Category Archives: public sector cloud

E-procurement platform could save UK government £10 billion – report

Duncan: 'Australian public sector is warming to cloud but technology gaps remain our biggest challenge.'

Central government could save up to £10 billion per annum through a reformed e-procurement platform, placing a greater emphasis on administrative efficiencies and market competition, according to a new report.

With the use of e-procurement models championed by the likes of South Korea and Estonia, The Reform, a public-service think-tank, claims that savings of 25% could be made to the present $40 billion procurement bill. Even if e-procurement growth continued on trend, UK government would be set to save in the region of £550 million annually.

Whilst there is a large level of scrutiny placed on the government spending, significant steps have been made since 2010. The government now procures more than 25% of its services from small and medium-sized businesses, and since 2015, has relied upon G-Cloud for the procurement of cloud services.

G-Cloud as a platform has lowered barriers to entry, allowing more firms to compete for government business, and saving in the region of 20-50% when compared to legacy contracts. Building on this success, the implementation of the Crown Marketplace platform will enable government to move e-procurement models to new departments beyond IT services.

While it is still early days within the UK, other countries have demonstrated the wide benefits of e-procurement. Estonia currently attributes roughly 50% of its expenditure through e-procurement platforms, saving an estimated 30-40% on the cost of administrating procurement.

The Reform has recommended a consolidated platform for all government procurement activities:

“The Crown Marketplace should be a single portal for the e-procurement of goods and services. This should be accompanied by an integrated payment function,” said the report. “The framework to purchase commodities must be recompleted regularly to ensure maximum competition.”

While the immediate benefits demonstrate a reduction in expenditure, the move away from the current process will allow government employees to create value-for-money propositions, as opposed to drowning in administrative tasks.

Though the report and supporting statistics demonstrates a positive outlook for government spend, the potential of e-procurement can only be achieved if trends accelerate. The report highlights “If e-procurement continues to expand at the rate of G-Cloud growth in 2015, total government e-procurement spend could reach £3 billion by 2020”

Current e-procurement adoption levels would see UK central government save in the region of £1.8 billion and £4.5 billion depending on the level of pro-rata savings, though emulating the example of South Korea or Estonia would see the UK save in excess of £10 billion.

How data classification and security issues are affecting international standards in public sector cloud

Cloud technology is rapidly becoming the new normal, replacing traditional IT solutions. The revenues of top cloud service providers are doubling each year, at the start of a predicted period of sustained growth in cloud services. The private sector is leading this growth in workloads migrating to the cloud. Governments, however, are bringing up the rear, with under 5 percent of a given country’s public sector IT budget being dedicated to cloud spending. Once the public sector tackle the blockers  that are preventing uptake, spending looks likely to rapidly increase.

The classic NIST definition of the Cloud specifies Software (SaaS), Platform (PaaS) and Infrastructure (IaaS) as the main Cloud services (see figure 1 below), where each is supplied via network access on a self-service, on-demand, one-to-many, scalable and metered basis, from a private (dedicated), community (group), public (multi-tenant) or hybrid (load balancing) Cloud data centre.

Figure 1: Customer Managed to Cloud Service Provider Managed: The Continuum of Cloud Services

 

Kemp aas diagram 2

The Continuum of Cloud Services

 

The benefits of the Cloud are real and evidenced, especially between the private and public cloud where public cloud economies of scale, demand diversification and multi-tenancy are estimated to drive down the costs of an equivalent private cloud by up to ninety percent.

Also equally real are the blockers to public sector cloud adoption, where studies consistently show that management of security risk is at the centre of practical, front-line worries about cloud take-up, and that removing them will be indispensable to unlocking the potential for growth.  Demonstrating effective management of cloud security to and for all stakeholders is therefore central to cloud adoption by the public sector and a key driver of government cloud policy.

A number of governments have been at the forefront of developing an effective approach to cloud security management, especially the UK which has published a full suite of documentation covering the essentials.  (A list of the UK government documentation – which serves as an accessible ‘how to’ for countries who do not want to reinvent this particular wheel – is set out in the Annex to our white paper, Seeding the Public Cloud: Part II – the UK’s approach as a pathfinder for other countries).  The key elements for effective cloud security management have emerged as:

  • a transparent and published cloud security framework based on the data classification;
  • a structured and transparent approach to data classification; and
  • the use of international standards as an effective way to demonstrate compliance with the cloud security framework.

Data classification enables a cloud security framework to be developed and mapped to the different kinds of data. Here, the UK government has published a full set of cloud security principles, guidance and implementation dealing with the range of relevant issues from data in transit protection through to security of supply chain, personnel, service operations and consumer management. These cloud security principles have been taken up by the supplier community, and tier one providers like Amazon and Microsoft have published documentation based on them in order to assist UK public sector customers in making cloud service buying decisions consistently with the mandated requirements.

Data classification is the real key to unlocking the cloud. This allows organisations to categorise the data they possess by sensitivity and business impact in order to assess risk. The UK has recently moved to a three tier classification model (OFFICIAL → SECRET → TOP SECRET) and has indicated that the OFFICIAL category ‘covers up to ninety percent of public sector business’ like most policy development, service delivery, legal advice, personal data, contracts, statistics, case files, and administrative data. OFFICIAL data in the UK ‘must be secured against a threat model that is broadly similar to that faced by a large UK private company’ with levels of security controls that ‘are based on good, commercially available products in the same way that the best-run businesses manage their sensitive information’.

Compliance with the published security framework, in turn based on the data classification, can then be evidenced through procedures designed to assess and certify achievement of the cloud security standards. The UK’s cloud security guidance on standards references ISO 27001 as a standard to assess implementation of its cloud security principles.  ISO 27001 sets out for managing information security certain control objectives and the controls themselves against which an organisation can be certified, audited and benchmarked.  Organisations can request third party certification assurance and this certification can then be provided to the organisation’s customers.  ISO 27001 certification is generally expected for approved providers of UK G-Cloud services.

Allowing the public sector cloud to achieve its potential will take a combination of comprehensive data classification, effective cloud security frameworks, and the pragmatic assurance provided by evidenced adherence to generally accepted international standards. These will remove the blockers on the public sector cloud, unlocking the clear benefits.

Written by Richard Kemp, Founder of Kemp IT Law

Cloud computing in the public sector

BCN has partnered with the Cloud Asia Forum event to speak to some of its speakers. In this interview we speak to Ben Dornier, Director of Corporate & Community Services, City of Palmerston.

BCN: What does your role involve and how is technology helping your organisation grow and reach more customers? What is the role of Cloud Computing in this?

Ben Dornier: My role includes responsibility for general corporate affairs (finance, city tax revenue, legal affairs, HR, IT, contracts, insurance and risk) as well as governance and strategy (the city strategy, annual budget, annual financial reporting, performance reporting, policy and corporate strategy), and community services (libraries, city recreational facilities, city facilities, city community services).

ICT plays a major role in ensuring this portfolio can not only be adequately delivered, but especially in ensuring it is done efficiently and sustainably. Cloud computing is a major player, with several major systems already in the cloud, and our transfer of all corporate ICT systems into public/private cloud hybrids over the course of this financial year. It has reduced our risk and cost base, and allowed us a shift of emphasis from employing pure technical expertise to technical strategy expertise, allowing us to focus on our core services while improving service standards.

What do you consider as the three main challenges for wide Cloud Computing adoption in Asia and how do you anticipate they can be overcome?

Interesting question, and really I can only answer regarding the public sector – the first is primarily HK based. I note a reticence amongst public agencies to provide mobility solutions to their employees, and I think this seriously hampers the effectiveness of cloud based solutions to get government workers out of their desks and into the city infrastructure and services, which I believe likely drags on costs and efficiency. With this as a barrier, many of the benefits of cloud based solutions will not be readily as apparent to the government – and the skill sets of highly competent, highly mobile workforce will not be an advantage.

Second, I see the structural issues associated with data governance and related policy as a serious barrier, although this is steadily decreasing. As long as policy makers are not actively addressing cloud procurement and adoption issues, the ICT staff supporting internal decision making will not be able to recommend new and innovative models of service delivery without there being fairly high costs associated with development. This continues the prevalence of ‘bespoke systems’ and the myth that ‘our agency and its requirements are unique, and we need a unique system’. I simply do not believe this is true any longer, and nations which address this at a federal or national level are reaping the benefits.

Third, in ‘cloud-readiness’, Asia is rapidly climbing – but this is really a private sector metric. I would strongly advocate that there be a concerted effort in the industry to support a public sector metric, which could bootstrap some of the incredible work happening in the private sector, and be a convincing argument for changes in public policy towards cloud use. Public sector use will be a serious revenue driver once procurement practices are able to support government cloud use in the least restrictive manner appropriate.

How much is Mobility part of your strategy? Is it important for organisations to enable employee mobility and reach out to customers through mobile devices?

Mobility is a ‘force-multiplier’ for us (to borrow from military terms), which allows us to increase productivity while reducing pressures on human resources. Municipal employees are able to spend less time at their desks entering data into corporate systems, be it for inspections and assessments of civic assets, to animal and parking infringements. For these staff, less time at the desk means more time doing the work they were hired to do. It also allows us to offer better employment flexibility for staff who would prefer to operate part time or odd hours, without some of the productivity issues often associated with workplace flexibility.

We are also finding that young employees are increasingly expecting us to provide this capability, and quickly adopt mobile solutions. As for our city residents, more than 50% are accessing city information through mobile devices when and where they need it, and an increasing proportion of these rely on mobile devices as their primary access. This will only increase.

How do you think Disruptive Technologies affect the way business is done in your industry?

Technology disruption is continuing to be a key component, particularly as older, expensive Line of Business systems are proving not nearly as capable as well managed cloud based solutions. I believe an increasing disruptor in this area will be cloud based integration services offering connections which tie multiple cloud based solutions into effectively a single service from the perspective of the end user.

There will always be a role for major system suppliers, but increasingly the aggregated cloud based service sector will take a large chunk of market share while reducing the risks associated to big capex spends and expensive implementations. When I am spending tax money, this is an important consideration!

Can you recommend a – relevant to Cloud and Technology – book/film/article that inspired you?

Being a bit more digital, might I suggest a blog! I have a heavy interest in concepts around ‘smart cities’, a technology disruption occurring around the business of building very expensive but often technologically ‘dumb’ civil infrastructure like bridges and waste facilities. I am an avid reader of posts at Jesse Berst’s “Smart Cities Now” blog, through his site at www.smartcitiescouncil.com. There are a few good blogs in this sector, but I enjoy the variety Jesse’s site provides.

What was your interest in attending Cloud Asia Forum? What are you looking to achieve by attending the event?

Frankly, I know from past experience that I am guaranteed an ‘ah-hah’ moment, or even several, which will change my thinking and perspective on a specific area related to cloud solutions in government. I am looking forward to hearing the speakers and interacting with delegates and finding out where these ‘ah-hah’ moments will occur. This year I am particularly interested in listening to topics covering C-Level persuasion, the translation of the technical advantages of cloud computing into corporate decision making involving non-technical (meaning ICT!) executives. For me, I think this will be helpful in persuading elected officials on their own terms about the benefits of cloud adoption.

asia cloud forum logo