Over in the Netherlands, work on cloud began with data center consoildation, according to Dion Kotteman, CIO, Dutch Central Government:
The first thing that we did is to change 64 data centers to 4, which is a massive operation. We’ve seen that as fundamental to the introduction of the cloud. It is also a massive move in terms of security professionalism. It helps us to build the cloud up gradually.
The next step was to connect up the infrastructure and to tackle this, a novel approach was taken:
One of the things we used was the infrastructure that the Ministry of Defence provided. The capacity was very big, it was very very secure and as there was no war going on it wasn’t being used.
So we asked to use their networks to connect the data centres, thereby gradually building up the cloud. We are using cloud first of all for the Dutch Central Government services and getting the departments to put their data into those data centres.
Infrastructure as a Service (IaaS) was the primary focus and one that ran into resistance to cultural change:
The physical environment moves over into the new data centres which is the first step in terms of housing. That might seem a small step but if you look at the independence that the loose departments had, it is actually a big step because they’re moving towards losing some of their authority.
Of course there is resistance because they don’t like that. They somehow think the data has gone from their cellars to who knows where. So there is a reluctance there.
The Dutch government often benchmarks its own practices with that of private sector national champion Shell. So it was with cloud and infrastructure strategy, says Kotteman:
We went to see what Shell was doing, because the government always thinks that Shell is slightly ahead of us, was that it started off with IaaS and now has no infrastructure at all. It’s all SaaS.
They were quite amazed that we were starting off with IaaS and said that we should have a lead jump and start off with SaaS and get of all your infrastructure.
That was an eye-opening difference. They have their security demands of SaaS but they were able to reduce costs dramatically because of not having their own infrastructure.
Another area of cultural change that needs to be addressed relates to the question of leadership across the public sector which Kotteman suggests is partly linked to age and to what he describes as the status quo whereby if you stick around for long enough in the Dutch goverment:
you eventually get promoted to a certain level and age certainly helps. Age sometimes conflicts with knowledge on IT.
What we see is that the board has an interest in money. The CFO has a certain position. The CIO on the other hand is trying to grow. What we need to do is get the CIO to the position of being the same as the CFO so that his opinion is not to be denied.
This is something about culture change and about leadership. We want the board to be clear on the importance of information technology in the whole operational area. The board is responsible for the IT projects and they should never be delegated.
It is too easy for the board to delegate responsibilities to a level where they absolutely should not be. That comes back to age. If you’re not happy with IT then you might try to delegate downstream instead of taking full responsibility yourself.
The type of security concerns cited by Singleton in the UK are common to the Netherlands where Kotteman says the government is experimenting with what is acceptable in terms of data sovereignty and data transfer:
You see that with our data centers where three are operated by ourselves and the fourth by a commercial party. The goal is to see how this works. There is the cultural issue that you should have data yourselves. Data flows through the world and that has implications for who operates the data centers.
We have left the idea that data is something that should be kept to yourselves. It’s something that has to operate with security of course, but also can dealt with by bigger commercial parties.
That’s not an idea that resonates in Germany, admits Linda Strick, who's in charge of the eGovernment Cloud Computing Lab at Fraunhofer-Institute FOKUS in Berlin and co-ordinator for Cloud for Europe:
What you see in Germany is that the Federal Government is always careful of going to the cloud for security reasons. The Agency for Security and Information Systems says ‘Nothing is going to the cloud’. So for the federal sector it is very difficult.
They did start to say four years ago that they want to start to consolidate our IT centers but that is still just a wish.
But you start to see that the big data centers are starting to go for cloud. If you have to survive, then you have to do it in some way. There is more work to do but fewer people to do it, so you need more information and the easiest way of getting more IT is by going to the cloud.
But Germany's tough stance on data protection legislation doesn't make life any easier:
If you look at data protection, the law is quite old. IT is much younger. The law is evolving quite slow. There is always an imbalance between the law and IT. There is a rethinking necessary to say what it is that we really need.
There’s also the problem that the German political system is heavily-focused around regional and community government, making it near impossible for the Federal Government to enforce mandates like the UK’s Cloud First.
A related issue is that those various levels of government are notoriously reluctant to work together:
when it comes to piloting services and they have to work together it is ‘no, I don’t like to work with you’. Cooperation is very difficult. Cloud migration costs money and who’s paying that? The federal state is not. Those who have money are those who are a level down and thats maybe the right place to start. The public sector is not just buying one thing.
This leads Strick to a stark conclusion:
I believe we will never have a German cloud. We will have a community of German clouds. It might be easier in other nations, but in Germany it will never be like that.
Strick clearly looks to the UK G-Cloud’s approach to buying and selling cloud services via the new Digital Marketplace as an impressive achievement, but she adds:
When I look from Germany at G-Cloud and the model, the complaint is always 'How does this align with procurement legislation?'. You have to have open procurement.
G-Cloud's Singleton offers up an interesting revelation on that when he announces:
We’ve had some interest from Denmark about procuring through G-Cloud and we’re just looking at the legal implications, can we actually do it? It is important.
[G-Cloud] does also act as a platform for overseas buyers, including European buyers, to actually find out what’s available in the UK.
What we’d like to do is explore how the new Digital Marketplace that we’re building can become a commercial platform more for being across Europe.
The picture that emerges here is that the UK is clearly ahead in its public sector cloud thinking, while Germany is a laggard. In the middle, the Netherlands is putting the building blocks in place, but with a way to go.
Certainly global research firm International Data Corporation (IDC) ranks the UK as "ahead of the curve" among European governments when it comes to cloud, noting that across Europe there is a general drive to increase public sector cloud adoption:
Over the past five or six years, western European governments have realised the potential benefits of cloud computing. Government CIOs we have spoken with are now looking at cloud to improve their ability to give access to applications and data from remote locations and multiple devices, as well as enhance scalability and elasticity to deal with peak workloads and cope with fast-growing demand for computing capacity.
So the question begged at this point is why won’t the European Commission follow in the footsteps of the likes of India, Australia and Canada and use the working and proven G-Cloud template as the basis of its thinking on pan-European cloud strategy?
Or is that too simple for the Eurocrats of Brussels?