After a long period of uncertainty around the government's G-Cloud initiative, including spurious claims it had been scrapped, the strategy has been placed firmly back in the spotlight as central to the public sector IT cost-saving agenda. Computer Weekly looks at the industry reaction to the plan and examines some of the key implementation obstacles the government will face.
The government's intention to fundamentally change the way it procures IT is no small task, but if it succeeds the cost saving could be substantial. The Cabinet Office has estimated savings of £180m in procurements made through the proposed government app store, with targets to commit 50% of all new IT spend to the cloud in the next four years.
Andy Burton, chairman of membership organisation The Cloud Industry Forum, said the government has the potential to save even more. A lot of cloud solutions are coming from innovative smaller organisations, which means large system integrators could even be put at a disadvantage, he added.
"If the government effectively opens its contracts up to the cloud, it has the potential to rebalance everything," said Burton.
Shifting the landscape
But achieving these aims comes with big challenges.
"As contracts [with systems integrators] come up for renewal the government needs to decide what capabilities will be implemented for migration," said Burton.
There is a danger that suppliers will simply repackage their services as "cloud", with the contracts effectively being a re-hash of the old model of doing business, he said.
"That is where it starts getting bogged down in the quagmire of where the government is starting from. The big challenge is that by their nature, departments are proprietary, built on multiple infrastructures and tied into long-term contracts. A move to the cloud could not be more opposite to that approach," he said.
"The government is still running in silos, so the challenge starts today. There needs to be a framework of what are acceptable processes."
Burton said legal and commercial frameworks need to be put in place.
"The emphasis on a public cloud-first approach is absolutely the right way to go for low-value services as it will offer the cheapest solution. But one big issue is data sovereignty, in terms of which countries will house the data if we are using a public cloud," he said. "The public has concerns about international law and data protection issues regarding their information. And the government needs to decide what its plan is, as that will depend on where things are deployed."
Lack of details
Burton said the cloud strategy is a good start, but an implementation blueprint is needed.
"We are still waiting for more detail to come into the public domain. I'm encouraged that for once we are seeing measurable targets set around the cloud, such as the savings the government aims to achieve. That provides a reasonably material driver, and some action has now got to follow to make that happen. Cloud is too generic without clarity and definition. The aspiration is there, but we need more clarity," he said.
But Frank Falcon, senior specialist product management at small cloud provider Colt Technology Services, said the small print will become apparent when cloud suppliers start working with the government. Falcon had previously been involved with the government around discussion on the G-Cloud, and although he was not aware of the current trials he said the recently published G-Cloud Invitation to Tender (ITT) is a step in the right direction. Colt is considering applying under the ITT, and Falcon hopes this initial stage will enable the supplier to build up a relationship with the government.
"I don't think there will be much more clarity at this stage. The framework is pretty generic, so the further clarity will only come from direct discussions with the government departments purchasing through the framework on what they want to do with, say, an IaaS [infrastructure-as-a-service] solution," he said.
Falcon said the strategy's slow gestation has helped the government to refine its cloud approach. "This has been surprisingly positive in that it has allowed time for the cloud services to be finalised and for greater clarity around the nuances required to be established and included in the services themselves."
But Geoff Parris, head of public sector telecoms provider Global Crossing, which has recently merged with Level 3, said the government's previous silence on G-Cloud meant the strategy was met with caution by others in the industry when it was finally announced.
"I think it will take time for the G-Cloud and app store to take off. The other question is whether the appetite is there. If we get government buy-in for the G-Cloud, then it could work," he said.
But Parris added that the initial G-Cloud procurements do not appear to be an onerous exercise in which to partake. "I think the Cabinet Office has recognised this has come out as a surprise to the industry. Although it's initially just six to nine months, it could be a precursor to other contracts," he said.
Security challenges for small businesses
Joe Gardiner, director of small cloud hosting company CatN, is one of the select companies trialling cloud services under the initial stage of the G-Cloud. CatN was approached after reaching the final stages of the government's SME Launchpad competition, designed to involve more small businesses in its procurement processes.
"We were previously interested in public sector procurement, but as an SME with no experience in this area it had been difficult to get attention, so we are really excited about this opportunity," he said. With just under £1m turnover per year, CatN is the smallest company involved in the government's trial.
But Gardiner said meeting government security requirements remains the company's biggest challenge. "Achieving security level approval requires a massive amount of time and money."
The biggest market is for services that are cleared at Impact Level 2 (IL2), as that is the level on which most government data operates on, he said. But to achieve even this rating businesses must obtain approval under the International Standards Organisation on data storage and services.
Gardiner said this is a lengthy process, involving extensive consultation fees. To apply for IL3 CatN would have to pay someone on its behalf to investigate whether it could gain that rating, as it doesn't have security clearance to view the qualification documents. The whole process can be prohibitive for a time and cash-strapped small business, he said. For the moment the company's services will go into the catalogue as IL0 - the lowest level of security.
However, Gardiner said there is a lot to be positive about in terms of the government's commitment to change. "From what people in government have been saying, there seems to be a real will to change practices - they genuinely seem embarrassed about the IT procurement practices of the past. And rightly so."