How the DWP lifted two decades of outsourcing to adopt a cloud-first model
For the past four-and-a-half years, the Department for Work and Pensions has been evolving into a cloud-first organisation. We find out how it has been getting on
Four-and-a-half years ago, IT at the Department for Work and Pensions (DWP) was fully outsourced and the internal IT function managed suppliers. But now, says Juan Villamil, DWP’s director of enterprise infrastructure and production operations, the IT function is building services and products itself.
“We had been outsourced for over 20 years,” he says. “This gave us a number of challenges. We had black box infrastructure that didn’t perform very well, there was a lot of legacy IT and we had availability and performance issues.”
Villamil says the department has now recognised the need to change and modernise its approach to IT and its technology infrastructure and application software. “We are building and scaling our capabilities, developing and bringing in new talent,” he says.
In 2017, the department insourced about 400 staff from Hewlett Packard Enterprise (HPE) as part of bringing a major outsourcing deal for application development, maintenance and support back in-house.
Stuart Cairns, lead architect and deputy lead of cloud services at the DWP, says insourcing gave the department an opportunity to understand its IT estate better and re-engineer applications and processes to make them work better.
“We now look to create an entirely new estate, putting the citizen at the centre of customer-led journeys,” he says.
Insource to drive availability and refresh
By taking back ownership and control of its IT, Villamil says the department has been able to take out a lot of cost associated with its technology infrastructure and has been able to refresh its IT estate to improve service availability. Previously, some of the department’s agents had to get to the office before their business day began because their machines took ages to start up, he says.
Overall, the department’s staff experienced 2% of their working hours in lost productivity because of IT shortcomings. “It is now less than 0.03%,” says Villamil. “Service availability and performance is now world class. This is an outstanding achievement for any tech organisation, not just in the public sector. It means that our people can spend more time with the public they serve.”
“Service availability and performance is now world class. This is an outstanding achievement for any tech organisation, not just in the public sector”
Juan Villamil, DWP
The next stage in the transformation involved taking advantage of the public cloud, says Villamil. “The DWP is a very datacentre-centric organisation,” he points out. “The cloud gives the opportunity to deploy software development, test, pre-production and production environment far quicker than the long lead times needed when we were thinking about deploying new products, but were constrained by legacy IT.”
The DWP developed a cloud enablement framework three-and-a-half years ago with a suite of building blocks, which Villamil says it could use to host its applications securely in the cloud. Beyond security, this framework also covers service performance and quality, scalability, flexibility, tooling the internal and external skills capabilities that will be needed, and cost.
After an assessment of the cloud provider market, the department found that some providers did not meet the full set of requirements, says Villamil. Some, he says, are more like colocation hosting providers, which offer virtualised services but not the flexibility of hyperscale providers.
“Having carried out extensive market analysis, we determined that only the hyperscale cloud providers, like AWS [Amazon Web Services] and [Microsoft] Azure, were able to meet these requirements,” he says. “We didn’t want to hack together, or over-customise, our solutions.”
Universal Credit was the first major cloud application created by the DWP. Villamil says it was built using modern methods, automation and microservices, and was subsequently deployed on AWS.
Choice of deployment
Villamil says the products developed by DWP are consumed by two user communities – the public and the 84,000 external staff across 812 locations. “Citizens access our services across the internet,” he says. “We now host these services with our hyperscale cloud providers.”
However, some of the department’s public-facing systems depend on systems and data hosted in its new datacentres. Azure ExpressRoute and AWS Direct Connect provide the public-facing services with secure, performant and reliable access to these internal systems.
Villamil says the functionality built into internal systems is exposed through application programming interfaces (APIs) using API gateways. “Now that we have ownership, we can transform [older IT systems] by putting APIs in front of them,” he adds. The overall plan involves breaking down monolithic IT systems into small microservices, which can communicate via API gateways.
Legacy refresh
The DWP runs a significant legacy IT estate, including Z/9 and Z10 IBM mainframes, VME, Aix, HP-UX and Solaris servers. By modernising these systems, says Villamil, “we can take out cost, modernise and bring in a standard architecture”.
He adds: “We are moving from a datacentre view of work to a data-centric view of work. A lot of workloads will move to the cloud. On-premise applications will be made available from APIs.”
Inevitably, there will some instances where changes have to be made to the legacy code. Legacy projects tend to run on a very different timescale to applications built in an agile fashion for the cloud, says Villamil.
“We have to juxtapose two-week DevOps cycles with the six-month legacy cycle,” he says. “These can’t join up directly. If there is something needed, we place a delivery manager in the dependent system who works through a traditional update programme to update the legacy system.” The update delivers an API that can then be re-used, he adds.
Read more about cloud native computing
Investment bank Goldman Sachs has selected GitLab as the platform to manage its software development lifecycle, supporting 9,000 engineers.
Amadeus has moved off mainframes and is redeveloping its software to be cloud native. Its Master Pricer is the first of its core application to be deployed on Google.
Legislation sometimes helps to drive forward the IT modernisation programme. For instance, Villamil says the CS2 application for child support has yet to be decommissioned, but is on track for June next year.
“We worked with a range of colleagues to provide clarity and understanding of how our IT systems would need to change to support policy requirements and the timings and indicative costs of these requirements,” he says.
Explaining how legislation supports this, Villamil says: “The legislation enacted in 2014 and 2018 provided additional opportunities for customers to manage their maintenance applications on the CMS 2012 system (using the 2012 legislation) and also provided greater flexibility for the management of historical debt. The net impact of the legislation enables the management of all cases on one system rather than across multiple systems using different legislative requirements.”
Changing the role of IT
It all began with insourcing the IT department. Historically, says Villamil, IT was regarded as a supplier and acted as a proxy for the collection of outsourcing contracts – but his role of operating is no longer valid.
“IT no longer works in isolation,” he says. “This has been one of the most significant cultural shifts. Now we plan with the business as part of a multidisciplinary team, which enables us to deliver much better citizen outcomes.”
“IT no longer works in isolation. Now we plan with the business as part of a multidisciplinary team, which enables us to deliver much better citizen outcomes”
Juan Villamil, DWP
As Computer Weekly has reported previously, the DWP is very much focused on building re-usable microservices, that can be accessed via APIs. From a cloud strategy perspective, says Villamil, it “will always try to go cloud”.
“We look at where we can host applications and the best place to run those applications,” he says. “We consider security, data sovereignty and the ability to maintain personally identifiable data. Sometimes we need applications close to the data source, so it makes sense to host ourselves.”
The journey to the cloud is an ongoing process. Four-and-a-half years may seem like a long time, but the DWP had previously been outsourcing IT for two decades.
“We won’t try to rewrite applications in one go,” says Cairns. “We will take an iterative approach and select part of a citizen journey, and slowly, over time, build an understanding of new ways of working.”
