Public sector myth-buster: Six myths stopping the public sector from moving to the Cloud

Written by Microsoft on 18 April 2016 in Sponsored Article
Sponsored Article

Microsoft analyses six common misconceptions about cloud migration

Data silos, “crap IT” (in the words of Cabinet Office Minister Matthew Hancock at last month’s Government Digital Service conference), and varying levels of digital capabilities and skills are but a few issues affecting much of the public sector –  from local councils to central government departments to NHS Trusts – and their ability to deliver the government’s Digital by Default agenda.

As increasing emphasis is placed on the role technology plays in cutting costs and improving service, these issues are significantly impacting how most public sector agencies and organisations are using technology. As a result, many public sector organisations are struggling to realise many of the benefits of going digital.

The Cloud, however, can help public sector organisations overcome some of these issues. Take for instance, Hancock’s “crap IT”. As Cloud computing means data is stored, managed and used over the internet instead of on a computer’s hard drive, organisations and agencies can take advantage of a more secure, flexible and smarter way of working without overhauling their IT kit.

Yet despite the many benefits of cloud services for public sector organisations, there’s still some reluctance on the part of public leaders to commit to the Cloud. One reason for this is a lack of certainty around what the Cloud is, and what the public sector can and can’t do.

This article, therefore, takes a look at some of the common policy, security and technology concerns and busts a few myths around how the public sector can use the Cloud.

1. Policy Lag

As technology continues to develop, and providers continue to innovate, digital solutions and systems are beginning to develop much faster than the policies that regulate their use. This is a particular challenge for highly regulated industries such as the public sector.

As a result, departments, agencies and local services often find that a policy or internal process for data storage, data sharing or software use was created before the advent of the Cloud. This often leads to misconceptions and confusion over how, or even if, the public sector can use the Cloud.

Take data loss policies as an example. Most data policies were introduced 5-10 years ago at a time when paper documents and memory sticks were prevalent. But policies created to protect physical data loss can be incorrectly applied to data in the cloud. It’s policy lags such as this that can slow adoption.

This is not a huge barrier to adopting the Cloud, however, as all that is needed is a re-think of data policy.

Generally, there are very few obstacles preventing public sector organisations from moving to the Cloud now that the new government Security Classification Policy is in place.

Read more Cloud myth busters in our whitepaper Gartner Research: The Top 10 Cloud Myths here

2. Data Classification

Public sector data is divided into three categories – official, secret and top secret – and many public sector organisations do not fully understand what type of data can be stored and managed in the Cloud.

According to the Cabinet Office, all official data can be stored and managed in the cloud. As 87% of public sector data holds the official classification, Cloud adoption across the public sector is a very real and beneficial possibility.

However, there is still some confusion over whether all types of official data can go in the Cloud.

For example, ‘Official-sensitive’ data is often seen as data that should be dealt with differently or even as its own classification between ‘official’ and ‘secret’.

However, “sensitive” is merely a descriptor for data classified as ‘official’ that must be treated with more care. As a result, it does not make the data unsuitable for use in the Cloud.

3. Outages and Breaches

Outages and breaches are understandably a key concern for many public sector organisations. While outages affect all industries, system failures for government departments, local authorities and health organisations can have a direct impact on service delivery.

However, the perception of outages and breaches as covered in the media can be likened to the impact of a plane crash on the way people perceive travel safety. While horrific and widely reported, the crash doesn’t change the fact that air travel is still the safest mode of transport.

Despite high profile outages and breaches receiving significant press coverage, the Cloud is still safer and more reliable than most on-premises environments. Cloud security should be viewed in the same way as reliability, and Cloud services should be seen as a partnership between customer and service provider with both parties sharing responsibility.

4. Data Protection

The debate around privacy and data ownership has been prominent since Edward Snowden blew the lid on the scale of NSA and GCHQ operations. With the recent FBI case over the rights to unlock a terrorist’s iPhone, the debate around data ownership is once again dominating headlines.

With this comes an assumption that service providers like Microsoft are complicit in handing over customer data. In Microsoft’s case, this couldn’t be further from the truth.

Ultimately, your data is your data only, and so Microsoft goes to great lengths to protect it.

Should we receive a reasonable request, we follow a specific process, working with the customer first in order to keep them informed, maintain transparency and ensure their data is protected in the right way.

5. Cloud adoption

Quite often many public sector organisations believe that once they have adopted the Cloud, they have to store all their data there and are no longer able to use on-premise data storage.

This is not the case and a Cloud solution does not have to a black and white on-prem/in-cloud debate. A move to the Cloud is rarely 100% and through Hybrid options public sector organisations can decide which workloads to migrate to the cloud based on their business and security needs.

The key to the Cloud is flexibility over your operating environment, and so there are plenty of different Cloud options for you to choose from.

Find out more about our Hybrid Cloud offers here

6. Committing to one vendor

Last year the government published rules to reduce the dominance of a small number of IT suppliers offering inflexible contracts to get a “tighter grip on IT spending”.

Just as public sector organisations want the flexibility to decide how to use the Cloud, so too do they want flexibility over contracts and suppliers.

A key concern among public sector organisations is therefore around getting trapped into a long contract around the cloud. With the Hybrid Cloud, there are a number of different options available meaning organisations don’t have to worry about staying with one vendor if they believe it isn’t the right choice.

Find out more about our Hybrid Cloud offers here
Want to find out more about the Cloud Security? Download our latest e-book Cloud Security Demystified here

Share this page


Related Articles

UKCloud collapse caused ‘no unexpected service disruptions or cost to public purse’
30 May 2023

Minister says that all public-sector customers have now moved to alternative provider

Home Office anti-terror comms-interception unit hires £6m project managers to address ‘lack of skill set’
6 June 2023

NCDS is currently engaged in ‘moving towards new ways of working’ to reflect legislative changes

Scottish minister warns on Westminster’s ‘hands-off’ approach to AI and requests urgent UK summit
6 June 2023

Richard Lochhead compares technology to previous industrial revolutions and says government’s job is to minimise harms and spread opportunities

Department for Science, Innovation and Technology made up of 800 DCMS staffers and 935 from BEIS
6 June 2023

Minister reveals that newly created department is still working on employee transfers

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...