By Paul Parker, SolarWinds Federal & National Government Chief Technologist
The Cloud First policy is well known throughout the U.K. public sector. It is an important tenant of the government’s digitalization initiative, and a wider push to be “Cloud Native.” To guide this, the Government Digital Service (GDS) published an advice-driven blog post, in which it suggested that IT teams should create “resilient, flexible, and API-driven” applications. At the same time, the GDS is encouraging any staff in defense, government, or the NHS to trial new Software-as-a-Service (SaaS) applications.
It’s a significant statement of the government’s intent. Yet, with over £2.6B spent on cloud and digital services over the last five years, adoption remains comparatively low. One might expect that more than 30% of NHS and 61% of central government entities would have adopted some level of public cloud, which were the findings of a recent FOI request conducted by SolarWinds. Even the Ministry of Defence (MOD), which has adopted some public cloud, stated it had migrated less than 25% of its architecture.
The NHS, central government, and the MOD have all previously made significant investments in infrastructures, which have inadvertently created a legacy technology environment. This technology now forms a barrier to public cloud adoption for 65% of central government organizations and 57% of NHS trusts. Existing licenses for vendor-specific solutions are creating a sense of vendor lock-in, as organizations feel the need to justify their previous investment before adopting cloud technology.
IT directors in the public sector should take stock of their digital infrastructure and investments. With the whole landscape in mind, the question to ask is: “Are these delivering the flexibility and cost-efficiency we need?” The answer for many is likely to be “I’m not sure.”
This lack of transparency stems from an absence of visibility into technology performance. Many NHS trusts (77%) and central government organizations (55%) are either unsure if they are using the same monitoring tools across their whole infrastructure or are using different tools for on-premises and cloud environments. IT departments need to consider how they regain visibility across these disparate systems. Overarching measurement and monitoring tools will likely form a significant part of this.
Security also remains a consideration. NHS Digital only provided guidance in January 2018, affirming public cloud’s suitability for patient data. This delay may account for a significant portion of the security mistrust around the cloud plaguing 61% of NHS trusts, according to a recent FOI request made by SolarWinds. However, security and compliance also remain concerns for central government as well as the MOD, although at a much lower 39%.
To this end, the U.K. Government and National Cyber Security Centre has issued overarching guidelines on cloud security. However, these advisory measures do not go far enough to reassure public sector organizations that the public cloud is secure. It’s easy to understand why the public sector remains reticent about the cloud. Given recent high-profile security breaches, any organization would want reassurance.
Next Steps and Solutions
Much like the implementation of the Cloud First policy overall, it is all trust and little verification. While the government may lay out best practices, there is no real initiative in place to check that these are being followed. In this regard, the GDS may stand to gain from a look across the pond. The Federal Risk and Authorization Management Program (FedRAMP) in the U.S. provides one approach to security across the public sector. With a preapproved pool of cloud service providers, the public sector can easily find trusted, secure solutions. This helps make adoption of cloud services simpler and shifts the conversation from security and assurances to innovation and meeting business needs.
At the same time, IT providers need to make the transition as easy as possible for the public sector. A crucial part of this is monitoring tools capable of working across both a legacy and cloud environment. Using many different monitoring tools may make it difficult to create a cohesive picture of the whole IT environment. With 48% of the NHS and 53% of central government using four or more monitoring tools, this appears to be very much the case in the public sector. Technology providers need to help IT departments overcome this with solutions that are designed to link legacy and new systems into one environment. This will be integral for converting public cloud investment into demonstrable ROI.
Proactive steps are needed to address the uncertainty around the use of public cloud in the public sector. Without them, the U.K. will struggle to make the most of new cloud-centric technologies. Embracing the cloud is critical. Without it, public sector organizations may find themselves struggling in the face of cyberattacks, downtime, and costly maintenance, all risk associated with a legacy IT environment.
Find the full article on GovTech Leaders.