Perhaps the crowning glory of the EU's cloud strategy, as conceived by Commissioner for the Digital Agenda Neelie Kroes, is a plan to galvanize public sector procurement of cloud. This beacon project, due for formal launch in mid-November, betrays its ambitions in its name, Cloud for Europe.
Unfortunately, I fear its founding principles set it up for inevitable failure, leaving it fatally flawed even before its formal launch.
Throughout history, many public sector IT projects have followed a depressingly predictable trajectory: big projects; massive overspend; late or failed delivery. It seems the European Commission wants to follow the same proven pattern in this forlorn attempt to encourage public sector cloud adoption.
Against the odds
Two misconceptions lie at the heart of Cloud for Europe's flawed progeniture:
- That public sector needs are unique and can only be satisfied by custom projects
- That cloud computing is about how to build digital infrastructure, rather than delivering more effective outcomes for businesses and citizens
The odds are stacked against success, even before you consider its mission of corralling a consortium of up to two dozen public authorities from up eleven separate European countries into harmonizing their procurement processes. This is where the project co-ordinator, Linda Strick of ICT research institute Fraunhofer FOKUS, most fears problems, as she explained during a presentation at this month's EuroCloud Congress:
"We have a lot of regulations in each country that might make it difficult to have joint procurement between different procuring entities ...
"It's really a challenging project and it's unfortunately very political. It's not a simple project funded by the European Commission.
"It's very political because it involves member states to participate actively in the role of becoming a procurer and jointly doing this pre-commercial procurement together.
"Which means, imagine you have eight ministries and these eight ministries agree in month fourteen — which is next August — on one joint tender for all these nations, having cross-border services. It's very challenging."
UK government’s cloud strategy challenges SI status quo
Unraveling the cloud in Europe
Lobbying government? Be careful what you wish for
Europe stirs the crucible of data privacy
High stakes threaten EU cloud strategy
A red tape-wrapped rant at Europe’s flawed cloud thinking
My one hope is that this has all been planned from the start as a Trojan horse, with the project designed to distract public sector buyers from its true purpose, which is to entice them into harmonizing their procurement processes.
For this is the true prize: forging cross-border agreement that means that any cloud provider offering a service to public sector buyers in Europe only has to work with one set of procurement processes instead of a multitude of separate national and sometimes even regional processes.
A single, common process would open up the market, encouraging more competition and crucially delivering the economic benefits of cloud scale to those buyers. In addition, the strategy foresees a knock-on effect of those standardized practices being replicated in the private sector too.
Unfortunately the project has locked in failure from the start by copying exactly the same flawed process of requirements definition that has beset every other public sector IT disaster, from the UK's infamous NHS National Programme for IT to this month's failure of the Healthcare.gov website in the US. (I'm conscious these are both Anglo-Saxon examples but no doubt there are many others elsewhere).
The fundamental flaw is that Cloud for Europe has been conceived as a vehicle for 'pre-commercial procurement'; a model first pioneered in defense procurement. Essentially, the customer predefines an unmet need and the industry creates an innovative solution — the classic example being the Stealth Bomber. As Strick explained:
"It's not that you want to have already existing infrastructures or services. It's really that you go in the direction to have something which is not available at the moment."
Unfortunately, the classic pre-commercial procurement model for delivering a finished project is the diametric opposite of the kind of iterative assembly and configuration of off-the-shelf components that is best suited to cloud development.
Cloud is all about delivering breakthrough business outcomes from rapidly implementing 'good enough' on-demand services and refining results as you go. That's not something you can map out and prespecify in advance, let alone 'pre-commercially procure' it. In fact you could probably characterize the very essence of cloud as 'post-commercial procurement' — the whole point is to avoid the one-off costs and scale diseconomies of custom-built IT.
Instead of this rapid development model, Cloud for Europe envisages a classic waterfall project plan with a three-year timespan: fourteen months (ending August 2014) to collect requirements and define and issue the tender according to EU rules; four months to evaluate responses; eight months to prototype and a further six months of piloting test versions. By this time it's already February 2015, but as Strick explained in her presentation:
"It's not in that phase you will have a product out of that. What you will have is a pilot out of that."
After all this, she went on to explain (somewhat optimistically I felt):
"If [the pilot] is good enough, you might have the challenge that a lot of public sector organisations will be willing to buy that kind of product because that's what actually is needed."
Astonishingly, innovative SMEs are expected to be keen to participate in this three-year process, for which the Commission has set a total budget of €10 million. As Strick explained:
"We also want to include a lot of small and medium enterprises because we think there's a huge market as well for the public sector for SMEs to provide cloud services for the public sector. So it's not only having these big cloud providers providing those services."
Good luck with that (which for non-UK readers I should explain means, 'It ain't gonna happen'). But it should be no surprise that the project is such a typical big-company exercise when the industry representatives on the ECP Steering Board that oversees it includes the like of ATOS, Accenture, Dassault Systèmes, Ericsson and SAP. The only SME representative was recruited belatedly and none of the members focuses on cloud applications (unless you count SAP, which has something of a mixed record on that score).
Of course Linda Strick and her Fraunhofer FOKUS colleagues have to follow the remit they've been given for Cloud for Europe. They have enormous experience and expertise in co-ordinating distributed IT projects in eGovernment, which they will apply with the utmost professionalism. But if this remit is misguided or ill-conceived, I fear the outcome cannot be successful.
Cloud-enabled stealth bombers
So what are these amazing innovations, these cloud-enabled 'stealth bombers' that Cloud for Europe aspires to deliver for the public sector? The potential examples listed in Strick's presentation came from large-scale cross-border pilots carried out in earlier initiatives for the Commission:
- Secure Personal Data and Documents Vault
- Administrative Documents and Files Interoperability Node
- Educational content (curriculum) creation
Probably the most disappointing aspect of this underwhelming list is the knowledge that all of these capabilities are already delivered by cloud services that are commercially available today. So why not just focus on how to empower public sector organizations to procure those services from those existing providers?
The inevitable answer that you always hear, of course, is that the public sector has special requirements that prevent it from buying the same high-volume, low-cost services as everyone else (even though that immediately negates any scale-out benefits of cloud sourcing). As Strick explained:
"There are a lot of features which are in general necessary for the public sector to make sure that they can go into the cloud. The public sector has very specific requirements."
One example she cited was having the freedom to move from one provider to another when that provider changes its pricing policies, which public sector buyers are obliged to do because of regulations that bar them from favoring one vendor over another.
"They need to go to another provider, but they need to take out all of the data and put it into [the] other environment. So that is something that public sector is facing even more than industry, because they have to do it."
It's not clear to me why private sector buyers would not want the same freedom. However this example was one of a list of characteristics she cited that would likely form part of the requirement:
- Data and service portability
- Service and data management support
- Dependability provisioning services
- Security provisioning (eID, encryption, signature, data protection)
- Cloud certification requirements
The rationale for spelling all of this out is to arrive at a functional requirement that Cloud for Europe's public sector stakeholders can all agree on. Strick explained:
"We want to harmonize requirements to really be able finally to get the potential of out of cloud, saying we have some reusable, identifiable building blocks which can be used by the public sector, and they fulfil those requirements which are harmonized by the public sector ... and then identify those functionalities which can be part of the functional description required for this procurement part."
My one hope is that I'm being unfair on Cloud for Europe and that the project will in the end focus on enabling its public sector constituents to develop harmonized procurement processes that allow them to truly benefit from the cloud model. I was struck by an aside from Strick at one point in her presentation that showed an appreciation of how the cloud transcends traditional models:
"I personally believe you all know that cloud is not a matter of technology. Cloud is a matter of organization, of philosophy, of acceptance of new models where you will go."
I can't help fearing that Cloud for Europe is more about bending the cloud to fit preconceptions of how the public sector should procure IT. That's not going to deliver its strategic aims, which can only be achieved by adjusting public sector procurement to match what cloud can offer: on-demand assembly and configuration of ready-to-use automated services delivered at scale.
If Cloud for Europe's constituents are able to craft specifications that permit the tendered solutions to be built from off-the-shelf cloud services — perhaps supported by add-on services that address specific needs around portability, dependability, certification and the rest — then maybe this project can be saved after all.
But all the signs are that this will become yet another classic case of an over-engineered public sector ICT project that fails to live up to its misconceived promise.
Disclosure: SAP is a diginomica premium partner. The author is a vice-president of EuroCloud and organizer of the EuroCloud Congress. The views expressed here are his own as a diginomica writer.
Photo credit: Fail light © joephuriphat - Fotolia.com; Linda Strick by photoetage Henning Granitza