10 reasons the removal of external accreditation from G-Cloud is a good thing.

Earlier this month, we have received confirmation the GDS and CCP were removing accreditation requirements from the G-Cloud catalogue. I always pay close attention to what is communicated about the G-Cloud framework. More than 40% of our revenue came from G-Cloud last year, and we are selling more and more through the framework every week. As 80% of our business is Public Sector, we have been huge beneficiaries of the GDS SME programmes and G-Cloud in particular.

The removal of the requirements to accredit (IL2 and above) follows the complete overhaul of the security standards applied to government data in April this year. Gone are the confusing Impact Levels (interpreted differently by every single government client I have ever met), replaced by the simpler system, which in my view opens up a lot of options, especially at the Local Government level. It also removes “badges” from the G-Cloud store, and replaces them with a self-certification process (which we are yet to see) from G-Cloud 6 onwards.

I have heard views that this move may make it harder from SMEs to compete, as it removes a potential distinction, and may make the buyers more nervous. Everyone can potentially offer self-certified solutions, suitable for anything they wish to make it suitable for. Hence, it may be harder for SMEs to distinguish themselves, or to provide assurance, and the trust may naturally shift to larger players.
I believe that this is not the case. Here are my 10 reasons as to why this is a good thing.

1) Having an IL3 or IL2 certified badge on G-Cloud, while looking good, was of little value to the buyer. Whatever certification supplier brings, the buyer still needs to do a full risk assessment of the solution and of their overall environment. If a breach occurs, ICO or anyone else will not care whether the supplier was accredited – only whether the risk assessment was done and procedures were followed for the solution / implementation. You can implement an accredited solution in a bad way, and equally an unaccredited solution may provide much higher overall level of security of designed correctly.
2) Sure, saying you will only deal with IL3 certified people, makes life a little easier at procurement, but it also means that you disregard solutions that may be even more secure, cheaper or more elegant and simpler, in order to satisfy an artificial requirement. Remember, having a badge, means nothing at all to you – all that matters is how you architect it. Some services demand accreditation sometimes, but even that is starting to disappear, and we have always been successful in having the argument that what we have designed / proposed is more secure than a “vanilla” IL3 would provide.
3) Certification process was long, and GDS had to have resources to satisfy it – the more suppliers, the more resources. If 80% of suppliers sold nothing through the programme, then 80% of certification resources are wasted. And why should all buyers pay for the (often unnecessary) requirements of the few? In many cases IL3 certification was demanded by lazy security managers (see point 1 and 2).
4) The certification was done at a point in time – like all accreditation it was never a substitute for understanding the service, technology or delivery model – which may change, and be different in 6 months – further undermining the value of the badge. Given that G-Cloud contract last 2 years, and the catalogue entry lasts 1 year, so potentially a buyer could believe a 3 year old badge, which is probably useless…
5) For PSN or to achieve their own accreditation for the overall solution, buyers saved very little time in dealing with accredited suppliers – they still needed the underlying information, not just the badge. Good suppliers maintain and understand the information, without necessarily certifying it externally.
6) Most importantly (and I have seen this happen), the badges gave the impression that solution (however its implemented) was suitable for the purpose, and that was simply not true – in fact it aided the confusion and suggested that internal process could somehow be simplified or avoided if only you went with an accredited supplier. It also made security look like a “gated” static process, as opposed to a dynamic, constant and continuous assessment.
7) None of our existing clients have ever asked us for a certification – our competitive advantage has always been in flexibility, price and depth of technology understanding, and it remains there, whether certain solutions are certified. Helping each one of our customers to achieve the right level of security is always part of what we do, as part of every project, so we never saw the reason for doing it “externally” for general purpose.
8) External accreditations (such as ISO27001:2013) provide the same or similar level of assurance, and help demonstrate the company is serious about security internally – and they are “supplier wide”, not simply targeting one offering from them. Hence they are a better guide for buyers, in deciding whether they are dealing with a serious company or not.
9) In terms of competition, the difference between suppliers is very clear – just try inviting 10 people to an RFP. Larger companies tend to have a completely different outlook, attitude and approach to customers, and an SME having a badge (or not) is completely irrelevant in that process. We have the ability to quickly make decisions, start partnerships, put fees at risk, and work on a share reward basis, or do pretty much anything the client wants. If the buyer values this, then they will continue to do so, if not, then they are probably never be our clients, whether we are certified or not.
10) Not having badges, increases the number of potential suppliers for each requirement. On the one hand, this can be bad – too many, and the buyer can struggle to process them properly, but on the other hand, it should force them to look at other factors more, and more competition is always good in the long run. I believe that after a while, suppliers who are not serious about working with the Public Sector will start (this has already begun) to fall away, exposing the ones that are more committed and focused on this market.
The above are my views, and I do not have a deep security background, but purely from commercial / business perspective, I think the change is positive, and will help Arcus and other companies that want to do business in the sector and compete fairly, and robustly.

Posted in Company News

A new Portal from Janet, AWS and Arcus Global.

A new Portal for higher education and research.

Arcus are proud to be part of the launch of a new Portal that enables users in the Janet community to procure AWS cloud services with new, additional benefits. The Portal provides a coherent admins facility and offers:

  • monthly invoicing (no credit cards required for payment)
  • itemized billing, consolidated across users/departments
  • billing in GBP, not dollars
  • the ability to set spending-limits per user, or by department
  • volume-discounts through aggregation across multiple HE institutions

You can watch a webinar about the new Portal here where you will hear a short overview of AWS technologies, and how they are being used by universities, researchers and schools around the world to reduce costs, shorten academic projects, and increase the speed and impact of research. You will also find how to sign up for an account on the Portal.

The webinar is aimed at any user in the Janet community (in HE, FE or schools) with an interest in AWS (whether or not an existing AWS user), and at System Administrators who could act as central points of contact for consolidated, multi-user billing.

You can register for an account and visit the portal here.

 

Capture3

Posted in Company News

Five years in the Cloud.

From humble beginnings

Starting out in the back of the old company BMW, Denis Kaminskiy and Lars Malmqvist travelled the length and breadth of England presenting their new and innovative idea to local and central government departments. Six months later, they moved into their first office at Castle Hill, Cambridge and began to expand the team.

From their small original office on the first floor, that totalled 100 square ft with 2 desks, they eventually moved to a larger office, in the same building.  When the team grew to over 20 people, they moved again, this time to the largest space available at Castle Hill.  The rapid growth continued, and in December 2013 they moved to their current location at the Future Business Park in Cambridge.  In July 2014, with over 40 members of the team, Arcus will be moving again, still in the FBC, but to a new, larger office space.

And now….?

Arcus is proud of how far it has come over the last five years. With over 70 Public Sector clients, the company is now a leading Public Sector Partner for innovators such as Salesforce.com and AWS. Arcus has a turn over £2 million and has achieved a 100% growth rate in the past years.

VLUU L200  / Samsung L200

Happy 3rd Birthday to Arcus

182326_10151003279443627_1417911868_n (1)

The original office…

The kitchen

The new office (kitchen)

 

 

Products, ideas and awards

Arcus Global won its first award in 2011 for their DataTap product.  In 2011, Arcus won the Cambridge Weekly Award for the Cambridge Graduate Business of the Year.

Since then, Arcus have gone on to develop:


Arcus Social

Children’s Centre Management


Arcus Inform

Information Asset Register


Arcus Environment

Building Control

The Future

For this innovative and fast moving company, the future holds many opportunities.  New sectors, products and technology, and maybe even international expansion!

You can discover more about Arcus Global and Arcus products on our YouTube video.

Posted in Company News

Update SalesForce rich text area in a VisualForce page

I’ve just come across this post by Matt Lacey, a day too late as I discovered this yesterday!

Basically the issue is that Salesforce has rich text fields which are not in the least bit easy to re-render. A colleague had a requirement to change the text within the rich text area depending upon the user changing a select value, the base starting points for the rich text area were contained within hidden fields on the form but he needed to update the rich text area upon the select being changed without Salesforce complaining too much.

I inspected the elephant and clocked that the ids he had given to various apex components were coming through properly but that they were mixed up in some sort of colon-and-alphabet soup. That’s where I got to thinking about jQuerys selectors and had a wee brain wave… the missing piece then was looking at the CKEDITOR object and its setData method and we were in business.

Given this structure on the visualforce page:

<apex:pageBlockSection rendered="{!NOT(draftMode)}">
  <apex:selectList 
    label="Request Description source:"
    value="{!descriptionSelected}" 
    multiselect="false" 
    size="1"
    id="descOption">
    <apex:selectOptions 
      value="{!descriptionList}" />
  </apex:selectList>
</apex:pageBlockSection>

 ... 

<apex:pageBlockSection>
  <apex:inputField 
    label="Request" 
    value="{!pagePubRec.Published_Request__c}"
    id="requestText" />
</apex:pageBlockSection>

 ... 

<apex:inputHidden 
  id="customerDescription" 
  value="{!customerDescription}"
  />
<apex:inputHidden 
  id="caseDescription" 
  value="{!caseDescription}" />

We can use this javascript:

<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
  $(function(){
    // Select the select that ends with the id of 'descOption'
    // and listen to it changing...
    $("[id$='descOption']").on("change", function(){
      // Probably not needed but better safe than sorry.
      var $this = $(this);
      // Get the full id if the textarea which contains 'requestText',
      // including all the salesforcie stuff, as that'll be the reference
      // we'll use to grab the correct CKEDITOR instance.
      var cke_editor_instance = $("textarea[id*='requestText']").attr("id");
      if ($this.val() === "Customer Request description"){
        // If the value of the select is "Customer Request description"
        // update the textarea which underlays the rich text editor with 
        // the data from our hidden field...
        $("textarea[id*='requestText']")
          .val($("[id$='customerDescription']").val());
        // ...and set the data for the CKEDITOR instance with the same value.
        CKEDITOR.instances[cke_editor_instance]
          .setData($("[id$='customerDescription']").val());
      }else{
        // We've only got 2 so no need to use a switch or 
        // something else more fun.
        $("textarea[id*='requestText']")
          .val($("[id$='caseDescription']").val());
        CKEDITOR.instances[cke_editor_instance]
          .setData($("[id$='caseDescription']").val());
      }
    });
  });
</script>

Yon Matt Lacey is right though, this is something of a hack… it’s not a terrible hack… but it is a hack! There’s no guarantee that this approach will continue to work, but I’ll keep my fingers crossed while I look around for other alternatives.

Posted in Development

Our new office

Back in December we moved offices to the Future Business Centre in the North of Cambridge.

The Future Business Centre has been set up as an “enterprise hub that demonstrates the possibilities for combining good business practice with the business of doing good”.

We have more space, lots of concrete “feature walls” and views of Cambridge all around us.

This slideshow requires JavaScript.

We are always looking for new talent to join our exciting business, if you feel you’ve got what it takes to hit the ground running in a fast paced start up environment then email your CV to careers@arcusglobal.com or visit http://www.arcusglobal.com/about-us/careers/

Posted in Company News

The fallacy of “national” systems

Merging Service / creating a “national” Software / Platform for Local Government.
There have been suggestions that some councils are just too small. You can see the whole discussion here:

I thought I would pull out some of the points I have made in the discussion, as I thought they were worth sharing:
In terms of merging services, it is a naive and dangerous fallacy to think that “national” systems are more efficient or cost less per organisation, per transaction or per individual.

While this seems logical, this has never (or almost never) happened in reality. There is a reason for it: once all demand is aggregated, there are only one or two suppliers on the planet that can do it, so they just give a very high price. The contract is very long term, so why would they ever improve? (What would be their motivation?), and most importantly, the system would be so complex and cumbersome that daily errors cost millions would simply be marginal and unnoticed.

So the price would probably go from 500k per council to several million.
The idea also fails intellectually: instead of standardising services and processes (so they can be delivered in the same way by many interchangeable, competing providers), you standardise the supplier, to deliver fragmented uneven and complex service. And if you think that this supplier would standardise services for you – why would they ever do this? They make more money without it, you cannot get rid of them, and even if you did, there is no one else in the world able to deliver the service.

This was a terrible mistake to get providers to deliver national programmes before services and processes are made standard. And if they ever become standard, the market will always be a better alternative as competition drives ruthless efficiency and improvement…
But isn’t the Private Sector doing this? Isn’t Santander running the same banking software in all of its branches?
Well, this is very different: for one, scale is the issue. Santander will not be anywhere near the size of Local Government, Nor each branch the size of each council (branches are 20 – 50 people max, sometime less)
They are also working for ONE company, so they are all on the same employment contracts, with the same policy, same pension etc…

Santander’s customers (the public) expect and receive the SAME service across the UK, and their banking needs are similar to one another. They also offer (even the largest private sector organisations) only tens of services (even less in one division of a corporate)

A District Council of 130 people may offer up to 1500 individual services. They have no choice – they have to offer them as legislation demands it.

This matters because it is then possible for private sector to solve it with one process across at least one country. This can never happen in Local Government. The needs of the public are very different. Rural Cumbria, vs central Manchester, vs Kensington and Chelsea will have completely different demographic, spend profile, needs and demands / priorities.

But even IF we ignore all of that, and create one process, forced nationally (being an average, everyone would have it (and it would be hated by everyone, as no one would get what they want).

What would then be the point of Local representation democratically, if the process would be the same, with no or limited ability to change it at a local level. This is true even for things like parking or food safety inspections – do you make a premium service that is fast (and charges the person £1 per use), or a cheap one (free) that is slow? etc…
If the democratic process is pointless and hollow with no power, then why participate – so it leads to erosion of democracy in general at the local level.

So it is not possible to make a national process with such complexity.
But doing so, would be solving the wrong problem. The problem is cost and lack of choice, NOT that the service is different from area to area.

As I said above, we should enforce interoperability and standards on systems – that way a market will emerge. Dis aggregate systems (so do the opposite – make the components smaller, NOT bigger). then the market will grow, it will be compliant to standards, and vibrant, forcing the price down.

Look at the internet for example:

HTML is a standard (an example of), and as long as your website is complaint, it will work, whoever the provider is, whatever it runs on. So the prices drop, choice is abundant, and consumers pay less.

Posted in Applications, ICT Strategy

It is officially Christmas at Arcus!

Christmas

Posted in Arcus Updates

Moving a Council to “Infrastructure Free” on a shoestring

One council created quite a storm at the recent Public Sector ICT event by announcing that they will soon be the country’s first, completely cloud based council. Rocco Labellarte, CIO at the Royal Borough of Windsor and Maidenhead, has spent the last 12 months transitioning the council to Public Cloud based infrastructure. This was done at a cost of only £250,000 – about one third of the cost of data centre refresh.

Rocco said: “It really is possible to move to the cloud without having to outlay vast sums of money up-front. Our data storage costs have gone down to a tenth of what they were, from £1.2 million down to £120,000 per year, savings which more than cover the cost of the migration work, even in the first 6 months.

In addition to this, the council spent approximately £10,000 on 900 new mobile devices which look to save the council 60% on previous mobile bills, and allow browser based access to a number of key applications.

Cambridge based SME Arcus Global, kicked off the council’s journey to the cloud back in 2010, when they were asked to develop a five year ICT strategy. The strategy focused on future, scalable public cloud technology and was well ahead of its time, but it laid the groundwork for the council – 2011 / 12 were spent lining up the business case, understanding council data, systems and major risk areas. By 2012/13 most of the technologies underpinning the strategy became available in the UK, via the G-Cloud. RBWM have begun implementation in January 2013, and will complete its journey by March 2014.

Arcus Global have helped RBWM in their transition to cloud provider Amazon Web Services for its core infrastructure. Skills transfer and training of RBWM IT staff, was a key part of the decision to work with Arcus: Rocco explained that it is important to keep in-house expertise: “Not only does it save on costs in the longer term, but it allows us to be more flexible to future ICT demands. Plus, it means that we are in a better place to ensure we are getting the best service possible from our cloud providers.”

RBWM is not stopping here. They are pursuing exciting new projects in areas of application consolidation and enterprise platform development, where their collaboration with Arcus continues. Watch this space!

Posted in Company News

Barriers to digital change in Local Government

The Department for Communities and Local Government recently conducted an extensive study into the use of digital technologies by those in Local Government. The report discovered that for 72.7% of authorities, legacy systems and infrastructure is the biggest barrier to developing their digital offerings.  This statistic was echoed by the suppliers taking part in the survey with 86.4% of suppliers saying that legacy systems were holding councils back.

The authorities clearly recognise that many of the systems on the market are outdated and actually hinder their digital efforts. However, as highlighted by suppliers in the survey, a staggering 77.3% of suppliers thought that inflexible procurement is hindering councils from picking new, more digitally focused suppliers.  The current procurement rules make it hard for those suppliers without an extensive list of previous experience to win contracts, but how are they to get that experience when they don’t win contracts? It is a vicious cycle that is severely hindering the technological advancement of council systems and infrastructure and something that needs to be addressed nationally.

One of the surprising findings of the survey is that a lack of buy in from senior management and members is no longer seen as an important barrier to progress. Seeing as they listed senior management buy-in as vital to successful digital services, it can only be concluded that this important level of buy-in has now been achieved in most organisations.

For more information on how Arcus Global can help your organisation become a leader in digital change and save money while improving services, please get in touch with us on 01223 911 841.

-          Lauren

 

Posted in Applications, Development, ICT Strategy

Tandridge revolutionises Building Control

A revolutionary new building control system is changing the way the Council does business in Tandridge.

Built in conjunction with Tandridge District Council and the Royal Borough of Windsor and Maidenhead, Arcus Global’s Building Control software is helping Councils to make significant savings by transforming the way their Building Control Officers work.

Stuart Mitchenall, Head of Business Support at Tandridge District Council said: “Arcus Building Control can allow our Officers to be truly mobile. We now see how work that used to be restricted to the office can move to a quick and easy mobile solution.  Not only will this save us time and money, but will also provide our residents with a far superior service as well.”

The system was developed based on a world leading technology platform in full collaboration with Council partners, allowing the exact requirements of the end users to be built in. Serving Building Control Officers have guided every step of the product development, and have defined most of the features.

Alex Weinle, Senior Architect at Arcus Global said: ”It was great to be able to not just copy an existing system, but give the users what they really want and build a system  they desire and need, including features that are often lacking in other solutions. “

Featuring an inbuilt Inspection Officer Diary, Arcus Building Control allows easy routing from address to address for the most efficient service. Full application access from any mobile device such as smartphone or tablet, coupled with full history about that customer, gives Tandridge an unprecedented ability to make the right decisions on the spot.

Piers Mason, Chief Planning Officer at Tandridge said: “Anything that makes our day more efficient is good, but it is even better when you see how these efficiencies can then be passed on to our customers in the form of a better, more responsive service.  Delays to building inspections can cost our customers time and money, so anything we can do to make our service as quick and as efficient as possible is good news.”

Denis Kaminskiy, CEO of Arcus Global said: “The new Building Control system has all the features you would expect from a system of its kind, but simply put, vastly better and cheaper.  There is no need for any costly ICT infrastructure to support our product, which in turn means we can offer significant savings compared to other solutions.  These are difficult economic times for Councils and I am glad that we disrupt the existing market and  provide a better service at a reduced cost.”

Posted in Company News