G-Cloud vs. cloud

The fundamental question that needs to be asked in government embracing cloud computing is this: does the private sector offer something off the shelf that the government can use? Currently, it doesn’t seem to be a question being asked.

There is absolutely no point in government creating cloud-based infrastructure—either itself or through third parties—to replicate an existing private-sector offering that government can instead use. The only feasible argument for doing this would be if the private sector offering was so inordinately expensive to suggest that a government-built equivalent would be cheaper. Trust me: it won’t be.

But the word “can” above covers a multitude of sins. The offering must be sufficiently robust and scalable to support the needs. And, importantly, its security arrangements must be in line with the needs of its prospective customers. Security will be the biggest factor driving cloud strategy—or else the biggest excuse cited in ensuring that government fails in this area.

The trouble is, government often has an elevated view of its security needs. That may sound odd, given the stories we’ve all heard about people’s confidential data going missing. But hear me out. Currently, we have the Government Secure Intranet (GSi), which is accredited up to RESTRICTED and facilitates work within and between government bodies. The vast majority of infrastructure that hums away within GSi-accredited departments sits within the GSi, and as such it is accredited up to RESTRICTED. But in most departments, only a small proportion of the work it undertakes needs to be accredited up to this level. Yet the departments see the GSi accreditation as a comfort blanket, irrespective of the sensitivity of the content in which they deal.

Naturally, the comfort blanket comes with a significant price tag.

Departments need to take a strategic look at what they do, the extent to which the data with which they deal is (or should be) protectively marked, and the level of that protective marking. And they need to figure out ways in which they can align their requirements to lower protective markings to facilitate the adoption of cloud services. If, for example, less than 1% of a department’s email traffic carries a protective marking, this should drive the department to adopt a client-side encryption plug-in for such emails—as opposed to forcing their entire email infrastructure to be accredited to that level.

What government will quickly realise is that the majority of the commodity services—email, collaboration, room bookings, content management/delivery etc.—are already provided in the cloud and can be embraced tomorrow. This will leave the support of the more bespoke and/or secure applications to be solved by the G-Cloud.

Comments

3 Responses to “G-Cloud vs. cloud”

  1. Simon Dickson on November 23rd, 2010 13:41

    All of which calls to mind the recent IBM advertising campaign: ‘what makes you special?’ The fact is, for the vast majority of needs, for the vast majority of entities – including government, you aren’t special.

    Accept that, use what comes ‘off the shelf’, and you’ll be up and running in no time. But if you insist on being different, and customising the off-the-shelf solution to the nth degree, you’ll spend unjustifiable amounts of time and money, for which you’ll almost certainly never see a decent return.

  2. Chris Moos on November 23rd, 2010 15:24

    Dan, a very useful post. Now we just need to start the job of working out which falls into which cloud.

    Have been so fed up over the years of being told it must be in the GSi because we may need to connect some data or other to a “sensitive” database.
    Now is the opportunity to clearly define the use and stop the development of high cost, high security solutions.

  3. What is cloud? : Tangential Ramblings on November 27th, 2010 23:52

    […] debate rages on Twitter as to what constitutes cloud computing.  It was inspired by my previous tweeted post and draws upon Public Strategist’s articulate post on the very subject.  I say […]

Leave a Reply