blog

Cloud Computing for the Public Sector. Please subscribe to our RSS|Feed.

GovCamp 2012 – public sector ‘unconference’

By Douglas | Published February 2, 2012

UK Gov Camp 2012

Last year as part of the G-cloud accreditation process I found myself in the hallowed Google offices in London attending an event where the Government Procurement Service (GPS) were trying to de-mystify the tendering process. A noble aim indeed but I was confused by their odd choice of name for the event, “ApplyCamp“, given the distinct lack of tents (though to be fair Google had lots of deckchairs about).

Well last week I found out where the name came from – the GPS stole it from UK GovCamp. Since 2008 these chaps have been running their own brand of agenda-free un-conferences focused on how new technologies and fresh approaches can solve problems within central and local government.

Sounds lovely but I must confess as a veteran of countless physics conferences with agendas stuffed with keynote speakers I was a little bit incredulous as to how an event with no pre-set agenda but over 200 attendees and 10 parallel sessions was going to function. Well I’m happy to say that I’m converted! Within the first hour all 200 people had introduced themselves and via lots of post-its, about 50 short audience pitches for sessions and a clap-ometer we had our agenda sorted (it took another 10 mins for someone to stick it in Google docs and share it via twitter).

We covered tons of stuff but what has stuck with me is the following:

  • The Department of Transport have built their own document sharing portal using a combination of AWS s3 for storage, rackspace servers and wordpress. Not only has this cloud solution reduced their hosting costs by 70% plus saving them £100k a year for CMS licenses, they find it better meets their needs and the can manage it all in house – kudos! (more here)
  • The Digital by Default program requires that IT managers spend some time in contact centers to really learn how to integrate these services. The stick wont work, we need effective digital services that are fast and easy.
  • The Government Digital service has done just that with the gov.uk portal. Its just launched and is lovely, cant wait to start using it in anger (and stealing bits of the design published on github)
  • There is a real desire to build better open data platforms within local government and the technology to do it. We just need to show that and build some political will to do it. There is a blog post about the open data workshop here, including my dodgy Google docs drawing.
  • While I’m not sure that I quite believe all the hype yet, twitter is a bloody useful tool!
  • More people are passionate about improving IT in the public sector than I would have thought – over 200 folk were crammed into the workshops on Saturday (despite the sandwiches being pretty poor!)

Who needs agendas…

Posted in Uncategorized | Tagged | Leave a comment

What’s a Benjamin?

By Dominic | Published January 23, 2012

Image: nuchylee / FreeDigitalPhotos.net

An interesting post at the Software Advice (website) blog on Public Sector and the Cloud was recently pointed out to me and it got me to thinking about the differences between the Public Sectors in the UK and the USA. It also brought to the fore the similarities.

In the post Michael Koploy discusses the security fears associated with hosting data in the cloud, he says:

There is a widespread perception, if not reality, that data stored in the Cloud is more vulnerable to theft. This could be especially problematic with classified or otherwise sensitive information, which is common in the public sector.”

I talked about this issue myself in a recent post and got to thinking that the risks associated with the cloud are no greater than those associated with hosting on dedicated hardware within your organisation.

Mr Koploy’s rationale for thinking about cloud based solutions for the public sector seems to be primarily financial and he points out the benefits of such a platform very well but eventually seems to conclude that there will come a time when some form of equilibrium is reached with cloud based solutions coexisting with traditional enterprise software. I guess I can sort of agree with that though writing this post is the first time I’ve fired up Word (I guess that could be called enterprise software) ever on this machine as I usually write in HTML in my favourite text editor (even now I’m going to have to export this and sort out the apostrophes and quotation marks), I’ve found very few use-cases where using an application on my local machine is better than using one based in the cloud except when it comes to development. That may change eventually though…

His focus is also in terms of Procurement, a realm we have some experience of in terms of our e-Procura/The Arcus Global Process Engine (See our site for an overview) solution.

I guess the major difference between his consideration and mine was a possible distrust of the Government of another nation. Perhaps the recent overturn of SOPA and PIPA should make us rest a little easier? Perhaps if the same fate befalls similar legislation (I’m looking at you ACTA) then all of my paranoia will be assuaged.

Posted in Applications, General | Leave a comment

Arcus Newsletter – Winter 2012 issue is out!

By Lena | Published January 20, 2012

The last few months have been very busy for Cloud industry: interesting developments from vendors, launch of Government-Cloud Framework and several large-scale adoptions of Cloud products proof that 2012 is going to be a year when Cloud becomes mainstream. In the latest issue of Arcus Newsletter we are looking both at predictions for the new year and at the latest Cloud news in the public sector.

Also in the Newsletter: the latest updates on Arcus’ exciting projects, such as Infrastructure-as-a-Service and Virtual Desktop Environment at county councils.

Enjoy Arcus’ Winter Newsletter.

Posted in Uncategorized | Tagged | Leave a comment

Smaller Projects = Fewer Failures

By Lars Malmqvist | Published January 6, 2012

One of the most heartening things the current government has been doing on ICT policy is the attempt to reduce overall contract size and lifetime value of projects. When the government came into power it established a temporary moratorium on projects over £1M (see this report from the Audit Office  for details on this initiative). The new strategic implementation plan contains a presumptive denial of all ICT projects with a lifetime value above £100M, which, while still a big amount, is a step in the right direction. Typically, the advantages of such initiatives are couched in terms of giving smaller businesses access to the market and increasing competition to more than the usual four suppliers with whom central government has traditionally spent its ICT budget. Procurement efficiency leading to increased value for money, in a nutshell.

The less publicized, but potentially even more significant benefit of this development is the simple fact that smaller projects lead directly to fewer failures. Look at the following chart for a moment from this paper on large scale software failures by Watts S. Humphrey of the Software Engineering Institute :

Two things should strike you:

1. ICT projects fail a lot, at any size
2. When they get too big they invariably fail

These facts aren’t isolated to government, they relate to all industries and all suppliers. It’s the nature of the game and no one, ignoring what their salespeople will tell you, has ever managed to crack it. There is lots of research into this and no one to the best of my knowledge has found anything approaching the definitive answer yet. Rather we seem to have a large number of partial answers, factors that contribute to the probability of failure, but explain only some types of failure for some of the time. More fundamentally, the enormously complex, non-linear, hard-to-parallelise, hard-to-estimate nature of such projects seems to run flatly against traditional notions of planning and control.

This being the rather bleak fact of the industry in which we find ourselves, we can however take heart in the fact that government moving towards smaller project sizes will in and of itself give us all better value for money as tax payers. Quite simply, spending £100M in £1M project sizes will give much better outcomes than spending £100M on a single project. This is true even if you spend the money with the exact same supplier and the exact same people managing it on the client side.

The government and its forward thinking ICT leadership should therefore be congratulated for taking steps in this direction. Let’s hope they manage to shift the culture of Whitehall to reflect it.

Posted in Uncategorized | Leave a comment

Season’s Greetings

By Dominic | Published December 19, 2011

Season's Greetings from Arcus Global

Posted in Uncategorized | Leave a comment

A Business Case For Local Clouds…?

By Dominic | Published December 12, 2011

There’s a fascinating article on Public Technology NET talking about how companies are finding it difficult to move their stuff onto the cloud thanks to what is being called trade barriers (http://www.publictechnology.net/sector/central-gov/data-location-issue-still-bugging-cloud-plans).

This is interesting as I don’t see the cloud being hosted anywhere in particular… I’m guessing this is probably naive but it’s a nice vision I have of things just working.

I don’t zoom into the nitty gritty of some data center somewhere in a back-lot in the good old US of A – one of those nice zoom-ins where your field of view starts in space, next to a satellite perhaps, and gradually falls closer and closer to California somewhere, perhaps panning past an air-liner on the way down and startling some birds. When we touch down we see some huge warehouse surrounded by razor-wire fences and rabid attack dogs. We get to a steel-plate door and see a harried tech guy with a pocket protector and spectacles (which he has to push up after) getting lazer eye scanned in order to get in. We follow him through the door and, while he moves off to the left, we pan right and raise to see rows upon rows of servers stacks… perhaps with some other industrious techy (different ethnicity but still a guy) swapping out a damaged, perhaps gently smoking, hard drive and replacing it with a fresh one.

Nope. I see some nebulous cloud where everything is taken care of for me, I don’t need to worry about crashed hard-drives, rabid dogs or startling a seagull!

And this is the way I hope everyone sees it but I guess the worry is the recent censorious nature of legislation in the States. No one can fail to have seen links to various campaigns associated with protecting IP lately (though my browsing habits are a little geeky so perhaps I’m wrong). It might be argued that it’s only a matter of time before the legislature in the USA decides that if data is hosted in their country then they should have control over it… in the case of BAe I can understand the concern: You really don’t want the monstrous military-industrial complex sneaking peaks at your latest design for a weapon of mass distraction now do you?

But on the other hand I’m not too sure that that is even possible. The sheer amounts of data and the mechanisms employed by Cloud providers means that the location of any particular bit of data is really quite hard to determine. While security through obscurity isn’t a brilliant policy it does mean that that data will be extremely expensive to find for anyone except you.

I’m not sure how expensive it is to task a Navy Seal team to break into your offices in order to access the data you’re wanting to protect but I’m guessing that it’ll not be cheap. I’m not sure how much it’d be to bribe the lowest paid member of staff who has access to all of your sensitive data but I’m guessing it’ll be a whole lot cheaper than either sending in the Seals or trying to wrangle the exact location of your stuff in the cloud.

Heck, once you start thinking seriously about the risks associated with holding any type of sensitive data then it’s easy to go ever so slightly paranoid! We don’t even need to bring into question the trustfulness of your staff. How much would a local lag charge to break into your premises and nick a particular piece of kit?

So, is there a business case for local clouds?

Posted in General | 2 Comments

Role of Developers in Organisations

By Denis | Published December 2, 2011

As Cloud and especially SaaS and PaaS is quickly becoming reality, many internal IT pros working the public sector are asking themselves whether the skills and career paths are shifting. Is it required to have a development team to cater for “small” user requirements such as a DB here and there, or perhaps a complex spreadsheet. These requirements are what fed work to “small” dev teams across public bodies, and created huge potential revenues (if not controlled) for the outsourcers.
In fact, outsourcing muddies the water significantly… A real example from one of our clients: due to a long term outsourcing contract, where the provider would always charge high rates for any “End User Computing” developments, users simply used the tools at hand: namely MS Excel and Access for application development. After 7 years, one “mission critical” app was (is) run off a giant excel spreadsheet, linked to over 250 other excel spreadsheets, taking 15 minutes to load and having 2 FTEs maintaining it. The amount of access DBs is unknown, but between 24000 and 48000 have been discovered.
This will happen when the service is not provided to users, and becuase of this, many IT teams have a super user or a team helping out. This can be expensive, as even 2-3 people costs of 150K+ per year to the council.
Given the advent of PaaS and easy config options, users should have reduced requirements (if trained), however a level of support and small dev will still be required. For this reason, should the Development as a Service (or Coding / Config as a Service) or CaaS, become the norm?
I certainly hope so, and we are beginning to think in those terms and streamlining our internal teams to be able to deliver on a much more “small” dev mentality. This, in the end the vision behind the Agile methodology.

Posted in Uncategorized | Tagged | Leave a comment

Cheesy text

By Dominic | Published November 13, 2011

Cheese Ipsum

I’ve been accused of using purple prose in the past so I’ve decided not to anymore and when I’m developing something for work I use Lorem Ipsum.

Lorem Ipsum is nothing more than filler text, it’s not meant to mean anything but merely to be used as a means of filling space within, in the context which I use it, a webpage.

I used to think that it was simply gobbledygook but it looks like its a bastardised version of a classic Latin text, who’da thunk it?

In my search for something more than the generic Lorem Ipsum generator I found loads of Ipsum generators. I particularly like the Bacon Ipsum and, in a sort of homage to it, I’ve created the Cheese Ipsum. It comes with the option of only using cheese from the classic Monty Python Cheese Shop Sketch in the first paragraph.

I’ve looked at loads of different scripts for generating Lorem Ipsum text (both client and server side) but decided to roll my own using a mixture of vanilla JavaScript and jQuery with lots of ideas taken from other people – sorry if you notice something obvious that I’ve stollen!

This has very little to do with the cloud but it represents a brief window of time where I could develop something that’s been causing a mental itch for a month or two, we’ve just submitted a bid for a project that we’ve been working hard on and I’m blowing off a little steam before we hear back about whether or not we’ve won it.

I’ll keep my fingers crossed as man can not live on cheese alone ;-)

Posted in Uncategorized | Leave a comment

So the G- cat is out of the bag!

By Denis | Published November 10, 2011

Earlier this month, central government released the first iteration of the G-Cloud Framework. It is being wildly discussed on the partner networks, with lots of cloud providers planning to bid. Indeed, according to a Linked in post by Mark Craddock, it attracted something like 80 suppliers on the first day.

This is hardly a surprise. Despite its short duration, this is the first opportunity for SMEs and disruptive suppliers (Google, AWS, Salesforce and many others) to sell to the government directly (or at least be part of the same crowd as traditional oligopolies). We have certainly been waiting for it for ages, and despite its duration, hope to use it lots.
This framework has already save a public sector organisation money. We are doing some cloud piloting at a large county council. Earlier in the year, they were planning to launch their own custom framework procurement in order to be able to buy the apps / services off the cloud. Now they don’t have to. The cost of getting a framework set up is 150K+, so there is a saving right there. I imagine they are not the last.
There are a couple of small niggles though. I suspect that LOT4 (Other Services) of the framework will have 90% of respondents in it, as it will catch now only the consultants and deployment houses, but also resellers. It would be good to separate “consulting” from technology services such as deployment, development or Cloud brokerage. From our perspective, we will be bidding on several lots, bringing SaaS (our own products + several partners that will not bid themselves), as well as a number of offerings in Lot 4. Indeed, it would be better if roles for resellers / brokers could be better defined at the start, as there are differing opinions about how to handle the current situation amongst larger cloud vendors.
I also have reservations about using the somewhat wide NIST definitions, or at least I hope that they will be narrowed. There is little to stop “fake” and rebranded cloud offerings to join the lots. Specifying modular pricing, or minimum / maximum contract commitment would be great. In fact, I had a conversation recently with one of the major vendors who complained that they cannot differentiate themselves enough, as a minimum contract length under the framework is 1 month, where as they could offer 1 hour… It would help to sort “new” utility and client centric models to rise head and shoulders above the traditional lock-in (contract and tech) model.
Having said the above, even in its current guise, this framework is fantastic! I can really see how it will evolve and grow over time, and how it can, if used properly, start to “de-departmentalise” government and bring value to citizens. Ultimately, the test will of course be the amount of business going through it, however I know that several of our clients are already planning to use it. No doubt this first iteration will have its challenges – but as, one of my recent tweets said (paraphrasing one of our major partner Public Sector business development managers) – It will only work for those progressive public sector teams, who have already decided to innovate. The ones that still need convincing, will find plenty of excuses to wait..
.

Posted in G-Cloud, ICT Strategy, Using the CLoud | Leave a comment

The proliferation of layers in the Cloud and what to do about it

By Lars Malmqvist | Published November 3, 2011

There’s an old adage in Computer Science, which goes: “There’s no problem, which cannot be solved by adding another layer of indirection.” One usually goes on to add: “Except, of course, for the problem of too many layers of indirection.” Truth is, layers are great. They have been intimately involved in almost all the great breakthroughs in IT productivity. Fundamentally, they allow us to abstract away unneeded complexity and get on with the work we are supposed to be doing without having to deal with issues that aren’t relevant to us. Assembly language is cumbersome, so we add one or more layers of programming language, which makes our code (almost) human readable and makes us many times more productive as programmers. The compiler takes care of the translation and 99% of the time that causes no major issues. Coding for multiple platforms is hard and time consuming, but with Java or – these days more likely – a nice shiny web application, we can rely on a virtual machine or a browser to ensure that it runs across client environments, operating systems, and hardware platforms. As any web developer will tell you, the process of making something cross-browser compatible is far from trivial and often aggravating, but imagine having to write separate code bases for every target platform instead. A lot less pleasant isn’t it?

From one perspective Cloud Computing in toto is a massive exercise in indirection. IaaS abstracts away the details of hardware and network maintenance and allow us to provision compute and storage resources in a simple interface. PaaS adds another layer that allows you to abstract the OS and system services and only focus on the bits that are relevant to your development.  SaaS, finally, abstracts away most of the complexities of application management and maintenance and allows you to just get on with using the service.

However, the act of abstracting away complexity by its very nature makes the total system architecture more opaque. And with the distributed nature of Cloud Computing systems, this can become a threat to effectively managing your ICT estate. In any given Cloud system there may be numerous vendors involved running platforms with discrete underlying architectures. While some scenarios are relatively simple, for instance a PHP web app running on top of Ubuntu Server on Amazon EC2, others can get quite hairy. Imagine a provider of mobile payment services running a SaaS application on top of a custom mobile provider framework from a second vendor running on Engine Yard running on EC2. SaaS on PaaS on PaaS on IaaS, effectively and it can easily get more complicated if you add in additional integrations and 3rd party web services. At the very least, you would be dealing with four different vendors using four separate system architectures probably hosted in multiple physical locations. How as a customer do I really understand the implications of using this service in my Enterprise Architecture? Some might argue that I don’t have to, just sign-up to and let it be the vendor’s problem. But for any organisation with serious compliance requirements and pro-active management of Service Levels that answer won’t fly further than Superman after a kryptonite sandwich.

This creates two sets of challenges for the ICT organisation: one technical and one commercial. On a technical level, I need to understand how the layers of my proposed stack fit together. What are the potential points of failure, what are the security risks and threat vectors relevant to each layer, and how is the responsibility for my service provision actually distributed across providers? On the commercial level, I need to understand the vendor risk associated with each part of the puzzle, what my real chances of the vendor meeting service level commitments given the distributed nature of the system are, and who I can point the finger at for different types of failure. For compliance, I will need to have risk assessments of each vendor and know how I will monitor that the vendors continue to live up to the commitments they have made. Standards, like ISO27001, help a lot, but are not catch-alls.

This may seem a daunting endeavour, but fortunately doing these types of assessment needn’t be overly strenuous. The Cloud is consolidating on the lower layers, and you only have to assess Amazon once. It is an achievable task to put together a standard set of questions and clarifications you’ll need from providers. If you’re a bit clever about it, you’ll feed that back to your procurement process and make sure that this information is taken in account when assessing vendor risk and performing technology selection.

Cloud Computing for all its great strengths is not a silver bullet. You still need to own and take responsibility for the architecture that you deploy. As the legendary Fred Brooks told us so many years ago, there is an inherent minimum level of complexity to computer systems. Attempts to go beyond this are bound to fail. At the end of the day there is no way to simultaneously abdicate responsibility for your Enterprise Architecture and retain a reasonable conviction that it will remain effective. There never was.

Posted in ICT Strategy, Technology, Using the CLoud | Tagged , , | Leave a comment