The UK Government Digital Service (GDS) last month made a couple of announcements that signalled a step-change in government and wider public sector attitude to the cloud and the public Internet as a whole in the UK.
On Monday 16th January 2017, the GDS published guidance for Public Sector use of the public cloud which stated that public cloud services should be considered secure enough to be safely used for the “vast majority of government information and services”; and at the end of that week, GDS Director of Technical Architecture and Head of Technology, James Stewart, wrote on the UK Government Technology blog that, where previously there’d have been a requirement for departments and agencies to use the Government’s own high-performance and high security Public Services Network (PSN) for data exchange, “for the vast majority of the work that the public sector does, the Internet is OK”.
So what does that mean? Taken together, both announcements represent a further chipping away at some of the positions previously taken up across the public sector in the UK that had sought to declare all government data work as somehow special, different, and therefore unable to embrace and exploit the affordances of modern public cloud infrastructures, etc. Of course, there’s still going to be a subset of that work which will continue to require ‘special treatment’ (in matters of national security, for instance). However, the lengths to which cloud service providers have gone to address genuine concerns (with options for data geo-specificity, customer managed encryption keys, and a vast array of governance related certifications for standards compliance, etc.) – and the inroads made in, say, US Federal Government contracts for cloud-based services, have shown that many of these can be overcome. Indeed, it’s also questionable to what extent a dedicated on-premise in-house provision can hope to keep pace with the security and performance guarantees that large scale cloud players can afford to continue improving and innovating on, because of their scale of their operation and the resources at their disposal.
For UK public sector organisations and government departments, it reduces the reasons to say “no” when public cloud options come up in the mix. That’s not the same as an automatic presumption of “yes”, of course. Whatever ‘cloud-first’ mantra the GDS is encouraging across UK government sector (and by extension, the wider public sector government departments engage with), there will be instances where there remain very sound business reasons to stay on-premise. Technology leaders we’ve spoken to for case studies (such as the London Borough of Hounslow, on its adoption of Box) have long cautioned that a risk-based approach is the sensible one; and each organisation should ensure it has a solid understanding of its own risk exposure and profile in that regard.
There are also devils in the detail of total cost calculations – depending on what length of term is assumed, how complicated the initial migration is assessed to be, and whether it’s a lift-and-shift project that essentially runs much the same stack as before (only in the cloud rather than on-premise), or whether opportunities have been taken at the point of migration to re-imagine business processes around more of a cloud platform based architecture. The sorts of digital transformations which can be triggered and accelerated by taking this approach can have a dramatic multiplier effect of the scale of efficiencies, cost savings, and new avenues of agility afforded to an organisation with that type of cloud posture.
For suppliers, the door to UK government and public sector markets has been wedged further open now for cloud players. The GDS’ exemplar public services sought to inspire and show the way that cloud-based projects could make a difference to citizen engagement; procurement frameworks like G-Cloud (with its ninth iteration due to open early next month) are a way to make it easier to access expert advice and services in the area (from companies of all sizes); and announcements such as those at the end of last month which I referenced at the start of this article are clearly designed to further legitimise public cloud options when public sector infrastructure and citizen services come up for RFP, etc. However, that’s still not enough to encourage everyone (assuming their need is one suitable to be satisfied in the cloud). The UK’s public sector cloud narrative still needs stories; successes beyond the white heat of GDS focus in Whitehall. Best practice case studies are still one of the best ways to share the learning of what to look into and what to look out for. Do get in touch if you want to share yours!