Buyer beware

Written by Mike Thomas on 12 September 2014 in Opinion

Mike Thomas, managing director at public services network trade body PSNGB, welcomes the principles behind new security proposals for the G-Cloud framework, but warns they could change buyer behaviour.

PSNGB has been asked by Andy Beale, director of common technology services at the Government Digital Service (GDS), for its views on a new security approach prior to submissions for G-Cloud 6 opening

Essentially, GDS proposes that responsibility for assertion of capability will be by the supplier as opposed to external accreditation through the pan government accreditation run by Communications-Electronics Security Group (CESG).

In principle, we think this is a good idea - but there are several caveats. 

Clearly, the questions posed of suppliers and the matching capability assertions need to be the right ones, with some degree of sample audit in place to verify returns.

With this done effectively, the movement away from formal accreditation could uncork a bottleneck preventing very many commercial services reaching public sector buyers.  

We wold also add that in relation to PSN, users require a community of trust -  meaning that accreditation is necessary to guard against vulnerabilities that could impact all users and critical public services.

However, the move may benefit some sectors of the market more than others. 

The changes to the government security classifications mean that there is more onus on the customer to own risk and select services that meets their needs in terms of security, quality and reliability.

This is a good thing; however, it requires the public sector to be clear about user needs and assess the suitability of the solution.

Buyers tend to purchase on the basis of experience, trust, accredited capability and price. 

If you have an existing relationship with a supplier, you are more likely to trust their assertions - if they are well established and have gained a reputation for reliability, you are more likely to trust that they will not let you down.

If a supplier or service has received a quality or industry award, you can trust that they have undergone some investigation or accreditation.

On the other hand, if you don’t know the supplier, have no experience of them and there is no “badge of honour”, then the price needs to be low and the scope for failure limited to balance the perceived risk.

From the supplier side, accreditation is expensive and time consuming.

It’s worth it only if it adds measurably to the market attractiveness and value of your services. In some cases, it’s the essential ‘table stake’ to enter the market.

If it’s not formally required, then attributes like track record, experience, trust and an element of brand value can make the difference in buyer perception.

The suppliers least well differentiated by these attributes are likely to be those smaller, new suppliers that G-Cloud is trying to attract.

PSNGB believes that there are many benefits to self-assertion and suggests that it is implemented, but monitored. 

Buying behaviour will need to be reviewed to see if there is gravitation to those companies with existing accreditations, established contracts and customer references due to this change.

Mike Thomas, is managing director at PSNGB, the trade association for suppliers of PSN services to the public sector

Share this page



Please login to post a comment or register for a free account.

Related Articles

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

Highway Code adds rules for self-driving cars
4 July 2022

Updated manual advises that drivers can ‘turn their attention from the road’ and watch in-car entertainment – but must always be ready to retake control of the vehicle

Russia: sanctions tightened on exports of monitoring and military tech
24 June 2022

New measures prohibit supply of any tech used for ‘internal repression’

Cybersecurity: MoJ signs £1m ‘incident response and investigation’ partner
15 June 2022

Ministry becomes latest department to retain external help in responding to attacks