Can SMEs Secure Our Digital Future?

Secure Our Digital Future

Recent media coverage has highlighted the challenges small and medium enterprises (SMEs) face when providing IT for the Government, such as not being globally competitive or having economies of scale (scalability in resources, cost or knowledge).

A large percentage of this is down to the complexities around obtaining security accreditation for products or solutions. Companies need to make significant investments in software engineering, physical security, security accreditation and training and skills in order to be ready for implementing their digital services.

However things are slowly changing; the Government has pledged to increase its IT spending through SMEs by 50% with projects such as G-cloud. This move marks a positive step forward by driving cost efficiency, streamlining processes and boosting economic development through aiding SME growth. Nevertheless, there are still unfounded concerns over SMEs running big IT projects.

We recently won a sizable contract with the Ministry of Justice (MoJ) to create a system to speed up the Employment Tribunals end to end process. This success is largely down to honing our approach to business, so we would like to share some guidance for other SMEs in how to get ahead in the Central Government sector.

1. Expect Complexity

Security accreditation can be extremely complex. However despite this, SMEs have one clear advantage over larger organisations – smaller teams are dramatically more efficient than large teams, they work better together and have higher morale. Therefore, SMEs can bring fresh thinking and an agile approach to Government projects, essential to ensure innovation and success. By employing flexible delivery and changing the culture of IT projects, SMEs are well positioned to manage Government projects on budget, on time and to a much higher standard; areas which larger providers have dropped the ball in the past.

2. Prepare For Bureaucracy

A common fear working with the Government is the cost of the reaccreditation process. Many SMEs developing software want to release products ‘little and often’ but this challenging journey can seem like a very long dark tunnel. Each change needs to go through the bureaucracy of re-accreditation, review, change, request forms and board reviews. Within this time, a supplier may have improved the software, so the accredited version is out of date.

There is one good way to deal with this; be pragmatic and have confidence. Trust in yourself and team to find work-arounds to streamline change requests, while maintaining a keen focus on Information security. It is true the process is long but there is light at the end of the tunnel, you just need keen eyes to navigate your way there.

3. Get A Consultant

An area where the Government could assist more, is providing a pool of impartial information and security experts, similar in principle to the UK National Technical Authority for information assurance (CESG) or the Digital Government Security Forum (DGSF). Nevertheless, until this happens, to avoid any last minute surprises, it is advised to source an unbiased expert who can provide guidance in the early stages of design, through to final delivery.

Start the journey by complying with ISO27001, the international standard for an Information Security Management System, and engage with a CESG Listed Adviser Scheme (CLAS) consultant as early as possible. This ensures your software passes any in-scope security requirements for the Government’s ITHC (IT Health Check) and helps to avoid any last minute architectural re-designs or security concerns from being an issue from the outset.

4. Share With Other SMEs

As the proverb goes ‘knowledge is power’. By working together, sharing ideas, expertise and learning how to be flexible, SMEs can help each other achieve great success. Take every opportunity to share your knowledge with other SMEs such as in network groups and forums. Connecting with other like-minded organisations is an essential tool to learn faster and share ‘war stories’.

Mark Foden of Foden Grealy (independent change management specialists in the Government IT sector) is involved with promoting connections amongst SMEs and IT reformers in government. He makes the point that, “It’s really, really important for SMEs to connect. Our main competitors, the big firms, have well-established structures with inherent means of communicating and organising delivery across many diverse specialists. Whilst, individually, SMEs may have the better people, prices and performance there must be effective co-ordination. It’s a gap, that we must close quickly.”

5. Share With The Government

Despite the difficulties, the Government can also be an ally. It is advised to communicate with them, share experiences and raise awareness of challenges early and maybe they can help support or facilitate your ideas for improvement internally. Finally, run agile retrospectives at the end of sprints to collect feedback and integrate processes, this will help you improve your offering, inch by inch.

Overall, it can be a significant undertaking providing Government IT and your company will have to rapidly adapt business processes to overcome the complexities and bureaucracy. The Government needs to also play its part and be more flexible when working with SMEs. Until this fully happens, engage and research, source experts and collaborate with other SMEs and finally, never be afraid to punch above your weight. These projects are in our grasp, we just need to reach out and grab them.

Andy Perkins

Andy Perkins is Jadu's Software Architect and Technical Fellow, joining Jadu in 2002. Andy was most recently part of the Jadu team that delivered the UK Government Exemplar #23, Employment Tribunals service with the Ministry of Justice. Andy worked on the Jadu Universe platform and has an intrinsic understanding of extending its core capabilities and integrating with other systems to provide effective enterprise solutions.