The G-Cloud dream is dying for SMEs, says Memset director
Kate Craig-Wood, managing director of Memset, one of the original technical leads of the government’s G-Cloud framework, was a strong believer in the initiative, but now says her mind has changed.
Kate Craig-Wood is considering calling time up on G-Cloud - Photo credit: Kate Craig-Wood
I got involved in G-Cloud back in late 2009 as the technical architecture co-lead on Phase II of the project.
Those were exciting, heady times. We had a dream of punching through archaic government procurement requirements with an online App Store. Of unleashing the power of highly-commoditised Cloud services to both improve the quality and reduce the cost of government IT.
Even in the face of depressingly slow progress, I have maintained my vocal support for the project. Now, though, I have had enough. The dream is dying.
Over the last few years Memset - a relatively small business turning over less than £10 million per year - have made massive investments in pursuit of government business via the G-Cloud Framework.
Many of these involved upgrading security systems to meet requirements that were subsequently relaxed.
For instance, we spent £300,000 plus £200,000 a year on enhancing and upgrading our security and compliance for the IL3 security level (restricted or high level government information) and £2m on a high-security data centre, set up to meet the IL4 security level (confidential or national security governance).
Both of these requirements were subsequently relaxed.
These investments, while affordable, have stolen investment from other areas of our business. Our growth over the last few years has slowed as a result. Our faith in the G-Cloud dream has caused us to innovate less and create fewer jobs.
At the same time, we are seeing an utterly pitiful returns via G-Cloud – about £100,000 per year. We do have a fair bit of other government business now, but not via G-Cloud. And it’s still only 6% of our revenue overall. That’s nowhere near enough to make it a profitable venture.
Perhaps the most galling part of this is that we have had no new business from G-Cloud since 2013. With the eighth iteration of the framework due next week we’re asking ourselves whether it is worth it at all.
What are we doing wrong?
I have been asking myself this a lot.
First off, we currently go far and beyond the now-reduced compliance and security standards, so it can’t be that.
Second, then, is cost: the G-Cloud buying guide makes it clear that cost is supposed to be the main choice point.
But we have worked hard to keep our prices as low as possible, and are definitely cheaper than our competitors and have an outstanding track record.
Our specialty is using open source software and generic hardware to provide high-security, low-cost Infrastructure as a service (IaaS), which is fundamentally just virtual machines and storage with some bells and whistles. So it can’t be that, either.
Not to mention that some competitors, such as Skyscape, are powering ahead with stunning revenue growth, while Amazon Web Services – a closed standards platform – has been making inroads into G-Cloud since last year.
It’s not what you know, it’s who you know
If those aren’t the problem, we have to look at our sales approach. And this, I think, is the nub.
We don’t really do pro-active selling, just lead conversion. We are a technically-oriented, cost-focussed Cloud and hosting business. We don’t have padding in our prices to afford armies of salespeople running around, nor deep-pocketed backers willing to allow us to make losses.
We briefly tried hiring some ‘traditional’ salespeople, but their tactics were incompatible with our high integrity, while our technical, introverted culture was at odds with their own.
More to the point, a big part of the point of G-Cloud was to get away from an onerous, expensive sales and procurement process, with buyers able to self-service with minimal interaction – because we’re all basically selling the same stuff.
Sadly, I have to agree with cloud expert Andre Beukes’s assessment of the situation: “In government, it’s who you know, not what you sell - that’s the difference.”
Skyscape have a lot of ex-civil servants on the payroll, and kudos to them for recognising the reality.
But that reality almost brings me to tears: one of the aims of G-Cloud was to break away from the hideous old boys’ networks and closed procurement systems.
Where did it all go wrong?
In order for the new model to work, buyers have to change their behaviour. Because they haven’t, it doesn’t. Without wishing to put all the blame onto the customer, this is probably the biggest factor in the failure of G-Cloud.
But the Digital Marketplace is also broken. Most buyers only go there once they have already worked out what they want to buy – and from whom. But perhaps that’s partly because it’s so hard to find what you’re looking for.
The 2010 vision was of a marketplace - or App Store, as we called it then - with a number of key feature, many of which are still missing, such as the ability to compare prices like-with-like and an eBay-like buyer and seller public feedback system.
Instead, we have a marketplace that can be gamed.
You only get noticed if you spam customers, include the right keywords in your text and get partners to re-post your services to create multiple listings of the same thing - it’s like the bad old days of search engine SEO. At the very least order of the entries should be randomised.
The second big problem is that central government completely ignores its own mandates.
The cloud first mandate? Don’t make me laugh. Only 20% of G-Cloud spend last year was Iaas, Platform as a service or Software as a service.
The open standards mandate; which was first published in 2012 to underline the government's commitment to the wider use of open standards across government, this one isn’t even funny.
We’ve been running OpenStack services –the de-facto open standards, open source IaaS solution, and the only one that can hope to compete with the might of Amazon Web Services’ IaaS – for more than a year.
We entered those services in G-Cloud 7 last November, and are one of only a handful of suppliers offering it on G-Cloud at present, but there is still no interest.
Finally, until recently, the buyer’s guide mandated that the once the buyer had made their selection, they should give minimal feedback to those on the shortlist who were unsuccessful.
We never got any such feedback, and the requirement has now been pulled. But how can we learn and improve if we just get stonewalled?
Death of a cloud
I bear full responsibility for Memset’s government journey to date. Not only did I have a hand in creating the Kool-Aid; I made us drink it.
We passionately believed in the dream of G-Cloud and kept doing so, despite the goal posts being repeatedly moved, the marketplace failing to function properly and buyers acting in the same old ways.
We have learned a lot along the way, not to mention gaining unexpected business from the finance and healthcare sectors, thanks to our enhanced security posture.
But this is little comfort to me, having invested so much – personally and financially– into G-Cloud.
We’re not turning our back on government. We’ll still be offering the public sector high-security services, but it will be on our own terms.
I’m tired of chasing a vision that nobody else seems to be committed to.
This is an edited version of a blogpost that originally appeared on Kate’s Memset blog.
PublicTechnology editor Sam Trendall picks out the big issues that might shape the year ahead. Apart from that one.
UK’s top two civil servants should be handed more responsibility as part of drive to make Cabinet Office more effective, says IfG
Former head of NCSC Ciaran Martin believes that ‘war on Whitehall’ has ended – to minimal discernible effect
Foundation set up in memory of late Cabinet Secretary Jeremy Heywood seeks ideas for how to solve challenges created by coronavirus
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
2020 was a cyber security wake up call for many organisations. Attempting to provide secure remote access and device flexibility quickly exposed the flaws in legacy systems and processes. As we...
In 2020 public sector organisations have been tested to a degree never experienced before. According to CrowdStrike, increasing cybersecurity attacks are an additional complication they must...