The UK Government now has a clear ‘Public Cloud First’ strategy with the G-Cloud and the Digital Marketplace, making it easy to procure. While early cloud adoption was centred around Central Government, we are now starting to see the wider public sector acceptance and migration to the cloud, not only in local government driven by Socitm, but also in defence with Defence-as-a-Platform, and in health with Local Digital Roadmaps.
Cloud may be easy to procure, but you need to focus on the applications that you will be running in the cloud. In order to get best value from cloud, you will need to re-engineer existing applications or build completely new applications from the ground up in order to ensure that they are what is called Cloud Native. Unfortunately, most applications used across public sector were designed and built well before cloud became a ‘thing’ and it is often too costly and disruptive for them to be reengineered or rebuilt for the global cloud platforms.
This has left us with what Garner describes as a bimodal environment. Organisations have mode 1 legacy applications that for technical or budgetary reasons cannot be made Cloud Native. This includes IT that is either running in under-invested on-premises data centres that might be at risk of closure as the government sells off property and moves to a consolidated estate, or IT that is tied up in wholesale IT outsource contracts that have proven to be inefficient and inflexible and so are being dis-aggregated.
For many organisations simply keeping the lights on; managing upgrades, patches, backups, capacity management, infrastructure refresh projects, for such mode 1 environments consumes about 80% of their entire IT budget.
Then there are those mode 2 applications that have either been reengineered to become Cloud Native or have been developed as new in this way. Representing the remaining the 20% of an organisation’s budget that is focused on projects to develop shiny new applications, this is often described by public cloud providers as the low-hanging fruit.
The global public clouds providers make it quick and easy to build and develop these new applications on their proprietary platforms. They know that in all likelihood you will quickly become locked into their proprietary features, providing them with long term revenue. For you the trade-off is short term convenience for long term lock-in.
The global public clouds are also only optimised for hosting Cloud Native mode 2 applications and not the legacy mode 1 applications that cannot be reengineered.
The challenge for public sector CIOs is to take the cost and inefficiency out of their mode 1 traditional IT so that more resources can be focused on innovation and agility as they transform processes and workloads to mode 2. As much as the global public clouds providers want you to do this overnight, and aren’t particularly worried if you get locked-in to their platforms in the process, this simply isn’t an option for most CIOs who not only need to be able to transform at their own pace, but also need to focus on longer term value and agility.
A second challenge for public sector CIOs is the skills and capabilities required. Cloud Native adoption requires dramatically different skillsets that are unfamiliar to most existing IT teams and are radically different to what they have become accustomed to.
For most organisations, adapting to a DevOps mindset with Infrastructure as code and CI/CD (continuous integration/development) will require an intake of expensive contractors, or rapid and expensive upskilling of existing staff who are then at risk of leaving for the lucrative contract market.
A further challenge is security. NCSC and GDS guidance ensures that layers of security and resilience are built into modern applications. However, existing applications were designed and built with the expectation of infrastructure layer security and resilience; RAID, failover clustering, network encryption, etc. You need to adopt a very different approach to service assurance and risk management when you migrate your existing applications to the cloud.
And lastly, you can’t afford to throw out the baby with the bathwater. You have a ton of existing systems and applications that just can’t be redeveloped quickly, easily or inexpensively.
The answer is a pragmatic transition. It is possible.
You can maintain your Oracle infrastructure in the cloud. You can also lift and shift your traditional three tier application onto as-a-service infrastructure. You can then transform to Cloud Native at your own pace, in four manageable phases. And you can do so within a secure environment.
The first stage is to build the business case. Typically, you’ll have a compelling event on the horizon. Your IT outsource contract might be ending, or you might be selling off the building that houses your on-premises data centre (e.g. you could be on the path of HS2).
Whichever way, you are unlikely to want to build a new data centre which is expensive and capex-heavy. Hence, the business case will be underpinned by cost avoidance and a move from chunky up-front investments to a more flexible consumption based model. Mind you this isn’t just about cost. Your business case needs to address the risks to service availability, security and data privacy. And you need to demonstrate that your strategy is fully compliant with government strategy and policies – including procurement rules!
The second stage is to get into the detail of what you’ve got and where it can go. This is rarely a one-to-one mapping, rather you’ll take the opportunity to substitute on-premises applications with SaaS (e.g. Exchange to Office 365), move virtualised systems to cloud and move non-x86 physical systems into co-location. You will need to retain choice and flexibility, rather than compromising on a one-size-fits-all destination.
Third, you’ll start to modernise your traditional IT. You will want to build momentum by focusing on some quick wins. Initially you can learn by doing things through test and dev environments. You can use cloud as your failover site to support your disaster recovery strategy. Then comes the heavy lifting – at which point you seek the support of a specialist services provider unity to augment your internal resources.
Finally, you’re on the cloud and you’re into continuous service improvement. You’ll want to automate repetitive processes – such as scheduled shut-down and start-up of environments that are not required 24/7. You’ll want to use new AI tools to support your monitoring and service assurance. And you’ll want to start transforming to modern architectures such as Docker, Kubernetes and Database-as-a-service.
All of this will need to occur within a secure environment, with connectivity to government networks and the capability to support both your mode 1 and mode 2 environments throughout the transition. This is where multi-cloud and crown campus come into their own.
A better option
Typically, CIOs are either having to maintain expensive infrastructure to host their mode 1 applications or they are moving these into the Government’s own data centre – Crown Hosting – which is a joint venture between Ark and Cabinet Office.
They may even be looking to go a step further by building a private cloud inside of Crown Hosting, but are concerned at the risk of spending millions to create a VMware or OpenStack cloud platform which will take years to deliver and distracts the organisation from what really matters.
There is now a better option. Crown Hosting has recently launched Crown Campus, which builds on its flexible co-location environment by adding ‘on-campus’ cloud providers such as UKCloud, Expo-E and IBM. This gives public sector organisations a wider choice from which to choose the right service provider for their requirements – with UKCloud standing out as the only genuine multi-cloud provider. With no one cloud being a perfect fit for all requirements, there is a distinct advantage with being able to have access to a full range of multi-cloud services for mode 2 workloads (from VMware and Oracle Cloud, to Azure, OpenStack and OpenShift) along with flexible co-location for mode 1 workloads.
GDPR and the recent rise in public awareness of privacy issues also need to be considered, especially in light of the uncertainty surrounding Privacy Shield. This makes the enhanced data assurance, security and UK data sovereignty provided by Crown Campus particularly relevant, especially for higher security workloads including those classified above OFFICIAL which UKCloud now supports through its new UKCloudX platform.
Whichever combination of Crown Campus options and providers public sector organisation choose, it should be possible to meet all their requirements for mode 1 and mode 2 workloads and pragmatically migrate workloads from one to the other - all within a single secure environment with low latency connectivity between workloads as well as connectivity to government networks and direct access to other key data sets that are hosted by Crown Hosting and its partners. There’s never been a better time for public sector CIOs to overcome their bimodal IT challenges!