During my recent bout of manflu, I tried to make sense of the morass of material on the current scale and nature of on-line malpractice and the reasons for the current erosion of confidence in the on-line world. My conclusion is that there are three main culprits:.
1) The Information security industry, crying wolf and selling snake-oil: because it is so much easier and more lucrative than co-operating to destroy the malware supply chain, remove systemic vulnerabilities and sue those causing the damage.
2) “Something must be done” politicians and the whole regulatory/compliance industry: for the expensive displacement activities that have drained budgets and resources away from that which might actually address the problems.
3) User, alias victims, for putting up with diabolical quality of service for far too long and not clubbing together to fight their corner.
I have commented before that ICT is unique among industries in passing from adolescence to seniity without passing through maturty.
Twenty five years ago I was acting Vice President Professional when BCS first launched the Professional Development Scheme. I used to lecture on the difference between the world’s oldest and newest professions: even the most junior Soho tart could tell you what it would be like, how much it would cost and how long it would take – albeit with both professions you had to take measures to protect yourself against unpleasant consequences.
The oldest profession did not expect you to pay for the invention of new variations, previously unknown to man or beast. Today we see yet another generation of technophiliacs trying to write new ICT Kama Sutras at the expense of their users: as opposed to winning repeat business by giving customer satisfaction.
The current euphoria over cloud computing and “applications as a service” is yet another re-run of the enthusiasms first seen in the early 1970s. It is lethal without serious investment in local, regional, national and international communications resilience, in information security by default and in identity management and governance. None of this has yet moved from talko to action.
The attempt by secondees from well-known consultancies to persuade the Conservative Party to scrap the current public sector IT legacy and start again is similarly poisonous.
It is a rerun of the con-jobs visited on New Labour by a previous generation of similar secondees during the ruin-up to the 1997 election.
[on proof-reading that was such a splendid Freudian slip I felt I had to leave it there]
The state of ICT within the NHS may well be a decade behind where it would have been had the inter-operability stategy of the NHSIA not been scrapped in favour of the grandiose centralisation of the NPfIT – but we are where we are.
The quality of information and identity management (let alone inter-operability and sharing) across central governmant may well be equally behind where it would have been before all the wasted effort on a Nationally Identity Register and/or Card, but once again, we are where we are.
There is plenty of experience of how to turn round bloated, bankrupt, bureaucracies – public or private. Ambitious plans to start again are the way to destruction – not turn-round.
A simple comparison of the world two most bloated private sector empires of the early 1980s makes the point
AT&T was re-organised by every major consultancy in turn until it was finally drained of in-house management talent, enthusiasm and expertise. It no longer exists other than in name.
IBM was forced to return to its roots by a new chief executive who asked old-fashioned questions and enforced equally old fashioned management disciplines from within. It not only survived but is once again a global powerhouse of innovation.
Today the start point of any turn round is all too often a sclerotic and incoherent ICT operation, commonly piggy in the middle between a bunch of inflexible outsource contracts and user enthusiasms for social networking and mobile technologies, rather than focussed on supporting efficient service delivery and operational and tactical decision taking.
[I spent five years as a Corporate Planner and did only three genuine “strategic decision” exercises in that time: none of the information available on our in-house systems was relevant to any of them. However a single tactical decision repaid the cost of re-writing the management accounting system that identified both problem and likely solution].
A common start point for any turn-round is therefore now the ICT budget: starting with a systems audit, done by your own staff, not outside consultants, to identify the systems that no longer give benefit, if they ever did, because the functions they were built to serve are no longer relevant and then moving onto a programme of incremental change, using rapid payback projects to rebuild the skills and profsssionalism of your in-house management – whether to manage in-house operations or outside contracts.
Only after those those skills have been rebuilt and demonstrated will those at the top be able to set about the wider task of re-engineering service delivery in the expectation of success rather than terminal failure.
The result to date may well be savings of up to 70% from overhead budgets that may themselves be 10 – 15% of turnover, in parallel with a sharp rise in perceived quality of service and response to user needs. The team will therefore have earned the track record, respect and confidence needed to set about the next stage.
You may ask: what has this to do with user confidence in the security of the on-line world?
Bolting security onto crap systems results, at best, in a temporary delusion of safety.
No serious progress is possible until the underlying systems have been reformed. This includes people processes operated by individuals you can trust. And staff cannot be trusted until they once again feel secure.
While I have been off sick the EURIM groups working on Public Service Delivery and Information Governance have produced some excellent material, Cynics may say that I should go sick more often. However, that material needs to be viewed in the context of the scale and nature of the crisis of confidence we now face.
The more effective use of ICT will indoubtedly be at the heart of global recovery from the current recession but at the heart will be a return to the basic disciplines of using technology to better support people processes, not a new round of self-delusion