‘Use public cloud unless it is not possible’ – government updates guidance

Flagship cloud first policy has been revamped with extra focus on evaluating a variety of vendors to help ‘manage market dominance’ 

Picture credit: Pixoman/Pixabay

Government has revamped, expanded and strengthened its 10-year-old Cloud First Policy, including the addition of guidance instructing public sector bodies to consider a variety of vendors to help better “manage market dominance”.

The policy, which was first introduced in 2013, has this week been given its biggest overhaul during that time – including the introduction of nine core “cloud principles”, as well as a significant revamp and strengthening of long-standing guidelines.

The previous headline instruction – that public bodies ought to “consider cloud solutions before alternatives” – has been changed to advise that organisations must now “default to public cloud first, using other solutions only where this is not possible”. 

Public sector entities are no longer advised that they “remain free to choose an alternative to the cloud” if they can demonstrate its cost-effectiveness. But are instead told that those “who do not deploy in public cloud should ensure they can evidence the decision, business case and value for money behind their choice”.

Additional guidance has also been included to encourage government buyers to “strive to automate the provisioning and management of as much of their infrastructure as possible… deploying technologies which can continually patch and improve”. 

Related content

The updated policy also includes the advice that “organisations should use cloud managed services, avoiding simply using the cloud for infrastructure hosting”.

As with the previous version of the advice, the document clarifies that cloud first is intended to refer primarily to public cloud models. But the amended edition provides additional detail on if and when other forms of deployment may be more appropriate.

“Organisations are always encouraged to use a pattern for a solution in government where one already exists,” it said. “Solutions handling Secret or Top Secret information are unlikely to be suitable for public cloud and you should seek specialist advice.”

Also added to the advice is encouragement for public bodies to consider a range of different potential cloud providers.

“Organisations should always challenge themselves on the selection of a specific vendor,” it said. “We are keen to exercise the market, and government wants to be users of a range of vendors. This allows risk to be spread and helps manage market dominance. Where incumbent vendors are used, organisations should be aware of, and actively manage vendor lock-in. Vendor selection should always leverage government frameworks and other procurement tools. You should always seek advice from your commercial function and Crown Commercial Service to ensure you gain the best value proposition from the procurements you make.”

This update to the cloud guidelines comes shortly after PublicTechnology asked government’s new chief technology officer David Knott whether he would like to see more greater diversity in a landscape currently dominated by Amazon Web Services.

The tech chief indicated that he favoured “a thoughtful multi-cloud strategy”, adding that – with about 15-20% of government systems having migrated to cloud thus far – there is still plenty of opportunity for all potential providers.

“There’s plenty for everybody in the stuff that’s not claimed yet,” he said. “And I think there’s room for all the all the industry players to make have come to some kind of meaningful role.”

The final change to the policy is the inclusion of nine “cloud principles” intended to provide an easily digestible checklist that “strikes a balance between delivering technology quickly, the cost and resource required to do so, and reducing risk”.

The principles are: 

  • Focus on services not servers
  • Public cloud or SaaS first, but if not, use private cloud PaaS and IaaS offerings
  • When you need to use private cloud this must provide the five essential cloud characteristics: on-demand; broad network access; resource pooling; rapid elasticity; and measured service
  • Where you have no choice but to host on-premises, use Crown Hosting
  • Enable teams to use cloud services provided overseas or globally
  • Support code to be reused in the cloud 
  • Build to secure by design
  • Use best commercial practices by leveraging vendor relationships made by Crown Commercial Service through frameworks and MoU
  • Each time you build a new service or feature consider all the vendors: use the most appropriate vendor and cloud services for the task

The guidelines add that extra information on these principles will be provided in various whitepapers that will be published in the coming months. The policy is overseen by the Cabinet Office-based Central Digital and Data Office, which also manages the government spend controls.

“As part of the spend control process, CDDO helps organisations assure the mix of quality and effectiveness of hosting services across their whole life cost,” the guidance said. “This includes capital, maintenance, management, operating and exit costs. CDDO bases its assurance on a number of factors.”

As has always been the case, the policy is intended to be “mandatory for central government, and strongly recommended to the wider public sector”.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter