G-Cloud and the future of public sector ICT

A recent ground-breaking ITU Live virtual round table featured Microsoft's National Technology Officer Mark Ferrar, new G-Cloud Programme Director Denise McDonagh, Hampshire's CIO Jos Creese and IEG4 MD Paul Tomlinson.

Sponsored by Microsoft, this lively debate explored how Cloud - specifically the new G-Cloud Framework - would provide more agility, flexibility and cost savings for both the procurement and delivery of public services. It also identified some of the barriers that the panel foresaw in the short term with the journey to the cloud.

Denise McDonagh, director of ICT for the Home Office and newly appointed programme Lead for the government's own G-Cloud programme, said that the cloud model offered many potential benefits including avoiding supplier lock in; reducing duplication of activity and cost across the public sector; and allowing organisations to obtain the IT they need quickly and flexibly. "It's a completely new way of thinking about how we deliver services."

However, no discussion about cloud computing in the public sector continues for long before someone raises the question of security. Where is your data going, exactly? And who might be able to access it? The panel was clear that security does need to be considered, but that a balanced approach means there are plenty of areas where cloud technologies are at least as secure as any of their predecessors.

Mark Ferrar said that the key security question is “which part of the cloud?” With the use of private clouds, there is no reason why public bodies can’t mix and match to create a hybrid system to suit their own risk and security needs and deliver services seamlessly. “Understanding your needs will enable you to move parts of your business into the public cloud,” Ferrar said. “We are operating for many, many large customers, and we don’t want that to go wrong any more than our customers do, so we put a lot of work into making sure it’s reliable, and fault-tolerant.”

Jos Creese, CIO at Hampshire County Council, said that the type of system used should vary depending on data sensitivity, and there may be some types of data that should not be moved into any cloud system for now. “We’ve got a whole range of deployments into the cloud, but there are certainly some datasets that I would not move to the cloud at all. We would not be moving the joint child protection register into the cloud!”

In principle, cloud could be used even for the most sensitive data, but to do it in a way that would be sufficiently robust and secure would be too expensive at the moment, he said. “In time, more will be available – the business model will change.”

On the other hand, security is just as much a cost and consideration for in-house systems, Crease said. “We will be retaining some of our email in house for security, speed of access and resilience – there is a trade-off – but if you are moving to a supplier, they are providing resilience that you would otherwise have to provide yourself. Would I trust Microsoft with that? Of course I would – and it’s the same for any supplier that has been accredited.”

Denise McDonagh, director of ICT at the Home Office and programme director for the government’s G-Cloud programme, confirmed that suppliers to G-Cloud were undergoing pan-government security accreditation, so that government bodies would be able to use suppliers with confidence that they had been tested up to a specified “Business Impact Level” of security. “We have got something like 18 suppliers going through pan-government accreditation right now, and another 12 lined up to go through.”

In looking to build in ease of access by small suppliers, setting up G-Cloud was “the only procurement that I’ve even seen in my 30-odd years in central government which has been done in months, not years”, said McDonagh. In the process, tender documents had been reduced from the usual hundreds of pages to around 30, and the G-Cloud framework was the only one she was aware of where government bodies did not need to carry out a further mini-procurement to use services within it, she added.

However, despite the project’s desire to make itself as open as possible to small suppliers, Tomlinson said the bureaucracy of engaging with phase 1 of G-Cloud had remained too daunting for a small supplier like his own company. “We do spend a huge amount of time in tendering, and it is a cost we have to pass on. But we didn’t bid for G-Cloud first time around”, Tomlinson said. “It was a huge document, with loads of acronyms. As an SME, it was hard for us – we couldn’t put enough time into working out what to do.”

McDonagh acknowledged more needed to be done, and said it would be done in time for phase 2, due "sometime in May". Ferrar also outlined new support for SME partners like IEG4 in completing tender documents with standardised information about the Microsoft solutions upon which many of their offerings are based, such as Microsoft Azure.

Creese welcomed this news but pointed out another area which can be overhyped, that of dipping in and out of cloud services at will – of using one supplier and then switching seamlessly to another. This is all well and good in theory, but the licensing model is only one aspect of switching suppliers – changing backroom business processes and training staff might also be needed, and public bodies do not want to be forced by cloud models to re-procure services every year when an element of stability might actually be preferable.

“For some cloud services we want to use, we will want a longer term partnership with the supplier potentially, and as such will want a contractual relationship which will be longer than 12 months, so will be looking for a mechanism to do so if we choose to,” he said.

This kind of concern has been aired frequently since the G-Cloud project began, McDonagh said, and while the government was keen that G-Cloud services should be “easy to enter, easy to use, easy to exit”, it appreciates this may not be so easy – or desirable – for some services.

“One of the things we’re trying to do, because I do understand people don’t want to re-procure every year for something they know they want, is to have a tick box exercise offering an opportunity to extend a contract if the price is still right for you.”

Microsoft’s Mark Ferrar said that the costs invested by a public body in implementing a new technology system were often linked to organisational change and improving efficiency, “and that’s something you invest in for a considerable period of time.”

He said the opportunities to change business processes that were now being made possible by making it easier to use technologies like cloud computing had been discussed many times in the past, but it was paradoxically only now that tough economic times were making action imperative.

“A lot of these things have been thought about for a long time – [but] in this case the government has not squandered a good crisis, they’ve actually made it work for them.”

Click here to view the recording of this debate now.