The Cloud changes everything

The single biggest business opportunity to impact government is the arrival of ubiquitous internet.

Take an example of an organisation that ignored the business implications of the internet: Blockbuster Video.  One of the last actions of its board before it went into receivership was to order a revamp of its website and stores: a new front end on an old business model.  For Netflix, the arrival of the internet meant an entirely new business – Netflix didn’t duck the business implication of the internet.  Public services is just the same: in my view, the single biggest failing would be to duck the business implication.  So what is it?

Just as in private sector, what the cloud (which is just utility, rather than private, internet) means for large vertically-integrated public corporates is progressive dis-integration & separation of business from technology layers.  As a result, the business focuses increasingly on outcomes, and consumes standard processes from the cloud; and because this stuff is standard, it attracts lots of customers, and so get lots of investment and innovation.  Take a look at the annual Meeker report (published on the internet – where else).  Slack (comms); Stripe (online payments); Square (offline payments); Docusign (transaction mgmt.); Zenefits (HR); Directly (customer service); Anaplan (ERP); Greenhouse (recruiting); Checkr (background checks); increasingly these are becoming low-code and avoiding need for ‘IT people’ altogether.  In fact Techcrunch 2015 reckoned that pretty much all of the software and services a reasonably-sized organisation needs can be consumed from the cloud for approximately $75 per month.

Organisations using these are cheap to run, agile, data-driven, and responsive to customers – all the things we want our public services to be.

Industry agrees: here’s TechMarketView editor on 26 September:

We believe infrastructure services providers will play a crucial role in enabling the digitisation of the enterprise. The underlying infrastructure (e.g. networks, processing, storage) is the platform for the emerging software and services that will fuel the digital enterprise and will therefore be an investment priority for many CIOs.

However, cloud and the digitisation of processes and services will both drive and suppress overall IS market growth at the same time. On the one hand it will draw new investment into the market but by the same token we will see cannibalisation of traditional outsourcing services and an increase in automation leading to cheaper IT services and consequently lower revenue.

So what does all this mean for government?  Three simple things:

  1. We need to start rethinking our business models to be ‘of the net’, not just ‘on the net’; that means taking cloud-first and PaaS much more seriously.
  2. Local service providers need to evolve business models, and procure tech, based on accessibility, re-usability, and consumption of data and capability over that cloud/PaaS. That means proportionate approaches to risk, open data assets, open business logic, open APIs, opening all those organisational black boxes to expose those uncomfortably inefficient value chains, all those ‘commercial-in-confidence’ clauses that hide some of those really embarrassing contracts.
  3. Local public services (health, social care, housing, third sector, and local government) need, somehow, to evolve consistent approaches to consumption & re-use; we’re not competing orgs with different shareholders, yet we behave as if we are. So we need proactive initiatives from the centre that make consumption and re-use easy to specify, procure, & bolt together. Let’s start with commodity tech; then move to commodity business capability.

Imagine this: a place on Gov.uk where you could see the ‘live DNA’ of local services: drill into a local authority’s service to see its service architecture: the actual value chain, with its common service patterns, consumed modules, the supplier, and the cost.  Then imagine, at a click, looking horizontally across other local service providers: exposing everyone that’s currently consuming that service pattern and underlying modules, whose price lowers with each new additional customer.  Imagine the innovation and investment such a consolidated, accessible service architecture would trigger across public, private, and third sectors.  Imagine, too, the democratic impact such accountability would have on our local services.

In fact, probably the single biggest test of the public value of most of us in this room as technologists in government is whether we’ve enabled cloud-based service architectures that make ourselves redundant within a generation or so! Let’s divert more resources to the front line; as far as the public are concerned, management and admin is little more than a necessary evil.  This would be a reasonable indicator of whether we’ve achieved Netflix, or Blockbuster, local government; whether we’re lots of public corporates polishing our websites or whether we’ve the courage to rethink our business model – and even our own future.

 

The new National Cyber Security Centre (NCSC)

The new National Cyber Security Centre (NCSC) opens its doors and brings together expertise from CESG (the information assurance arm of GCHQ); the cyber elements of the Centre for the Protection of National Infrastructure; CERT-UK; and the Centre for Cyber Assessment to provide a single point of contact for SMEs, larger organisations, government agencies and departments.

Their advice is simple. Have a look around at what the NCSC is saying and work out which bits are most relevant to you. Then focus on getting the basics right. You can’t defend against every attack, but by working out what you care about the most, storing it carefully, monitoring it, and having basic protections in place will make it that bit harder for an attacker to get through.

We at CoreAzure have CESG Certified Professionals which is the UK Government’s approved standard of competence for cyber security professionals and provides an independent assessment and verification process for those working in Information Assurance (IA). CESG Certified Professionals scheme addresses the growing need for specialists within the cyber security profession. It sets the standard for UK cyber security professionals.

CCP is not just a qualification — it is a certification which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge and expertise in real-world situations.

If you would like to discuss your Information Assurance or IT security with a certified professional, please give us a call or use the contact form below.

National Cyber Security Centre

National Cyber Security Centre

Send us mail

2 + 2 = ?