G-Cloud plans rewritten as risks of failure emerge

The scale and risk inherent in the government's ambitious plan to transfer its entire £16bn IT ecosystem into the cloud can be revealed today with the publication of reports that detail the full extent of the challenges.

The scale and risk inherent in the government's ambitious plan to transfer its entire £16bn IT ecosystem into the cloud can be revealed today with the publication of reports that detail the full extent of the challenges.

As the government completes its rewrite of plans that were meant for publication last autumn, the huge challenge posed by the G-Cloud programme became apparent with the release to Computer Weekly of Cabinet Office reports that represent the last official word before the fate of the project is disclosed in March after a review by the coalition.

The reports reveal how long-established rules and regulations designed to prevent corruption, protect staff and secure personal data may have to be revised to accommodate the contemporary vision of a computing regime that adapts more rapidly than bureaucratic safeguards currently allow.

They also describe how G-Cloud will require the sort of far-reaching organisational and cultural change that has spelt disaster for less ambitious public-sector IT projects. It will also require such a radical restructure of the IT industry that, the reports say, the government may be powerless to see the changes through.

The challenge has not discouraged the Cabinet Office from persisting with the G-Cloud plan, despite it being devised by the last government as a vision on a scale even grander than Labour IT disasters such as the NHS National Programme for IT and the identity card scheme.

Since the coalition government injected G-Cloud with the even more disruptive stipulation that it should create a level playing field for SMEs and break the multinational corporations' stranglehold on public sector computing, the whole plan has gone back the drawing board, leading to rumours that budget cuts will see it pared back to a stump.

A civil servant with senior oversight of the G-Cloud plan confirmed that Ian Watmore had taken a red pen to it after he was appointed chief operating officer (COO) of the Cabinet Office's Efficiency and Reform Group (ERG) on 30 June last year, and that Joe Harley was imposing his own revisions despite being made Whitehall's chief information officer (CIO) only a week ago.

"There have been some changes," said the source. "We have a new government, a new COO, a new CIO and a new IT strategy. That's not without influence over plans for the G-Cloud."

Watmore's appointment coincided with the internal publication of a report telling the Cabinet Office that the G-Cloud plan might be too radical to work.

The Commercial Strategy for the G-Cloud, which was received by the ERG the day before Watmore was appointed, warned that various laws might prevent the plan from being carried out. The study group, comprising civil servants, lawyers and IT suppliers, was at such pains to find a way for the G-Cloud to operate within existing procurement law that it proposed changing the law instead.

"Some aspects of public cloud transacting will always be challenging for the G-Cloud, given the constraints of EU law and regulation," the commercial team reported. "It is recommended that HM government works with its European colleagues to influence those aspects of EU law and regulation which will inhibit full realisation of the benefits."

The team also raised the prospect that Transfer of Undertakings (Protection of Employment) Regulations (TUPE) might prohibit the most fundamental mechanism of the G-Cloud. The plan envisaged breaking large IT suppliers' lock-hold on government and making IT provisioning more adaptable, but TUPE regulations designed to protect staff from market fluctuations and the whim of large corporations might prevent the government making the rapid changes the G-Cloud is intended to enable.

The G-Cloud Vision report, also released to Computer Weekly, set out the scale of the challenge as the UK was gearing up for last year's general election. It warned of game-changing implications for data protection and information assurance.

It also warned that the plan would never work if government and industry could not see the benefit of undergoing the radical organisational changes it would require. Those benefits, the commercial team warned six months later, still needed clarifying - and a source on the team told Computer Weekly that the Cabinet Office was still trying to clarify them at the end of 2010.

Another member of the G-Cloud planning team, who asked not to be named, said the issue of commercial risk was proving the most uncomfortable aspect of the cloud model. It would lift the burden of risk that is normally carried by suppliers and dump it almost entirely on public sector customers.

Paul Barton, partner with law firm Field Fisher Waterhouse and a legal adviser to central government, said departmental chiefs were anxious about the security implications of cloud computing after the loss of HM Revenue & Customs child benefit data and other damaging data security breaches.

"The concern is coming from the CIO and the commercial area," he said. "They are the people who have to get the infrastructure right and deal with the fallout if there are security risks. These concerns are holding government departments back."

The Cabinet Office was unavailable for comment.

Click here to download all eight of the G-Cloud reports released to Computer Weekly.

Read more on Web software