Government wants to use a networked cloud computing system to store and share data and software. Joshua Chambers attended a round table where civil servants discussed the practical steps to getting the cloud airborne.

 A glass of water is typically filled from a tap or bottle, and can only be drunk by one person at once. A cloud, on the other hand, is formed through evaporation from a large area, and can rain on an entire city – hydrating people and their hydrangeas alike.

Likewise, ‘cloud computing’ represents the sharing of IT assets – so rather than each desktop PC combining data storage, software and processing power, desktops become access points through which users can reach these resources inside a remote IT ‘cloud’.

Of course, it’s not quite that simple. Any meteorologist will tell you that ‘cloud’ is a sketchy description – it might be a cumulus, a cirrus, or perhaps a stratus. Similarly, any IT expert will inform you that there are different types of cloud computing: public clouds and private clouds.
In a public cloud, stored data can be accessed and used by more than one organisation. So Amazon allows anyone to use its servers to store their data, as long as it isn’t illegally held; indeed, the New York Times hosts some of its online articles there.

A private cloud, on the other hand, is a storage facility open only to people from a specific organisation. Government has previously expressed interest in this concept, and started to develop a ‘G-Cloud’ to exploit the concept further. The G-Cloud was intended to provide a window through which public sector users could view government IT resources hosted on government servers. However, given the constraints on the public finances, government is starting to look to public cloud solutions where possible instead (see CSW, p21, 24 March 2010 for more details).

The benefits of cloud computing are clear. First, it improves efficiency because at any one time each user is only paying for the amount of storage and computing capacity they’re actually using; they don’t have to hold enough capacity to cope with peak demand, only to see it lying unused much of the time. Second – and as a corrolary of this – the risk of running out of capacity at peak times is much reduced, as users have access through the cloud to vast IT resources. Third, it fosters shared services and integrated operations by providing a shared platform for data management. Fourth, data can be accessed remotely, so employees can work flexibly. And fifth, government thinks it will allow small and medium-sized enterprises (SMEs) to better compete with big suppliers, because it allows them to make their innovative software products available to the whole of government through an online ‘app store’.

In the next six months, a new cloud computing strategy will be published, containing plans for implementing cloud computing across central government. With this in mind, public sector experts on information technology assembled at a Civil Service World round table, held in association with not-for-profit cloud computing specialist Eduserv, to discuss the practical obstacles that will need to be overcome to make cloud computing a success.

Security concerns
Data security is a serious obstacle. Lesley Sewell, head of IT at the Post Office, noted that in public clouds, organisations may find that their data is being held on servers overseas. And Nick Culiss, information manager at HM Revenue and Customs, warned that if data is stored on international servers rather than in the UK, then departments could be in breach of the Data Protection Act.

Peter Scott, head of ICT information and technology architecture at the Ministry of Justice (MOJ), said that departments should consider whether they need to have all of their data held securely, or alternatively whether they could release some of it into the public domain. “If something is classified but doesn’t need to be, then you are carrying a reputational risk that you don’t need to be carrying. You only have that risk because you’ve classified the data,” he said.

Regardless of what data is stored, the way it is organised and uploaded on to a cloud system will still need to be discussed if departments are to share common data sets. Jeremy Foot, infrastructure architecture manager at the Ministry of Justice, said that “the way data will be stored will need to be different to the way it’s done now; hence, the architecture of whole applications will need to be very different”. Eduserv’s head of research and development, Matt Johnson, gave a practical example: “Universities are currently trying to join up student data and, even taking something as simple as how many students study at a particular university, you get the problem that universities hold that data in different ways. The discussions and effort needed to get agreement on a single piece of data has taken significant effort. It will be quite a challenge across all of the different data types the government holds,” he warned.

Departments need to start thinking now about their information systems, said Scott. He explained that the MoJ is examining how to move towards more cloud-friendly systems and is trying to identify the data sets which will prove most difficult to make compatible with overlapping data from other departments. “It’s about being aware of where this is going, and not waiting for the capability to arrive before you start addressing what you’ve got,” he said, adding that “a different set of skills and architectural thinking is required so that we can be more agile and respond quicker.”

Currently, IT departments may not be thinking about the greatest challenges, warned Eduserv CIO and deputy CEO, Ed Zedlewski. “There is a lack of understanding of what the data models need to look like to allow seamless movement of data because, traditionally, data has been managed within an organisation,” he said.
Zedlewski therefore commented that while “data management is going to be key to the ability of departments to be able to migrate data and services in a cost-effective manner, it’s not clear to me that those skills exist [in departments] – either at all or in the depth and breadth that is necessary.”

Culture shock
The obstacles to cloud go wider than data issues. The Post Office’s Sewell warned that “it’s not just about IT delivering a marvellous service; the organisation itself is important because cloud impacts on everybody. There’s a cultural challenge.” Denise McDonagh, head of the Home Office’s information technology shared service unit, agreed, stating that “there’s a huge cultural challenge, and it’s probably bigger than the IT challenge.”

Therefore, organisations must pull together people from outside IT departments to work on cloud and assess how employees will use it, said director of business change at the Home Office, Catherine Mealing-Jones. “We need to have a concerted effort amongst people who don’t work in the IT area with the assistance of people who are working on this strategy, to think through what our business operating model is based on the potential of cloud,” she said.
For example, Zedlewski believes that many of the supporting skills necessary to adapt to cloud computing are abundant within departments but aren’t being utilised because they aren’t held in the IT units. IT departmants may be experts at running a purchased system of hardware and software, but cloud computing requires users to interact constantly with suppliers to expand or reduce capacity and resources.

“We’ve had conversations with organisations where they are finding they have to think differently – moving away from traditional IT project management towards service management, supplier management, contract management: skills that many organisations don’t have,” said Zedlewski. “Government does have those skills; it just isn’t exercising them in the way that is most appropriate to deliver cloud services.”

Help!
Cloud will affect the whole of government, but it is up to departments to implement cloud computing themselves. McDonagh explained that “one of the things about our IT strategy is that everything’s going to be delivered through departments, so departments are going to have to stump up the resources to do this.”

Many of the participants said departments need guidance from the Cabinet Office on how to proceed with both public and private cloud computing. Scott called for “a common way of doing this and common standards that everybody is working towards. Each department might follow a separate path driven by their business, but central facilitation and co-ordination is crucial.” In particular, Foot wants more information on what data was appropriate for use on a public cloud system, and what should not be moved online. McDonagh agreed: “That’s absolutely one of the key pieces of guidance that we need to produce.”

Without proper guidance, departments could be misled by the private sector and fail to achieve the interdepartmental functionality that cloud computing could foster, Foot warned. “Without some proper standards, we’re going to lose the interoperability and mobility that is fundamental to the proposition that we’re looking for. Without standards, we’re going to end up corralled by the suppliers into some proprietary solutions and not getting the mobility that we’re looking for,” he said.

Procurement issues are, then, some of the biggest obstacles to implementing cloud computing in the public sector. Foot said that some suppliers are offering systems which, although branded as cloud computing, aren’t what departments need. “A lot of what the vendors offer and dress up in cloud clothing has not actually been anything you could identify as a cloud, typically lacking the flexibility, ease of implementation, and the orchestration capability that you would look for,” he said.

Many departments may not be able to purchase cloud computing soon anyway, as they’re bound into contracts with their existing IT suppliers. “There’s no route to market just now for any of this stuff apart from through existing contracts,” McDonagh warned. And Scott added that “with your seven-year contracts you’re effectively locked in, and suppliers aren’t incentivised to move you to that cloud because they get a premium by dealing with things in a more complex state. Within existing contracts, we need to renegotiate for cloud computing.”
Meanwhile, those tight contracts are preventing many new companies from selling innovative products to government, McDonagh said. “We do have a lot of suppliers banging on the door saying: ‘How can I play in this space?’ But we have no kind of structure to let them come in and play. We also have the added challenge of how we teach government to buy more intelligently.”

In particular, government aspires to procure more from small and medium-sized enterprises (SMEs). “We want to stimulate the market around SMEs and cloud is an ideas space for them to play, particularly if they can band together. What we have been getting is a lot of SMEs with different skill sets and capabilities presenting us with an opportunity,” McDonagh said, adding that the app store should help in the future.
Eduserv is an SME, and Johnson said that SMEs “need a better understanding of how government is intending to procure these services and how the model is going to work, so it can become a more cloud-like delivery model”. Foot called for government to better publicise its own opportunities.

Zedlewski explained that “in over ten years of working with government, one of the key cost drivers has been the time and skills needed to deliver the IT security requirements [such as GSI]. They place an underlying cost on doing business.”
Scott therefore called on government to act in the market more like a major business than its current approach, “so that you do not have to deal with government one way and the banking sector another way. Government should look at using industry standards to level the playing field.” Foot accepted the point but said: “I’m not sure that the commercial world has such a systematic classification; it might be better to encourage the banking world to adopt the classifications we use.”

Bringing the cloud down to earth
Participants were asked what key change they would first like to realise through cloud computing. Foot said that government should move its email systems onto a shared platform: “We’ve all got our own email systems accredited by the GSI network. We need to have that on the cloud, and get out of the problem of having our own servers accredited to work with the GSI network.”

While best known for a rather old-fashioned communication method, Royal Mail has already modernised its email system, Sewell said. And the Home Office’s McDonagh added that Phil Pavitt, the chief information officer of HMRC, is looking at how to deliver the same across all government departments as part of the IT strategy.

Yet even implementing a basic cloud computing system, let alone realising all of its advantages, won’t occur overnight; and progress will only hasten when civil servants have clear ways of tackling contracts, collaborating with other departments, and safeguarding data. Zedlewski said that the first incarnation will be “one step on a journey, and what we see is an opportunity to look at some key issues around adopting cloud in a more holistic way”.
The forecast shows that cloud computing isn’t yet a substantial stratocumulus, but instead a wispy cirrus. However, it’s moving and growing quickly, blown by a strong wind. ?

Who's who
Nick Culiss, information manager, Security and Information Directorate, HM Revenue and Customs
Jeremy Foot, infrastructure architecture manager, Ministry of Justice
Matt Johnson, head of research and development, Eduserv
Denise McDonagh, head, Home Office Information Technology Shared Service, Shared Services Directorate, Home Office
Catherine Mealing-Jones, director of business change, Home Office
Peter Scott, head, ICT Information and Technology Architecture, Ministry of Justice
Lesley Sewell, head of IT, Post Office
Dave Weavers, infrastructure manager, Information Management, Medicines and Healthcare Products Regulatory Agency
Ed Zedlewski, CIO and Deputy CEO, Eduserv

Written by Joshua Chambers, CSW