Getting the most out of your workforce is a topical theme in both the Private and Public Sectors. While the Private Sector has the flexibility to reconfigure its workforce according to changing circumstances, in the Public Sector there are traditionally more stringent frameworks preventing similar restructuring.
Within this context, there is a desire in Canada to get more out of their public service. This was reflected most clearly in the 2023 Federal Budget which identified 7.1 billion in savings over five years through the elimination of discretionary spending and pivoting away from a reliance on contractors and consultants. Instead, the Government proposed to lean into its existing public service by upskilling and retraining staff to take on more of the load, become more efficient and save taxpayers money in the process.
This raises the question: If the public service inherits work currently managed by third-parties, what specific skills do they need to acquire? And how quickly and how should these be prioritized?
From a technology perspective, the good news is that, in many instances, the trend is that fewer technical skills are required to manage today’s systems. This finding is particularly prevalent amongst those systems that are cloud-based because the vast majority of complex ongoing maintenance, patches, and updates are managed centrally by the cloud providers themselves and not the users as the traditional model required. Human error during the patching process is a major contributing factor for breaches accounting for nearly 95% of all cases and this issue was virtually eliminated by the heritance of this responsibility by cloud providers and their autonomous systems.
Rather, given that many technical aspects are now managed by technology providers themselves, when it comes to the skills that the public service requires today, they are more oriented around the governance of tech adoption and using the tools available for them.
Take for instance, cloud security. This spring, the House of Commons’ Standing Committee on Public Accounts reviewed the Auditor General’s Report 7—Cybersecurity of Personal Information in the Cloud. The report highlighted that departments did not always implement and follow encryption and network security regulations set by the government to protect information transmitted and stored in the cloud. Furthermore, the report determined security obligations and corresponding roles and responsibilities were not always properly defined. As a result, cloud migrations were not consistent when implemented, leaving them vulnerable to ever increasing number of sophisticated cyberattacks.
In response, the Auditor General outlined actions to ensure key security parameters are strengthened to prevent, detect, and respond to security breaches, and that cyber security roles and responsibilities be clarified and inspected to ensure security guardrails are compliant.
The key point being, the issues identified by the auditor general associated with cloud security were not related to technical expertise or savviness, but rather the governance and conformity around migrating to and using the cloud. These problems can be solved by following operating procedures, which are not technical barriers, but rather associated with project management and thus much more solvable.
While this example pertains to cloud adoption in particular, a similar case could be made for other verticals of technology such as application development, generative AI and especially cyber security. Modern applications, for example, can be built using low code or no code platforms which enables virtually anybody to build an application. When it comes to applications and training, it is managing the number of these applications and how they integrate with citizen data which should be the focus of public sector training and not the technical coding of the applications themselves.
What this means is that, when it comes to technology, the Government’s strategy in leaning into its public sector is sound because the nature of modern technology is increasingly designed in a way to make it easy to use and deploy. Once this is embraced, and as public servants become more accustomed to using and deploying technologies, the Government will need to ensure that they do so and experiment in respect of standing governance frameworks. The protection and respect of Canadian’s data and their wallets demands this prudence.