Legal and commercial issues will slow down G-Cloud, not security

Still sceptical we will ever really see (or use) a G-Cloud, especially given the lack of clarity shown on this by the new coalition government? You need to listen to Kate Craig-Wood, MD of a commercial company leader who has just told PublicTechnology.net: “There will be a G-Cloud, we will probably see early wins this year but 2011 is when it will definitely start happening.”

Indeed, so confident is she that G-Cloud will be a reality for both firms like hers and public sector IT leaders that she advises other smaller technology companies like hers to “make the internal changes you'll need to sell in to the G-Cloud space now so that you don't miss any opportunity”.

Committed to the G-Cloud vision
The fact a supplier like Craig-Wood's company – a Cloud and managed hosting specialist called Memset – is so committed to the G-Cloud vision is quite striking. At the end of the day, she says, SME IT firms like hers – which notoriously find it hard to break into central government IT deals – need to be sure there is a commercial point in the discussions they have with government. “I am doing a lot of work on this on a pro bono, voluntary basis – hundreds of hours, in fact. I would not be doing what I am doing and putting this much effort in for something that isn't likely to ever happen.”

What is she doing, specifically? Craig-Wood is both an expert in security and the kind of technical architecture that will be needed to make the G-Cloud work. She is also heavily involved in UK IT trade association Intellect's input into the G-Cloud specification work underway. “We are helping to flesh out the vision and make sure something is actually delivered,” she says.

And the good news, she says, is that it looks like the main barriers to realising the G-Cloud vision – a way to reduce cost, cut carbon load, centralise and rationalise central government IT and deliver functionality through Cloud(s) – are not technical  but organisational.

Technical, by the way, includes security, which is often held up as probably the biggest blockage, given that data may end up living in a Cloud that isn't physically anywhere near the UK, with implications for data integrity and privacy.

The basic security discipline here is an idea called impact levels, she explains. If data is grouped so that its loss or importance is equal (so minor stuff here, very confidential there) it is much easier to segregate it and decide which parts can be in very (in)secure public Clouds and what needs to be based in sites in the UK so we know exactly what is what.

“That turns out to be a very solvable problem, actually. What we are coming towards here is that only a part of the G-Cloud needs to be in the public Cloud space – low-security items, such as information websites. More critical applications will be in very secure environments in segregated and protected parts of data centres, where you will have very tight access controls – aisles 3 to 5 are off-limits to anyone not authorised, say.

That will mean the eventual working G-Cloud will be a set of Clouds, or in the jargon, a 'private community Cloud' mixed with public Cloud for some less sensitive aspects of government work. This approach also means, by the way, the private sector can be more easily made part of G-Cloud, which of course strengthens the case that it will happen. “We may end up with some supplier data centres migrating to the Cloud as well as government ones, or at least very carefully designated and secure parts of them.”

Problems to resolve
That doesn't mean G-Cloud is a snap: legal and commercial issues are still not all resolved. “There are some real issues with the way EU procurement law works – which is as we know often an incredibly long, incredibly slow process – in some ways it's a bit of a bonkers way of purchasing things. That has an impact on the app store that people at the OGC are having to really look at.” Craig-Wood says one possible way forward may be “pre-certification” (i.e. some technologies or applications would be government-sanctioned centrally), but admits this area needs more work.

There is also an issue about cultural change. “Some people won't want to give away their 'treasure' – they won't want to give up control of infrastructure, the data they have been looking after or core processes. For that reason we don't see G-Cloud coming as a Big Bang, it will take time and there will be a period of change as people get used to it, especially in some of the bigger Departments.” But again, she is sure these are not insuperable problems.

All in all, then, it seems this practitioner has every confidence that G-Cloud will happen – and even says recent political changes may make it even more likely. “One, the Cloud technically is the only way to make the kind of real rationalisations and savings that the new government desires. And two, it is just such good common sense that it – or something very like it – just has to happen.”

What is the message for the public sector IT leader in all this, though, as we wait for delivery? Craig-Wood says now is the time to start thinking and procuring in a Cloud-ready way. “A lot of the Cloud isn't about nuts and bolts technology; it's about more intelligent purchasing of ICT. The mindset needs to be about looking for ways to avoid unnecessary cost – do you really need those new servers and storage? Is there a way to start sharing infrastructure with neighbours or other departments?

“My advice: start looking to separate functionality today from physical hardware so as to be best placed to use the Cloud tomorrow.”