Article by: Paul Parker, Chief Technologist, Federal and National Government, SolarWinds
The Cloud First policy is an important statement of the government’s digitalisation initiative and a wider push to be ‘cloud native’. Indeed, the Government Digital Service (GDS) has suggested that IT teams should create ‘resilient, flexible and API-driven’ applications and is encouraging any staff in defence, government, or the NHS to trial new Software-as-a-Service (SaaS) applications.
While a significant statement of the government’s intent, with over £2.6 billion spent on cloud and digital services over the last five years, adoption to date remains comparatively low. Just 30% of NHS and 61% of central government entities have adopted some level of public cloud, according to a recent FOI request conducted by SolarWinds. Even the Ministry of Defence (MOD), which has adopted some public cloud, stated it had migrated less than 25% of its architecture.
Meanwhile, public cloud mistrust remains high in the public sector. 41% of central government organisations, as well as 79% of NHS trusts, do not plan to move everything to the cloud. This speaks to the many challenges that the public sector still faces with cloud adoption. The onus now falls on the GDS and technology vendors to address these issues, which are integral to enabling the public sector to put cloud technology in place. In turn, this will hasten the time to positive results and ROI.
Striking differences between NHS and government cloud adoption
One of the most striking findings is the differing sentiments around public cloud voiced by the NHS and central government. While pockets of innovation are evident within the NHS, such as the Alder Hey Children’s Hospital using IBM Watson, public cloud adoption is less than half that of central government’s.
Between April and December 2017, NHS Digital spent over £32 million on digital transformation consultancy services. Additionally, £23 million was spent with cloud, software, or hardware providers. Given the low rate of NHS public cloud adoption, it would seem that this investment is not reaching individual organisations. Fifty two percent of NHS trusts report budgets as a major concern when it comes to implementing public cloud. This rises to 66% among trusts who had already implemented some level of public cloud, showing that the problems often get worse, rather than better, during the implementation process.
This seems at odds with one of the major potential benefits of public cloud — cost efficiency. Only 17% of NHS trusts that have adopted public cloud expect to see any ROI from the technology and 6% state that they expect to see no ROI at all. This highlights an ongoing challenge that IT teams face to prove efficacy and ROI from public cloud. Tech vendors have an opportunity to step up here with tools that offer transparency into how the cloud is producing cost-efficiencies. This is particularly important in the NHS, where budgets are tight and IT teams are under significant pressure to do more with less.
At the same time, a big part of this budget challenge can be attributed to the shift from CAPEX to OPEX that comes with the cloud, which is challenging for many organisations. This makes it far more important for public sector IT teams to focus on the needs of the user to make the most of that usage.
A little further down the public cloud adoption journey, central government has felt the impact of a lack of digital skills — a concern voiced by 25% of central government organisations. While the digital skills gap is widely discussed in the SMB and enterprise space, it’s important not to overlook the public sector. Science, technology, engineering and mathematics (STEM) initiatives designed to address this should be adapted to tackle the needs of the public sector as much as the private one.
Addressing this plays into a change in IT department culture. IT professionals can no longer only be experts in one field. They need to perform a number of roles and communicate and interact with both the business and IT function. It will be crucial to attract a new generation of talent to work in the public sector, which means being innovators in the digital space, as well as allocating resources for training and development. An initial investment here pays dividends when a new generation of skilled workers can lead the digitisation charge.
A history of common roadblocks
Back in 2016, the GDS was convinced that the public cloud offered assurances of data security. However, NHS Digital only provided guidance in January 2018, affirming public cloud’s suitability for patient data. This delay may account for a significant portion of the security mistrust around the cloud, plaguing 61% of NHS trusts according to SolarWinds’ recent FOI request. However, security and compliance also remain concerns for central government as well as the MOD, although at a much lower 39%.
The NHS, central government, and the MOD have all previously made significant investments in infrastructures, which have inadvertently created a legacy technology environment. Up to this point, this technology has been invaluable in digitalisation, but it now forms a barrier to public cloud adoption for 65% of central government organisations and 57% of NHS trusts. Existing licences for vendor-specific solutions are creating a sense of vendor lock-in, as organisations feel they need to justify their previous investment before adopting cloud technology.
While this may be cost-effective in the short term, in the long term it could be a costly strategy. This is the great advantage of cloud-based as-a-service offerings. These prevent legacy technology issues, such as when an upfront investment fails to deliver the longevity it promised.
IT directors in the public sector should take stock of their digital infrastructure and investments. With the whole landscape in mind, they need to ask, “Are these delivering the flexibility and cost-efficiency we need?” The answer for many is likely to be “I’m not sure.”
This lack of transparency stems from an absence of visibility into technology performance. Many NHS trusts (77%) and central government organisations (55%) are either unsure if they are using the same monitoring tools across their whole infrastructure or are using different tools for on-premises and cloud environments. This is a natural result of ongoing digitisation and innovation from different departments. Nevertheless, IT departments now need to consider how they regain visibility across these disparate systems. Overarching measurement and monitoring tools will likely form a significant part of this.
Why invest in the public cloud?
The Cloud First policy is mandatory for central government and recommended across the entire public sector. This advocates that all new technology programmes or projects in the space should be:
- Meeting user needs based on research from the user group
- Possible to share across government
- Easy to maintain
- More vendor-agnostic (not dependent on a single third-party supplier)
- Providing better value for money
In principle, the public cloud should be the best solution for all these criteria. However, public sector organisations continue to report challenges with implementation. Although with a little action on the part of regulators, the public sector and the tech industry, these challenges can be overcome.
Advisory measures, like the UK Government and National Cyber Security Centre guidelines on cloud security, do not go far enough to reassure public sector organisations that the public cloud is secure. And, given recent high-profile security breaches, any organisation would want reassurance.
Much like the implementation of the Cloud First policy, it is all trust and little verification. While the government may lay out best practices, there is no real initiative in place to check that these are being followed. The GDS may stand to gain from a look across the pond. The Federal Risk and Authorization Management Program (FedRAMP) in the US provides one approach to security across the US public sector. With a pre-approved pool of cloud service providers, the public sector can easily find trusted, secure solutions. This makes adoption of cloud services simpler and shifts the conversation from security and assurances to innovation and meeting business needs.
At the same time, IT providers need to make the transition as easy as possible for the public sector. A crucial part of this is monitoring tools capable of working across both a legacy and cloud environment. Using many different monitoring tools may make it difficult to create a cohesive picture of the whole IT environment. With 48% of the NHS and 53% of central government using four or more monitoring tools, this appears to be very much the case in the public sector. Technology providers need to help IT departments overcome this with solutions that link legacy and new systems into one environment. This will be integral for converting public cloud investment into demonstrable ROI.
Additionally, the public sector should not be looking to the cloud as an enabler of the ‘next big thing’, but instead taking an end-goal perspective. The cloud is not just a solution that empowers IT. It can be a cost-effective, secure and available platform for delivering specific business goals.
Embracing the cloud is critical. Without it, public sector organisations may find themselves struggling. Cyberattacks, downtime and costly maintenance are all risks with a legacy IT environment. In the post-Brexit landscape, the UK public sector needs to act as a benchmark of successful digitisation. This will act as an example to other businesses and help the UK keep pace with our European neighbours.