How much the PA spends on cloud and cybersecurity. Agid report
What emerges from the Agid survey "ICT spending 2021 in the Italian PA"
The Digital Administration Code assigns to the Agency for Digital Italy the task of preparing the Three-Year Plan for IT in the Public Administration starting from data and information acquired by the Public Administrations. AGID has drawn up the survey " ICT Expenditure 2021 in the Italian PA ", which illustrates the estimates on the overall trend of ICT spending by the Public Administration in Italy.
Public administrations analyzed
The survey involved the main central administrations (Ministries and PCMs, tax agencies, the Court of Auditors, national research institutes, INPS, INAIL and ACI) and territorial administrations (Regions and Autonomous Provinces, Metropolitan cities and related provincial capitals). In particular, a panel of 74 entities was analyzed : 26 Central Administrations, 21 Regions and Autonomous Provinces, 13 Metropolitan Cities and 14 Capital Municipalities of Metropolitan Cities.
The growth trend of ICT spending
In the period 2019-2022, the growth trend for ICT spending increased by + 6% annually compared to the previous three years. There was a slowdown in 2020 (+ 3.9%) , mainly following the Covid-19 emergency. The exceptions concern the healthcare sector (+ 5.1%) thanks to the strengthening of the online access and booking systems, and the education sector, which recorded a 10.5% growth, mainly due to the implementation of the systems. of distance learning. Estimates for 2021 show a more sustained recovery in all sectors, equal to approximately 5.7%, for a total estimated value of approximately € 6.5 billion. The data does not take into account the effects of the investments of the National Recovery and Resilience Plan.
Digital culture: the collection and organization of data
Public Bodies have begun to seriously address the issue of data and their organization and enhancement. Many of the bodies that participated in the survey have prepared a Data Strategy plan or plan to do so by 2022. The objectives of the plans concern the collection, data governance and therefore the management and organization of data. Following are the objectives of data enhancement dunquer “business analytics solutions, the introduction of advanced analytics algorithms and the focus on data compliance and data certification issues”. The administrations most interested in these projects are the central administrations, the Regions and the Autonomous Provinces.
The metadata
The organization and enhancement of data assigns a fundamental role to " metadata ". This term means the assignment to the stored data of descriptive data in a language accessible by all computer systems. “Metadata, in fact, allow for greater understanding and represent the key through which to more easily enable the research, discovery, access and therefore the reuse of the data itself”.
Open data: fundamental element for dialogue with citizens
Another focal point concerns the making available of public data. According to the findings of the analysis, 20 Regions and Autonomous Provinces have already released datasets in open format on their datastores and the remaining body plans to do so in the course of 2021. "The local authorities of the panel, on the other hand, have released datasets both on their datastores (17 PAL) and on the datastore of other public bodies (3 PAL), while other 6 bodies plan to do so by the end of 2022. As regards the CAP, finally, the number of bodies that have released datasets in open format and that they plan to do so by the end of 2022 is equal to 17 and 4 respectively ”. The availability of data in an open format allows the development of web applications that can relate to the management of construction sites, state property, or dashboards and dashboards that allow the analysis of real-time data such as traffic, infomobility, weather, and data at regional and municipal level concerning work, expenditure, health care, real estate market.
The widespread diffusion of the cloud
Public administrations very often rely on clouds to store collected data. “In fact, cloud services are very widespread within the panel and a total of 66 Bodies use them. In particular, the use of cloud services is intense in all sectors of the Public Administration: 90% of the Regions and Autonomous Provinces (19 Bodies), 89% of the LAPs (24 Bodies) and 88% use them. by the CAP (23 entities) ". The upcoming creation of a National Strategic Pole to which Data Centers with structural and organizational deficiencies will have to migrate, has directed the Public Administration Bodies towards the choice of IaaS (Infrastructure as a Service) cloud services or relying on external IT services in which organizes their own cloud infrastructure. “In general, Private Cloud architectures are adopted which give greater guarantees in terms of security and reliability”.
Cloud expenses
The panel bodies, at the end of 2020, spent around 70 million euros on cloud services "recording a growth of over 43% on 2019. Increase also expected for the two-year period 2021-2022, albeit with rates gradually consolidating ". The regions and autonomous provinces spent the most (55% of the total in 2020), followed by the central public administrations (34%). “ It is the Regions and Autonomous Provinces that recorded the greatest growth in 2020 and, consequently, show the greatest slowdown in the next two years. The dynamics of CAP expenditure, on the other hand, appears more linear and is expected to slow down only in 2022. Finally, the LAPs show a decline of about 10% recorded in 2020 and then predict an increase in expenditure in the two-year period 2021-2022 but characterized rather low rates ".
IT security
The focal point of the entire data organization architecture is security. The cyber attack on the Lazio Region last summer showed how public administrations can be exposed to criminal actions that have real repercussions on citizens' lives. From the AGID survey, it emerged that the governance of security issues is mainly managed through internal skills and divisions and not through external suppliers . In the majority of cases, public bodies carry out Cybersecurity Risk Assessment or Cybersecurity Assessment “with the aim of identifying the assets that may be most susceptible to cyber attacks. These activities tend to be carried out annually or without a specific frequency ". It is the local Public Administrations that overall show less attention to the issue, both to date and in anticipation.
Cyber threats: staff awareness
Cyber threat prevention and defense also take place through proper staff training since many security incidents are attributable to human errors. To increase staff awareness , organizations continue to focus primarily on general policies and initiatives aimed at correctly formulating passwords and using IT tools securely. Unfortunately, the Agid analysis shows that in all the administrations there is little presence of the organization of security exercises that allow real attack simulations to be carried out to verify the ability of users to adopt the correct posture in terms of security.
Disaster Recovery plans
In the event that a cyber attack develops, the Public Administrations must respond with a Disaster Recovery plan that allows the damage caused to be resolved. "In the majority of cases (65% of the panel, or 48 Bodies), the Public Administrations present Disaster Recovery plans, in particular Regions and Autonomous Provinces and PACs" moreover "half of the CM and the provincial capitals have declared the adoption of a plan, and another 22% reported they anticipated it. Just under half of the institutions that have not yet formulated a Business Continuity plan plan to do so within the next two years or, at the latest, by 2023 ”. Local administrations are the least reactive in introducing Business Continuity plans, programs that allow you to continue your business.
Spending on IT security
The total expenditure on systems and services for security and continuity of operation stood at 114 million euros in 2020 , up by more than 11% compared to 2019. " The resources allocated to this area are expected to grow also in the two-year period 2021-2022 although against a slight consolidation, expected in 2022. Overall, the central administrations (64% of the total in 2020) and Regions and autonomous provinces (about 30%), while local authorities contribute marginally with the remaining about 6% ". It is an expenditure that has an incidence of 3% , still rather low compared to the overall ICT expenditure, if we consider that in the private sector the expenditure for cybersecurity reaches approximately 15-20% of total expenditure . "The issue of economic resources to be allocated to cybersecurity as well as that of the lack of competence represents one of the knots to be solved in order to embark on a process of digitization without having gaps on the security front".
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/quanto-spende-la-pa-per-cloud-e-cybersecurity-report-agid/ on Sun, 16 Jan 2022 07:21:42 +0000.