It's more than tech.
Digital transformation is a fundamental reality for businesses, given customer expectations of on-demand service and digital access, cloud-enabled cost efficiencies, and imperatives for data security, among others. Governments are not immune to these forces. Citizens and other legal residents are a government's 'customers', interacting with it on critical matters such as housing, education, and healthcare.
With digital technology increasingly woven into the fabric of everyday life, citizen interactions with their government have shifted to digital platforms accessible via mobile phones, computers, and assorted digital devices. Citizens also expect their government to function as effectively and efficiently as leading tech firms like Amazon and Apple.
A well-thought-out data policy, supported by a tech stack and cloud infrastructure, an agile way of working, and coordinated whole-of-government leadership, are therefore fundamental to successful government digital transformation efforts, as exemplified by the Singapore government's digital journey.
ORIGINS OF GOVTECH
In October 2016, the Singapore government set up the Government Technology Agency of Singapore (GovTech) to drive the development of technology and digital solutions needed for Smart Nation and related digital transformation efforts across the Public Service.1 Initially, GovTech was under the Ministry of Communications and Information, but it came under the purview of the Prime Minister's Office (PMO) in May 2017. While GovTech is focused on technology capabilities, as well as the planning, design, execution, and operations of digital solutions, the Smart Nation and Digital Government Office (SNDGO)-its sister organisational unit and close partner which was formed in 2014-is responsible for the policy planning and coordination aspects related to Smart Nation and digital government efforts. Together, SNDGO and GovTech form the Smart Nation and Digital Government Group located within PMO.2
Although GovTech was created in 2016, it has a long lineage. Back in 1981, Singapore established the then National Computer Board (NCB) "to implement the computerisation of the Civil Service, coordinate computer education and training, and develop and promote the computer services industry".3 In the early days of NCB's public sector computerisation efforts in the 1980s, the government had to build its own internal information technology (IT) capabilities and manpower as the work was new to Singapore, and there was not much of a local IT vendor ecosystem, aside from a few multinationals like IBM which had local offices and their own IT services engineering staff. Over the course of the 1990s and the first decade of the 2000s, the pendulum for executing public sector IT efforts swung almost fully in the other direction towards vendor outsourcing. As a result, much of the internal technology and engineering competencies within the civilian sectors of government for hands-on designing and delivering IT applications dissipated.
It was not until 2010, given the impetus of developments related to the Internet, e-commerce, smartphones, and the launch of commercial cloud service providers, that the rebuilding of internal capabilities for government digital services commenced. At that time, about 90 percent of the government's spend on IT operations was outsourced to external vendors, and this lack of internal IT engineering and digital technology capability was a major bottleneck impeding the government's digital transformation. In response, an experimental government digital services team was formed in 2010 with about seven people. By the end of 2015, this new team comprised over 100 people, who were split into a product development unit and a data science unit. By early 2023, about a third of GovTech's total staff of approximately 3,600 people had been employed to handle product development, product management, and core digital technology competencies.
THINK BIG, START SMALL, ACT FAST
Given that GovTech serves over 60 ministries and agencies, the prospect of building core capabilities to drive digital transformation and provide new types of digital services was daunting. In the initial years of this capability build-up (2010-2016), technological developments such as cloud computing, Software-as-a-Service, Internet-of-Things (IoT), data analytics, and the machine learning subarea of Artificial Intelligence had already come to the fore and were fundamentally changing the IT services landscape. The term 'digital transformation' had emerged as an industry buzzword during this period to connotate going beyond just using more advanced IT solutions to creating new types of 'digital-first' services and rethinking what was possible from the confluence of new sources of data, new ways of processing it, and new ways of engaging with users. How was GovTech to deal with the seemingly vertical learning curve while creating new products as part of digitally transforming an organisation as complex as a government?
The answer: start small and move fast. By doing so, through successive rounds of developing just-viable-enough usable product deliverables starting with a minimum viable product (MVP), improved iterations could eventually lead to realising the vision for a large-scale end-product. This type of learning-by-doing iterative approach is key to successful digital government efforts.
To facilitate thinking about new possibilities for MVPs, GovTech offers a mechanism called 'Whitespace', where anybody within the organisation can approach senior management with a promising idea beyond ongoing or planned digital product initiatives. The staff involved in approved Whitespace initiatives are typically given three months and up to S$50,000 to produce a working prototype. If the prototype is deemed feasible, both in terms of meeting a real user need and being realised technically, the development team gets another six months and S$100,000 to build a next-step prototype and work towards creating an MVP. Even if these projects are discontinued as a result of ongoing evaluation, they are not deemed a waste of time or money, as it is a small sum spent (compared to say the traditional vendor procurement system) to get hard evidence of whether a new concept has business and technical viability. More importantly, the experience gained in these types of early-stage exploratory efforts almost always generates capabilities that turn out to be useful for future projects and follow-on product building.
THE HORIZONTAL APPROACH
GovTech also identified the need to build horizontal platforms that provide common infrastructure and software services, as well as software application products that can be used-and re-used-by different organisational functions and business verticals. Within the government, this means common usage across the various ministries and agencies that are responsible for the multitude of internal and resident-facing government activities in areas such as education, environment, finance/ taxes/retirement funds, housing, law, manpower, trade and industry, and transportation. For private sector companies, this would correspond to common usage by different functional departments such as marketing, finance, human resources, procurement, operations, and customer support. Many organisations trying to 'go digital' pursue and often struggle with building these types of common platforms and products.
The Government on Commercial Cloud (GCC) and the Singapore Government Tech Stack (SGTS) are examples of horizontal platforms at the foundation level and the middle level of architectural capability respectively needed to support a complex organisation like a government (refer to Figure 1).
Aspects of government cloud usage policies were 'wrapped into' specially crafted environments within the cloud services of several major commercial cloud providers to create a GovTech-specific platform within the more generic commercial cloud provider platform. The GCC environment also provided enhanced cybersecurity, simplified onboarding, automation of workflows, and the observability, auditing, and monitoring of service execution required to ensure continuous compliance with Singapore government policies for commercial cloud usage.4 This made it possible for an individual ministry or agency to use GovTech's pre-specified GCC platform that has already been deployed for a particular cloud vendor (Amazon, Microsoft, or Google) to package requirements for compliance, security, data residency, and other complicated issues into one integrated solution.
It also provided the framework and support infrastructure for working with more than one commercial cloud vendor, which made it substantially easier for each ministry or agency, including GovTech's own divisions, to deploy allowable applications on the commercial cloud in a consistent, safe, and reliable way, and to do so more quickly and securely at reduced costs. As of December 2022, there were over 600 government digital services deployed across the various GCC platforms.
SGTS, a suite of tools and services hosted on a common infrastructure, was built in parallel with GCC. The various platform tools within SGTS can either be deployed on an external GCC infrastructure or an internal government one. SGTS provides many types of software building blocks and services that can be used to create a wide range of IT applications and digital services. GovTech has been steadily expanding the libraries of these building block tools and services, using these common components to create a larger proportion of new government IT applications.5 As a result, the Singapore government has been making less use of 'monolithic' function-specific legacy systems, which are typically self-contained IT systems with their own servers and features built by external system integrators.
The base layer of SGTS mostly consists of tools and software applications to enable and deploy a DevOps environment, within which software developers (devs) and operations (ops) teams are able to accelerate delivery through automation, collaboration, fast feedback, and iterative improvement.6 It also contains APEX (Application Programming Interface Exchange), a centralised Singapore government application programming interface (API) directory and gateway that provides a means of facilitating data sharing and exchange across the many Singapore public sector databases and software applications. APEX acts as a bridge that vastly simplifies information exchange between two different software applications, or between a software application and a data repository. It also contains coded rules that manage who within the government has the authorisation to access specific types of data and how that data gets transferred internally to support the needs of an approved digital service or IT application.7
Technology developers within the government can use APEX to discover the types of data available, identify where it is located, view the permissions and controls required to access and use it, and invoke the appropriate API to utilise the data as needed in the application being created. Using APEX, a government IT application or analytics model can access the required data from 'a single source of truth', which has the responsibility and accountability for the accuracy and management of that specific data item. Establishing this 'single source of truth' framework was a major policy initiative that SNDGO and GovTech orchestrated across the government.
Because of APEX, government staff creating or enhancing IT systems and digital services can more rapidly locate and securely access government data, and subsequently incorporate it into a software application. The pre-built APIs in APEX eliminate the need to build direct connections to every system in order to access the data. This promotes secure and permissions-protected data sharing within the government, and greatly reduces digital silos and duplication of efforts.
The SGTS service layer, where higher-level reusable components and services are built, sits on top of the base layer. Singpass, the key enabler of Singapore's National Digital Identity framework, is perhaps the best-known example of a service layer application. Instead of every government software application across different agencies having its own customised authentication service to verify users' identities, they now all use Singpass. GovWallet, a common payment service for managing and executing government pay-outs to beneficiaries (e.g., a baby bonus payment or a Workfare Income Supplement), is another service built into this layer.8 These and many others available in the service layer are easy for developers to use, and are designed to be compliant with government requirements for security, privacy, stability, and operational sustainability.
One could think of the lower layers in Figure 1-GCC, the network and infrastructure services layer, and the base layer of SGTS-as the 'plumbing' and other supporting 'utilities' for the entire system. When building a physical house, proper design and building of plumbing and electrical wiring lets one make alterations to the house without having to redo the pipes and wires. Similarly, a solid base in a tech stack enables government technology staff to focus on understanding, defining, creating, and testing actual use cases without having to wrestle with simultaneously building all the necessary lower-level infrastructure.
Another way to understand Singapore's tech stack approach is to think of them as Lego blocks. The pre-existing, well-designed building blocks of the tech stack-some for standard functions and others for highly specialised functions- are cleverly combined to create a much larger and more complex entity. By continuing to create new types of Lego-like blocks (software tools, services and common applications), a wider and more sophisticated range of IT applications and digital services can be 'built up' without having to start from scratch.
The combination of GCC and SGTS thus represents a particularly important shift in Singapore's thinking about digital government.
DATA ARCHITECTURE AND POLICY
When GovTech was formed in 2016, government data policies still forbade the use of the commercial cloud for nearly all internal work except for some smaller scale pilots. GovTech had to quickly initiate work with SNDGO to craft policies for the usage of commercial cloud services. For the longest time, technology infrastructure meant having supporting data centres located nearby with tangible servers and firewalls that the organisation owned and maintained. With much of the need for physical infrastructure for data centres having disappeared with the steady growth and increased reliability and security of commercial cloud services (although restrictions for the cloud servers to be resident in the country are often applied), the new policies had to address specific issues like: what kind of government processes can (and cannot) go onto the commercial cloud? Where does the data reside? When must it reside in Singapore? Can it ever be outside the country? When must the government have physical control over some or all of this infrastructure?
It would be impossible for each ministry to address and solve these issues independently. Before GovTech could build and implement the technology, it had to work closely with SNDGO to identify, define, and answer policy questions pertaining to data architecture, usage, and protection. Being under PMO, SNDGO and GovTech are positioned at the 'centre of government', making it possible to combine efforts to effect the necessary changes to data policies for proceeding with Smart Nation and digital government efforts.
The concept of a 'single source of truth' illustrates the importance of good data architecture and coherent data policy. For example, until recently, when citizens and residents interacted with the government, their address was collected multiple times because every agency would do it separately. It was not uncommon, and very annoying for residents, to have as many as 20 instances of their address stored across various government databases.
Clarifying responsibility within the government for which agency owns which particular type of data such as an address, birth date, or national identification document (ID) number is a foundational pre-requisite for realising a single source of truth. GovTech supported SNDGO in its effort to designate where the single source of truth for key data fields should reside and which unit in the government should manage it. For example, the Immigration and Checkpoints Authority (ICA) under the Ministry of Home Affairs was designated the 'owner' of a citizen or permanent resident's official address. So when a person changes residence, it needs to be only updated with a single agency. Once done, ICA's systems automatically disseminate the updated information to the many other government information systems that make use of that person's address. Similarly, foreign workers in Singapore who hold various types of work visas report updates to their address and other visa-related information to the Ministry of Manpower as this agency has been designated as the single source of truth for people in Singapore on any type of work visa.
Deciding which specific part of the government should be responsible for certain key types of data and even specific data fields might seem like a low-level execution detail, something that is very operational and even trivial. That is not at all the case. Singapore considers designating responsibility and accountability for the single source of truth for data items to be so important that there is a high-level committee which meticulously goes through and makes the final approvals on the designations for data responsibility. If the government can clarify ownership of the data, it can move forward with how to clean the data as part of maintaining and improving data quality, and how to best manage data updates flowing from the designated single source of truth to all other applications across the government which make use of that data.
Another important government-level data policy decision was whether the storage of most civilian-related data should be centralised or handled in a more distributed fashion by each of the relevant agencies. The decision was made against centralisation because it then becomes a very high cybersecurity risk. Hence, different agencies were tasked to own the storage and protection of certain types of data, while closely coordinating with cybersecurity experts in GovTech and the Cyber Security Agency of Singapore.
The substantial progress made with defining data policies and determining data ownership has amplified the effectiveness of APEX. Singapore has pre-vetted a large number of commonly occurring use-cases for cross-government data access, and it has either greatly simplified the approval process or pre-approved certain types of 'lower-risk' requests, though always with proper protections and controls. The review and decision process when special permissions for data access are required has also been shortened significantly. Now, even if data access is required from multiple ministries for an upgraded or new digital service, developers can simply make the request for access, and in most situations, that access is quickly reviewed and promptly granted in a matter of a few days.
The contrast to the old way of working could not be starker. Prior to the 2017/2018 period, it was not uncommon for a data access request for an IT or digital services project within the government to take up to a year for review and approval. It would even be longer if multiple ministries were involved. This substantially impeded the rate of progress on Smart Nation and digital government initiatives.
SHIFT LEFT WITH INTERNAL TECHNOLOGY CREATION CAPABILITIES AND TOP-LEVEL LEADERSHIP COMMITMENT
Platform and product development teams within GovTech have embraced and expanded upon agile development approaches based on rapid, continuous iterations, where software under development is updated and tested regularly. Even though problems will occur with the development of new software and digital solutions, the use of the agile approach results in them getting detected and addressed much earlier in the project cycle before the effects of the problem are magnified. In parallel, the increasing use of pre-built and pre-tested infrastructure services, software services, and common product modules has improved software and systems quality by substantially reducing the number of errors that arise when infrastructure and software are built from scratch. This is a concept in software and digital solution development referred to as 'shift left'. When this is adopted, bugs are detected and fixed earlier in the lifecycle of the project. Cybersecurity compliance is addressed at the very beginning, not as an afterthought. Because of these cumulative efforts with the tech stack, data architecture and policies, and agile practices, several recent GovTech software application projects have gone live with only a small number of errors found during the final User Acceptance Testing (UAT) and other final pre-production tests.
This way of building software substantially reduces the troubleshooting nightmare of traditional IT methods at the pre-release stage of UAT and cybersecurity penetration testing. It is not uncommon for an organisation deploying a large new system using more traditional development practices to uncover a huge number-for example 1,000 items-where the system does not pass the final UAT or penetration test. When these bugs are not discovered until the supposed end of the development effort, it results in an immensely stressful 'death march' for the development team to fix the typical 10 percent critical findings (100 bugs) and another 20 percent high priority problem findings (200 bugs) as quickly as possible, often resulting in blown budgets, delayed delivery, and a demoralised project team.
ABILITY TO RESPOND TO URGENT NATIONAL NEEDS
Agility during development and deployment in response to meeting an urgent national need was demonstrated by GovTech's release of the TraceTogether app and hardware token in the early weeks of the COVID-19 pandemic in 2020. While the TraceTogether concept was simple-using Bluetooth on mobile phones to track interactions between COVID-19-positive individuals and others in public spaces-the implementation details and associated privacy protection issues were very complex. A team of engineers within GovTech was able to build and release the first working version of the TraceTogether mobile phone app in just four weeks. A traditionally executed software development project of equivalent scope could have taken months or even a year.
The TraceTogether app worked fine for the many mobile phone users who knew how to install it on their phones and switch on Bluetooth. But there were other segments of Singapore's population who were not capable, or regular mobile phone users, such as the elderly and young children. To meet the needs of these non-mobile phone users, GovTech also built a TraceTogether hardware token that could be conveniently carried or worn. The GovTech Sensors & IoT team designed the hardware token in less than four weeks, and it was launched within two months.
Additionally, during the early days of the COVID-19 pandemic, another small team at GovTech developed and released the SafeEntry application used for check-ins when people entered locations with high footfall such as supermarkets, food outlets, and shopping centres. This application was developed in a remarkably short time, such that a working initial prototype was created within a couple of weeks.9 Although TraceTogether and SafeEntry served different purposes and each application had distinct functionalities, the two were combined into a common interface and application. This was also carried out quickly.
All this was possible because GovTech had substantially built up its in-house technical and operational expertise for creating and deploying digital solutions. When organisations outsource nearly all their IT development work and supporting operations, over time, staff will become full-time administratively-oriented contract managers for the outsourced projects, losing the capability to function as hands-on technology developers and decision-makers. In contrast, when organisations build or rebuild core internal IT and digital solution capabilities, employees and teams have the competencies to assess whether a certain design approach or choice of technology makes sense given current and emerging practices, as well as how to design it, and determine how to get going on initial iterations to validate and improve the approach. When such an organisation conducts procurement from external vendors or fully outsources certain initiatives, it also benefits because the in-house professionals can better assess the solution proposed by the vendor, its cost-effectiveness, and whether delivery within the specified time frame is feasible.
KEY LEARNINGS
A few important reasons underpin GovTech's progress and success:
• Building up strong teams of highly competent people across the realms of software project and product development, platform and infrastructure development, cybersecurity, service delivery and operations, related aspects of governance, and supporting organisational functions.
•Providing technology and solution development teams with steadily improving technology building blocks, such as the expanding set of components within GCC, SGTS, and the APEX API Exchange. Also providing employees across all types of job roles with easier and more productive ways of doing their everyday work, by enabling support applications such as the Singapore Government Developer Portal, Digital Workplace for seamless hybrid (physical, virtual) collaboration, and FormSG for simplifying the process of creating digital forms.
•Receiving strong and well-coordinated support from senior management within GovTech, SNDGO, and across PMO and all other ministries.
•Staying focused on real user needs and real problems (current, emerging and future), and never forgetting that the reason for building up capabilities in key technology areas is to address these needs and problems.
Significant credit must go to Singapore's senior government leaders, right up to the Prime Minister. As demonstrated during the COVID-19 pandemic, everyone across the government was able to quickly come together to meet the unprecedented challenge and provide high level support for making well-considered exceptions for some of the standard bureaucratic processes that ordinarily take up more time. Many special policies to facilitate the new digital solutions for Singapore's COVID-19 response had to be quickly crafted, and other existing ones were tweaked. However, the government's commitment to digital transformation had helped put in place comprehensive data and security policies, which enabled unanticipated deployments of new technology solutions to be carried out quickly and effectively. The pandemic also provided GovTech with important lessons and experiences for improving approaches to supporting ongoing digital transformation efforts under more normal circumstances.
In closing, two fundamental points bear repeating. The first is that you need to know what problem you are solving. As obvious and elementary as this sounds, we cannot overstate how often this basic point is ignored or not sufficiently considered by teams across industry, as well as within the public sector when new digital technology initiatives are enthusiastically proposed. Using best-practice or 'hot' emerging technology capabilities will not lead to success if you do not have clarity on what you are trying to do for your users and stakeholders, what problems need to be addressed along the way, and how success can be evaluated. Even if you are doing an experimental project only to build internal skills and capabilities in a new technology area like machine learning or augmented/virtual reality, you still need to know how to target, specify, and evaluate your progress and your performance gaps.
The second is that you must learn how to learn when you embark on new initiatives, especially in uncertain and ever-changing settings, by focusing on a subset of your targeted problem area, starting small, moving fast through iterations and evaluations along the way, and refining the solution based on results, and the most recent updates to the problem statement and context. You cannot overreach and attempt to 'boil the ocean'. As your organisation accumulates more capability and experience with this way of working towards digital transformation, iteration cycles gradually become faster, and the amount of work that can be accomplished within an iteration grows and becomes more ambitious.
Of course, digital government is enabled by technology, as well as the organisational capabilities and individual-level skills to use technology in effective ways. But digital government is not primarily about technology. Rather, it is more about solving clearly defined and relevant problems in an innovative way.
Cheow Hoe Chan
is the Government Chief Digital Technology Officer of Singapore, and Senior Advisor to the Economic Development Board. Formerly, he was Deputy Chief Executive of GovTech for Products
Steven M. Miller
is Professor Emeritus of Information Systems, Singapore Management University
This article is largely derived from the "Singapore Digital Government Story" four-part video series that was commissioned by the United Nations Department of Economic and Social Affairs, Division of Public Institutions and Digital Government, in close collaboration with GovTech. Cheow Hoe Chan was the person interviewed for this video series and Steven M. Miller was the interviewer and UN Project Consultant for the effort. Additional content from GovTech's Singapore Government Developer Portal has also been included in this article. See https://www.tech.gov.sg/singapore-digital-government-journey/ and https://www.developer.tech.gov.sg/
Endnotes
1. Several other large units within the Singapore government, in particular the Ministry of Defence, the Ministry of Home Affairs, and the Ministry of Health, have their own large internal 'GovTech-like' special technology units to support their ministry-specific IT and digital needs.
GovTech focuses on civilian sector (non-military, non-national security) IT and digital services efforts, and works closely with all civilian sector Singapore ministries and their affiliated agencies, and also closely coordinates as appropriate with these other government technology units.
2. Smart Nation Singapore, "SNDGO Ministerial Committee".
3. Singapore Infopedia, "National Computer Board", November 15, 2021.
4. Singapore Government Developer Portal, "Government on Commercial Cloud (GCC) - A 'Wrapper' Platform for Onboarding of Government Services into the Cloud".
5. Singapore Government Developer Portal, "Singapore Government Tech Stack".
6. GitLab, "What is DevOps?".
7. Singapore Government Developer Portal, "API Exchange (APEX) - A Centralised Data Sharing Platform for the Public Sector".
8. Singapore Government Developer Portal, "GovWallet - Reimagining Government Disbursements".
9. GovTech Singapore, "SafeEntry's Development Story", September 1, 2020.