Offshoring provides major barrier to cloud adoption
A survey of UK Parliamentarians shows there is significant concern that offshoring data is hindering local government cloud.
Releasing the results of a new survey titled Data and Cloud: What Parliamentarians Think, Skyscape shows that there are significant concerns over data protection and privacy in the public sector. The concerns are so strong that many MPs believe that they are a major inhibitor to the greater take-up of cloud inside the public sector.
The 15 page survey looks in detail at the impact of cloud on the public sector. It shows that 82% of MPs want to see greater use of cloud in the public sector. Surprisingly to many, those same MPs showed good awareness of data protection and privacy with many being concerned about geographical location of data. When it came to use of public sector data however, MPs believed that offshoring UK data is the greatest barrier to cloud adoption.
The impact of cloud on the public sector
The introduction of G-Cloud in February 2012 was a major change of focus for government use of IT. It broke with the tradition of large IT vendors cornering the market and created an opportunity for SMEs to deliver local services. While this has been seen as a challenge at the local rather than the national government level, November 2014 showed that 57% of G-Cloud sales went to SMEs.
According to the Government Digital Service (GDS), G-Cloud has had other advantages besides increasing the involvement of SMEs. The biggest of those is efficiency. In April last year it was estimated by the GDS that G-Cloud had delivered efficiency savings of at least 50%. It is this level of saving that has led to councils such as Bristol signing major deals to move their entire IT operation into the cloud.
The savings that G-Cloud is delivering is accepted by a majority in both houses of Parliament . Furthermore, there is increasing evidence that it is speeding up the ability of government departments, at all levels, to implement new policies more quickly and effectively than ever before. Given the public perception that government is slow to react, this is a significant boost for cloud providers.
While over 80% of MPs and peers accept the need for greater use of cloud in the public sector, its ability to create jobs and the fact it drives innovation, not everything is rosy. SME participation is central to the G-Cloud message yet this survey shows that as little at 27% of MPs believe SMEs are getting easy access to government work.
The survey authors postulate that this is likely to be more about direct representation from constituents rather than any direct evidence. However, as there have been a number of press articles looking at the success or otherwise of SMEs with G-Cloud, this is something that the GDS needs to look at more closely.
What isn't in question is that G-Cloud has gone from 258 supplier to over 1453 suppliers in three years, with the potential for further growth.
Data challenges holding back cloud adoption
Data offshoring is not a new problem. When the US introduced the Patriot Act there was and still is a widespread belief that this would put data at risk. In reality, the Patriot Act has had little known impact on data privacy and security. Instead, data risks have come from poor security practices, state sponsored hacking, mass global surveillance, cyber criminals and, as of last year, the simple subpoena.
2017 will see the enactment of the European General Data Protection Regulation (GDPR) with fines of up to 5% of global turnover or €100 million whichever is the greater. This should help to improve data controls but there are no guarantees.
One of the current requirements for G-Cloud buyers is that they must identify the location where their data will be processed and stored. According to the survey this is to understand:
- The legal circumstances under which their data could be accessed without their consent
- How data handling controls are managed in relation to UK legislation
This raises questions as to how many buyers are doing their due diligence. For example, there is evidence, not raised in this report but in another by CipherCloud, that shows a lack of knowledge when dealing with "Safe Harbor" principles.
Most buyers accept the word of the sales team that data will be stored in accordance with these principles without checking and receiving proof that the US company concerned meets all seven fundamental data protection principles. CipherCloud reports that 70% of cloud applications hosted inside the US and used by European organisations do not meet the "Safe Harbor" principles.
Unsurprisingly, 97% of MPs and 83% of peers agree that the UK provides adequate data protection for processing public sector data. Concerns over other jurisdictions, sadly, appear to be split more around political lines rather than being based on technical knowledge. The Liberal Democrats (63%)were more pro EU-based storage while Labour (24%) were more sceptical about the US than the Conservatives (46%). Of worry to many will be that the Conservatives distrust of Europe meant that only 12% believed it more secure than the US.
One of the big restructuring moves to make it easier for both suppliers and buyers to understand the security of G-Cloud was the simplification of Government security classifications announced in April 2014. A concern in the report was that despite the overwhelming demand that cloud data should be securely stored, the majority of respondents had no idea of what that was. It was also telling that only 3% of MPs and 10% of peers knew what the GDPR was.
All of this leads to a general agreement among the majority of MPs and peers that offshoring UK data was a major barrier to cloud adoption. This was only just ahead of security and privacy with a lack of education and awareness just a percentage point further back.
What this suggests is that MPs and peers understand the general principle of protecting government data but, in reality, have little understanding of the relevant laws and requirements. Several UK ministers have used the phrase Cloud First to imply a greater need to focus on adopting the cloud rather than build internal IT solutions.
This is an interesting report from Skyscape and comes at a good time, just before a General Election. While G-Cloud is unlikely to be affected by the election, many central and local government departments will need to make clear their spending plans for financial year 2015/16 in the next two months. Moving IT to the cloud to deliver services more cost effectively will inevitable be at the heart of those plans.
What has to happen now is better education and clearer guidance from both central government around security, privacy and data protection as well as suppliers being more transparent.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Public Accounts Committee warns that lack of support could imperil delivery
Citizens will be presented with details of five or more hospitals or other options
Minister says that all public-sector customers have now moved to alternative provider
In a piece written for PublicTechnology, parliamentary secretary Alex Burghart discusses progress with One Login and the significance of legislative changes
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...
Adam Green (Loc... (not verified)Submitted on 20 February, 2015 - 16:35