Whatever happened to Cloud First?
- Summary:
- The UK government laid down a Public Cloud First requirement on central government buyers a few years back. Is it still something that policy makers believe in as strongly? A new techUK report suggests that we've got ground to make up.
There is a gap between the Government’s rhetoric on cloud services and its visible actions in practice.
That’s one of the more striking - and to my mind pertinent - statements contained in a new briefing document from technology industry body techUK, Cloud First: Policy Not Aspiration.
Or as I’d put it - whatever happened to Cloud First?
I remember the morning that the then head of the G-Cloud programme Denise McDonagh told a small group of journalists that the then Minister for the Cabinet Office Francis Maude had signed off on a Public Cloud First policy for central government departments. Essentially this required procurement teams to consider using a Public Cloud solution as the first choice in any selection process - or come up with a damn good reason why not.
It was a much-needed policy and one that mirrored a similar directive from the Obama administration in Washington for US Federal Government departments and agencies.
However, since then, Maude has gone, the Government Digital Service has had its wings clipped and the technology and outsourcing ‘oligopoly’ seems to be back in favour in a Brexit-twitchy Whitehall. In all this, Cloud First has morphed into something rather different, as techUK’s report notes, citing:
a move away from the phrase “Cloud First” towards the term “Cloud Native”. This move is intended to shift the policy away from merely committing to considering cloud before other options, to adapting how central government departments organise their work to properly take advantage of the benefits that cloud has to offer.
Now, on the one hand, that’s a pragmatic move, increasing the chances off the right processes and cultures being in place to make cloud adoption successful. But on the other hand, there’s a danger that the impression given to the more sceptical IT decision-makers in government that this Cloud First thing isn’t top priority anymore.
If that latter interpretation is true, then it makes worse a situation, highlighted in a study from cloud collboration firm Huddle in 2015, that more than half of 5000 civil servants surveyed admitted to not being comfortable about using the cloud, with more than three-quarters citing - altogether now! - security concerns as the main inhibitor. This despite, as techUK notes, plenty of evidence contradicting those fears.
The problem is, as diginomica has banged on about time and again, there aren’t enough senior people in government saying this loud enough, regularly enough and with enough conviction anymore. Think back to the near evangelical stance taken by Maude, by the then Chief Operating Officer Stephen Kelly, the then Chief Technology Officer Liam Maxwell and the then head of GDS Mike Bracken. (That's a depressing number of 'thens'.)
Then compare and contrast to the watered-down positions taken today to see the problem. Or as techUK puts it (more diplomatically perhaps):
Government can be much more vocal about its commitment and support of Cloud First as a policy. Public sector buyers, and industry, need clarity as to whether Cloud First remains a priority policy and how it will continue in its current form.
Preach
There are still examples of pushing out the correct message, such as the GDS blog on supporting cloud services, which reminds buyers that a mandated requirement of the public sector’s Technology Code of Practice is to objectively evaluate potential public cloud solutions first. But as techUK’s report notes:
Being more vocal on this mandated requirement would help to amplify the good news and promote examples of how the use of cloud services is making a real difference, to build trust in the security of cloud services in a way that could reach all public sector users.
And picking up another diginomica maxim, which applies to tech providers as well as policy makers, show, don’t tell. Flag up the positive real-world examples of cloud adoption success, don’t just publish policies and theoretical benefits. From the report:
Government departments and industry must work together to promote positive case studies highlighting where cloud computing has delivered operationally significant and innovative business transformation and citizen benefits….Case studies are often the most successful way in which buyers can be in uenced by the usefulness of cloud products and services. Successful deployments of sharing data using the cloud in the public sector need to be shared, along with details of the associated benefits and efficiency savings. Government departments and industry should work together to identify, record and promote positive case studies of where the use of cloud computing is delivering significant business transformation.
There also needs to be better communication between the buy and sell side communities. This talks to the ongoing debate around the lack of necessary tech and digital skills in-house, of course, but techUK re-emphasises the need to:
[Ensure] that civil servants have the required training, skills and capabilities to understand and leverage investment in the cloud is key. Early market engagement with the cloud computing industry should be encouraged to help ensure civil servants have the capabilities needed to adopt and promote cloud- based, new ways of working that can drive efficiencies and achieve the goal of doing more with less.
Many buyers of cloud services are not aware of the correct questions that they need to ask of their cloud providers or how to interpret the results. This in turn creates a disconnect between buyer and seller, and could result in incorrect products/services being purchased with the wrong type of security attached. Government can help by highlighting the questions that buyers need to be asking of their cloud suppliers, and explaining the value in the responses.
Finally, on the hoary ‘security as barrier for adoption’ front, techUK points out that absence of cloud discussion in the govenrment’s National Cyber-Security Strategy and calls on the new National Cyber-Security Centre (NCSC) to address this:
If the NCSC were to go on the record affrming the security benefits of well-run cloud services as equal to traditional dedicated solutions, it would do much to address the security concerns of many potential end-users.
But ultimately, it’s about leadership and direction from the top:
In order for Cloud First to be a true and effective policy, not simply an aspiration, Government must ensure that cloud, and in turn the associated cloud security, form an integral part of the roll out of the Government’s Transformation Strategy that provides a framework for achieving world-leading delivery of public services.
My take
Just - yes.
Yes, yes, yes.
Cloud evangelism cannot just be left to the sell-side and a few enthusiasts. It needs leadership from the beating heart of the Cabinet Office - and I don’t see that there anymore.
I hope I’m just missing a trick here or just listening in the right places, but I’m not convinced that I am.
Let’s get Public Cloud First policy rebooted as something that every digital transformation-responsible person in government is preaching about.