles which reduce efficiency and the time spent on valuable work. But with such large budget reductions can we really afford to provide this across the board in the traditional way? To be honest, I think that notions such as ‘Choose Your Own Device’ which I’ve heard people talk about recently are only going to work for wealthy organisations who can afford to offer a smorgasbord of shiny things to their users. Given the large numbers of people who already have their own smartphones and tablets, we need to embrace a secure Bring Your Own Device approach which lets them take full advantage of what they already have. And this needs to take account of what will make people actually want to use their own devices. Taking away everything which makes their smartphone fun by implementing a full set of corporate controls (a notion I’ve heard described as ‘Donate Your Own Device’!) just won’t work.

In mulling this over I’ve pulled a few thoughts together in the slides below. To me the key is putting the risks in context, thinking about the bigger picture and adapting the way we secure our systems to provide a sensible level of technical control which is appropriate to the information we are giving access to. And I’m sure that if we challenge ourselves and look for a different approach, we can both help our organisations work more effectively and actually reduce the risk of losing information at the same time.

https://docs.google.com/presentation/d/1KbjGOMJrshIm1pou_Aemd76Z-HjA33VvFNBsrcktgcI

I was struck by this blogpost from @ThinkingPurpose recently: http://thinkpurpose.com/2013/08/01/goodbye-ict-youre-already-dead/. It’s a cri de coeur describing how it feels when the ICT tools you’re provided with at work seem to be designed to stop you being productive. I suspect that this is a sentiment that more than a few other people would echo too…

This got me thinking about whether it might be time to replace the traditional ‘ICT strategy’ with a manifesto. Something which speaks about what the ICT team are for, rather than the traditional statement describing the technologies we want to use. And something which makes clear the relationship between ICT and our users in achieving our common goals.

As in many businesses, the astonishing pace of change in technology gives those of us who work in local government ICT a real opportunity to help our services meet the major challenges presented by unprecedented budget cuts. If we use technology well we can free up our people to spend more time doing work which matters, and start to use our information resources more effectively — helping to plug some of the gap left by the cash resources which we are losing. The potential extends further too, into digital services and using open data to help change the relationships between councils are the communities we serve.

However, this pace of change in technology presents a significant challenge for ICT teams. Traditionally business ICT functions (not just those in the public sector) have been heavily focused on providing reliable, locked down and standardised technology models which are not necessarily well adapted to a business environment where services are changing radically to respond to major financial challenges, and new user devices and ‘apps’ are springing up at an incredible rate. We need to learn to adapt to this.

We also need to build a mature relationship with our colleagues. One where we effectively share the responsibility for using information well and keeping it safe. It’s really important that the ICT team don’t fall into the trap of becoming the internal police, telling our users what they can and cannot do (the “computer says no” approach). As I’ve blogged before (https://bytherye.com/2013/11/09/keeping-our-information-safe-using-it-well/), keeping information safe takes more than technical controls, and this fascinating graph from the Information Commissioner’s Office (http://www.ico.org.uk/enforcement/trends) shows that by far the biggest cause of data breaches is human error — often because of poor use of case records. Technical controls are vital (especially to protect our systems from outside threats), but it’s perfectly possible to achieve an appropriate balance of security and flexibility without increasing the risks for the information which we’re responsible for. In fact I’d argue that greater flexibility can actually increase security — have you ever tried to remotely wipe paper documents which have been misplaced?

Creating an environment where ICT can support real business change is key to getting the most benefit from the opportunities that technology offers. Successfully harnessing this potential depends on an effective partnership between ICT and frontline teams. By working together, sharing responsibility, and providing tools which are risk managed not stuck in a model which is 10 years out of date ICT teams have a real opportunity to be seen as part of the core business, not a ‘back room’ function. That sounds like a good place to be!

I’m not sure how “a few days” has suddenly become “a few months”, but time obviously flies when you start a new job!

In April I talked at the Service Desk and IT Support show (SITS13) about our work on self-service and bring your own device. (I was a bit quicker off the mark posting my slides from the show, which are here: https://bytherye.com/2013/04/25/some-slides/)

I really enjoyed the discussion which followed the presentation, both in the room and also on twitter. It’s encouraging to see that the issues we’re grappling with aren’t just a problem for public sector IT people. It’s always nice to know that you’re not alone and to share ideas and experience!

I find the discussion about byod fascinating. It’s clearly vexing a lot of people and IT finds itself caught between the ever growing anxiety about securing valuable and sensitive information and ballooning user demand for greater flexibility and a more personal IT experience. I don’t think that whether we allow byod is really the issue anymore. I think that the days of IT setting out a defined and limited set of tools for our users to use are rapidly on their way out, so we now need to focus on how we give our users more flexibility without creating unmanaged risks.

This question from @Zeiniz echoes those in the room: how can IT allow more flexible access without compromising information security?

A key point for me is that byod does not mean allowing personal devices into our secure network. In fact I think that the opposite is true, I think the answer lies in delivering appropriate information beyond our network and making it available through apps and information services which we can secure as necessary (in much the same way, for example, that Spotify can deliver content to your device and take it away again if you cancel your subscription). The good news is that consumer providers have been doing this for years and there’s lots we can learn from them. In fact, in my view the business IT organisation will increasingly look and feel like a consumer provider delivering business information to our users with a high level of flexibility about which devices can access it. Some of the tools we use may be ones we develop ourselves, but we already have ways of connecting available to us (e.g. ActiveSync for email) which give us capabilities to manage how information is made available and secured across a wide range of devices.

This has big implications for the way that IT manages the relationship with our users and how we share the responsibility to protect information, as well as for how we design our system and information architectures. The old approach where the IT team ‘take care of security’ and users don’t need to worry has reached the end of its shelf life (arguably it didn’t actually work in the first place as I suggested in this post). We can give our users much more flexibility provided they treat information with care and use appropriate tools for more sensitive data — email has never been the right tool for highly confidential or sensitive information. A programme to enable byod will be as much about user training and compliance as it will about technology.

And this shift in the relationship will apply to how we deliver support too. A proliferation of devices and working styles will mean that if we continue our traditional model for providing ICT support, helpdesks will increasingly become overwhelmed and probably less helpful — they just won’t be able to be expert in all the various issues users will want help with.

So this is where self-service comes in. A good start is to build a culture where users are used to getting support through self-service. As online self-service is increasingly the norm in people’s personal lives I’ve seen users showing that they are quite comfortable using an online helpdesk rather than needing to phone or email for support (in fact often they expect to be able to get support this way).

Again, I think that we should be looking to the consumer arena for the way we do this. One of the questions asked at SITS13 was how user-friendly is our self-service helpdesk? And the answer to that is that it’s fairly good, but we need to make sure that we keep making it better. We need to work with our users and challenge ourselves to make more processes available online and simplify processes wherever possible.

As I’ve blogged before (https://bytherye.com/2013/01/05/self-service-making-it-work/), I think the ultimate goal of self-service has to be about more than just providing electronic forms for people to request support from the IT helpdesk. To fully meet the challenge of byod we need to use it to harness the knowledge which our users have and help to share this with other users. Along with prescribing the types of devices people use, I think the days of IT trying to have all the knowledge about how people work with technology are also behind us. I’ll let Denise (@DHL66) have the final word on that!