The cloud is supposed to be a great leveller. One of its promises is to facilitate the speedy deployment of new, innovative capabilities and easy collaboration within and between organisations, no matter how meagre the budget or how technologically illiterate the users.
In the public sector, the Government’s latest strategy through CloudStore, its new public sector app store, is to democratise the situation even further - making it easier for Departments and local authorities and services to match their ‘business’ needs with the most appropriate solutions, so they can quickly tap in to the functionality they need and start delivering results.
But to what extent is this democratisation of IT being borne out? As far as CloudStore is concerned it’s too early to tell, but there are other signs that cloud computing isn’t breaking down barriers quite as readily as has been expected.
Guy Beaudin, public sector business development director at independent technology company Insight UK, believes that too many constraints remain which are preventing the UK from becoming a cloud leader.
Not only is the UK dancing to the tune of the EU when it comes to determining where personal data can be held but UK Data Protection legislation goes even further, specifying that personal data cannot leave Britain. “Anyone providing cloud services to the public sector in the UK must be able to prove that personal data is not leaving UK shores,” he says. “That can make the adoption of cloud services in the UK a very expensive proposition for the public sector. What should be a very liberating experience becomes limited to just those applications that are not in danger of carrying personal information. In a lot of cases that precludes email.
“The big, global cloud suppliers aren’t going to build data centres in the UK just to appease our public sector,” Beaudin continues. “It doesn’t matter how many times these influential companies raise the issue with the Cabinet Office; the Government throws its hands up, citing Data Protection.”
If the UK wants to build a sustainable cloud infrastructure the Government must be prepared to change the law, he claims. “Big players are important for economies of scale. Google offers all of its enterprise applications for £33 a year per user. Without access to that it’s down to companies like ours to meet the need, but when you’ve got to specify UK backup you’re looking at £20 per user per month; the costs don’t even compare.”
While Beaudin believes the Government’s current take on cloud procurement is commendable, he is concerned that the way it has been executed will give rise to chaos and confusion, which could ultimately lead to poor decision-making. “The idea is to show buyers what’s available, to help them refine what they need, but effectively what’s been created is an online catalogue with a series of technical descriptions that’s not easily searchable and makes it hard for business users to compare one offering with another,” he says. “Not only that, but you can’t buy from it directly.”
There is also a danger that, unless the public sector users perusing the catalogue are technology savvy enough, they could expend a lot of time and budget implementing a solution only to fall foul of Data Protection measures if they aren’t fully aware of the how these apply to the particular cloud-based activity.
As to political barriers at another level, for example as each organisation fights to assert its own value and retain possessive control of its own data, or as IT reasserts its position in the face of escalating business demands, Beaudin believes such issues have scarcely had a chance to surface. It would be easy to blame the lack of widespread business innovation in the cloud on internal politics (albeit that there are pockets of progress here and there, one example being the London Borough of Lewisham’s cloud-based graffiti and fly-tipping reporting application which is being rapidly replicated across the country). Yet Beaudin believes the inhibitors are even more fundamental.
“There aren’t enough technical bodies in the public sector to even get to that point,” he claims. “Internal IT departments are worried about getting left behind, but are so wrapped up in security and data protection policies, and providing robust backup and restore, that they haven’t got the capacity to think about anything else.” The irony is that if they surrendered everything to an external cloud provider someone else would shoulder that burden, freeing up more of their time and head space to focus on real business innovation, he notes.
Where there are signs of cloud-based innovation, this is still at an operational IT level rather than at the forefront of business use, concurs Andy Rogers, chair of the cloud computing steering group at the National Outsourcing Association, citing the example of Royal Mail which shares infrastructure with other public sector bodies to keep costs down when managing peak service loads.
Rogers echoes Beaudin’s comments about a lack of skills being at least partially responsible for holding back real business-level innovation, and says this is an issue that applies across the private sector as much as in government organisations.
“Enterprise architects and strategy teams don’t know how to embrace the cloud to this end,” he says. “They have lots of legacy systems that don’t necessarily lend themselves to being moved into the cloud. It’s okay for office applications, but preparing applications for transition to the cloud is a lot of work, and very costly.”
That said, IT managers of large enterprise organisations are learning to let go. “I was at a Gartner event a few weeks ago, where CIOs were adamant that they no longer cared who owns the infrastructure,” Rogers says. “Running their own data centres isn’t practical,” he notes. “IT organisations are no longer as asset-based as they used to be. What is an issue, however, is ownership of the application and the core data – the intellectual property. This is creating a barrier. Security and risk departments are growing as they strive to control and protect this property, which is restricting organisations’ fleetness of foot.”
It is the value of this intellectual property that is also likely to temper the enthusiasm with which users share content and resources with those from outside their immediate fold.
At a public sector level, Bill McCluggage, formerly a government CIO and now and an advisory technology consultant for the public sector at EMC in the UK, believes that there is an education gap which now needs to be addressed.
“My personal belief is that the supply side - the IT industry - is now sufficiently aligned so that, with SLAs [service level agreements] and due diligence, it is competent to provide cloud services to Government,” he says. “At the demand side, there is still a lot of upskilling required to harness this very dynamic environment.” Real progress requires an alignment of vision and strategy across business leaders/officials/MPs, CIOs, commercial/procurement directors and finance directors, he notes.
Claiming that the Foundation Delivery Partner groupings behind CloudStore are very strong and will help shine a light on what’s possible (Warwickshire County Council is championing a new email system, and the Ministry of Justice is ‘powering ahead with the cloud’), he says, “Business owners and users need to be led on a journey.”
Buying into the cloud as a business facilitator also means being prepared to embrace new approaches to governance, according to Graham Oakes, a technology consultant and cloud computing specialist. “I’m still consistently seeing a tussle between those trying to exercise control, and the people with real jobs to do,” he says. Those vying to take charge aren’t just IT managers worried about data security, privacy and integrity issues, but also include central business managers.
Whose standards apply – with regard to branding, for example? Who owns the content, and when is information transferred from a local to a central level? “These are governance issues, and developing best practice in these areas is very much a work in progress,” Oakes says.
“I'm not convinced the cloud is going to be democratic,” he concludes. “There's a real risk that organisations' use of the cloud will polarise into two extremes: centralised and authoritarian, where IT will control the cloud infrastructure and create a more or less rigid set of policies and access controls dictating how everyone else uses it; and anarchic, where individual units or teams buy their own facilities from external cloud service providers, bypassing all central control. I see signs of both in organisations I'm working with today.
“Smart organisations are addressing these governance questions and thinking about which decisions need to be centralised and which should be devolved. They are the ones who will get the most out of the cloud, but I doubt they'll be in the majority. Maybe as the cloud industry matures it will get better at helping people think about these questions, but most vendors don't really have good answers in this area. They're focused on technology and products, not on the human and political elements.”
