G-Cloud or G-String : turning aspiration into reality

Do read the Government IT Strategy. Much has changed from previous drafts. The big issue ia, however, to turn aspiration into reality. The claimed savings look like those in the Gershon report: impossible to achieve without a change of culture but pedestrian compared to those achievable  once that change has been achieved. 

Delivery, not aspiration, is that name of the game.

On Tuesday PITCOM had a meeting on Cloud Computing addressed by Salesforce.com, arguably the biggest and most successful cloud operator. The audience included a number of senior public sector IT figures. I was sat next to a CIO who whispered to me that they had looked at Salesforce.com. They were indeed impressive – but the cost per transaction was well above staying in-house. The issue was to do with marginal costs. The organisation had an efficient, mature operation and no need for change – provided politicians or regulators did not mess them about. The choice might well have been different if they had a new application to organise or outsourcing contracts coming to maturity.     

The public sector budget cuts in prospect, who-ever wins the election, are likely to be such that no-one can afford to pay off current staff and/or contractors with generous redundancy and compensation in order to make theoretical future savings. We have to move to a world of genuine rapid payback incremental savings: cash flow not funny money.

This could add to the attraction of Cloud Computing as government data centres and outsoucing contracts come up for renewal. But the savings could all too easily be wiped out by legal wrangling and compensation unless government also adopts best practice in dispute avoidance procedures and makes it attractive for the incumbent to make respond – perhaps by themselves transitioning the operation to their own Cloud.

Earlier I said that Salesforce.com was arguably the worlds largest and most successful operator Cloud. We tend to forget that HP, IBM as well as major Banks and others have been running seamless, global data centre networks for well over a decade. So too have players like Fujitsu, Logica and others to serve the UK and Europe. They did not call them “clouds”  but they were – move-over customers willing to transition idiosyncratic, consultant specified one-off systems to shared open source applications have been able to get massive price reductions from at least one of them for nearly two decades. At long last it looks as though HMG will follow others in taking them up on that offer.

Cloud and Open Source are mature approaches with deep roots.

The other barrier to be overcome is that most of the country does not have the secure and reliable symmetric bandwidth to enable a user, large or small, to rely on Cloud computing. Graceful degradation to stand-alone processing with seamless synchronisation facilitiies for when service is restored is essentail – but cuts the potential savings .

More-over, given that the current plans of BT and Virgin will barely have covered 40% of the UK by 2013/4, it looks as though Cloud Computing will be confined to major conurbations, unless its proponents help pull through the investment necessary to expedite and extend the access their customers need.

That situation may only change when Amazon and Google, for example, “extend” their definition of “net neutrality” and becoming involved with plans to use innovative aproaches to slash a zero off the prices currently being quoted for connecting the rest of the country. We should also remember that the “last10%” , who major players appear content to write-off, comprises over 65 parliamentary constituencies, many of which will be keenly fought over in May.

At this point I should mention that the Information Society Alliance (EURIM) Council met yesterday and received a progress report on the plans to produce briefing material for those candidates who plan to use local campaigns to get access to world-class broadband as part of own election strategies. The first draft is now in my in-box. It makes chilling reading. 

The big question mark over the Government IT Strategy is whether there is the political will to run aspiration into reality. But it will take at least three to dance this particular Tango (the mind boggles!).

I personally doubt we will see serious progress unless and until the Finance Directors of the would-be suppliers order their marketing colleagues to take a realistic look at the imperatives driving the decisions the Finance Directors of their customers will have to take.

At one of my recent meetings it was told something was impossible “because we have to consult the Finance Director”. I was appalled, but not surprised.

One of the most enjoyable periods of my life was in 1973 – 4. As a one of only two business graduates in ICL, I was able to spend time with elderly finance directors discussing which of the nostrums I had been taught at London Business School they might like to inflict on their colleagues in order to work out how computers might help address the problems they faced.

My former boss still cannot understand how I got away with what I did. I will only say that they were so surprised at finding some-one in an IT supplier who was financially literate and so tempted by the prospect of cutting a new fangled business graduate down to size, that all I had to do was remember when to shut up and listen. I know some of you will find that last part the hardest to believe.

A similar approach is central to turning aspiration to reality with regard to the Government IT strategy. Would-be suppliers must take a Finance Director’s view of how they can help address the immediate, “stop the bleeding”, problems of their customers – while building relationships for the longer term. Fancy accounting (as with PFI) will not help.

That will entail a return to some very old concepts of relationship management in parallel with innovative ways of making proper use of mature technologies, like Cloud and Open Source, while not drinking the snake oil.         

         

 

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

With plans to cut public sector expenditure by up to £60 billion a year the benefits of cloud computing are ever more persuasive.

Cloud computing has many advantages for the public sector, such as the potential to reduce information and communications technology (ICT) costs, scalable data storage capacity and flexibility for users to access information wherever they are. Government departments can also focus on delivering high quality performance to taxpayers rather than worry about server and software updates.

Some international public sector departments have already made the move into cloud computing such as The Ministry of Internal Affairs and Communications in Japan. The department has announced plans to migrate all government agencies into a private cloud environment by 2015. This is in line with Gartner’s predictions that by 2012, 80% of Fortune 1000 enterprises will pay for some cloud-computing service, while 30% of them will pay for cloud-computing infrastructures.

The UK is following this trend with its plans for G-Cloud, especially as Communications Minister, Lord Carter, has said that ‘substantial savings’ can be made in public spending by building a government-wide cloud computing platform. In the government's Digital Britain report Carter stated that the G-Cloud should be created within the next three years, to allow local and central government departments to share centrally hosted applications.

The Communications & Electronic Security Group (CSG) is the information security arm of the Government Communications Head Quarters (GCHQ), one of the three UK Intelligence Agencies and a part of the UK's National Intelligence Machinery. GCHQ works in partnership with the Security Service (MI5) and the Secret Intelligence Service (MI6) to protect the UK's national security interests, however with so many different departments managing security for the Government it becomes very difficult for potential users to gain authorised access to Government networks. The G-Cloud will integrate and take the responsibility away from these isolated security departments allowing the government to handle all servers and infrastructures centrally, which will substantially reduce internal resource costs.

The global recession has reinforced the financial benefits of cloud computing as tighter budgets and cost cutting exercises force organisations to look closely at technologies that achieve cost cutting. Countries such as Iceland are now investing heavily in data centres for organisations like Google to run cloud computing systems, due to their unique ability to cool data centres far easier than the UK, and with access to cheaper electricity, it can offer facilities at drastically reduced prices.

Security has played a large part in the UK private sector’s delay in moving to the Cloud. Many organisations are waiting for the first significant company to take the initial step to spearhead the move to the cloud. Research released in December 2009 by a leading business and government data, voice and managed services provider has shown that 74% of UK CIOs stated security fears prevented them from adopting cloud computing services. As Richard Thomas, the Information Commissioner, stated, all organisations, especially those storing individuals’ data, must ensure it is effectively protected from compromise.

The public sector is still very nervous about allowing data to be managed outside its environment and this is difficult for most organisations; however Pentura believes the Government’s move to the cloud will pave the way for the private sector. It has very strict security measures and a Code of Connection (CoCo) that must be followed before anyone can gain access to Government networks, including requirements for Firewalls, IDS and other security technologies.

Security and integrity of data is taken very seriously by the Government and public sector, neither of which is willing to underwrite its overall security model. They also face difficulties in specifying a generic security model in order to secure cloud computing activities and services. Technology blurs the line between who is in control and who is responsible for protecting data and one of the main issues is the fact it allows access to many different users from multiple locations. With the Government utilising this cloud technology it proves that security issues can be addressed successfully and should instil confidence in both the public and private sectors.

There have been several high profile incidents of data loss in the public and private sectors, which has raised awareness of how lost or stolen data can be used for crimes such as identity theft. Getting data protection wrong can bring considerable reputational, regulatory and legal penalties. Getting it right can offer considerable rewards in terms of customer trust, loyalty and confidence.

There is no real evidence that placing sensitive public information into a cloud environment will risk breaches of privacy. Security and business continuity remain a concern for organisations considering cloud technology despite the fact that many cloud vendors are likely to use a more robust and better-maintained computing platform that is less likely to fail. Private clouds can also tackle some of the concerns around security by keeping the benefits of cloud computing under the control of the organisation.

Many Government departments are still recoiling from the public’s response to past data loss incidents such as the loss of a USB memory stick containing 750 unencrypted entries on vehicles "of interest" to police, along with other intelligence in Edinburgh last year. Although the Police said its loss did not compromise anyone involved in any ongoing or previous police investigations, recent research has shown that the UK public lacks confidence that organisations can keep their personal data secure.

The benefits of cloud computing are heavily regulated by requirements that stipulate certain information cannot go outside a country’s boundary and in many cases information stored by the public sector will be susceptible to these guidelines. The government has invested enormous effort into tackling the challenge of information sharing over the past decade by developing coordination mechanisms such as enterprise architectures and interoperability frameworks. Despite all this effort and cost the move to cloud computing has still been far slower than expected due to lack of appropriate incentives and difficulty in synchronising the ICT requirements of multiple organisations conducting disparate operations.

As the threat landscape changes security professionals must adapt. It is unrealistic to expect one security professional to manage all security in a public sector organisation and it is equally unrealistic to expect public sector departments to hire numerous teams of security professionals to achieve this.

In light of the government’s new IT strategy that will focus on cloud computing, open source technology, rationalisation of datacentres and plans for a government equivalent of Apple's App Store, the G-Cloud seems imminent and necessary for sharing important information between departments. There does however still seem to be a lot of concern about placing potentially sensitive information outside the traditional safe havens of an organisation’s physical boundaries. To tackle this issue G-Cloud will only offer limited access to particular users and they can draw on the experience from NHSnet to ensure the G-Cloud is a reliable and dependable source for government departments.

Data is recognised as a currency in the world, everyone is very aware of how valuable it is and despite an increase in data loss incidents in 2008, this has almost halved in 2009.

Organisations need to take a step back and a holistic view of what they are trying to protect and identify where the high risk areas are, such as cloud services, server rooms and individual servers and then work outwards in order to protect their data.

Pentura has found that many organisations are still very early in the adoption of Data Leakage Protection (DLP). The problem is that many do not know where to start. Companies need to gain visibility of how big their data security problem may be, and define a data security strategy that maps out what type of DLP solution is appropriate to their organisation and how to go about implementing this solution. There have been enough breaches in the past few years to prove that organisations need to be more aware of data and how to secure it, the Government is no exception.

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close