The former CIO for UK government, John Suffolk, has suggested that politicians and parliament strategists are not reacting quickly enough to the potential of cloud computing and as a result public services are missing potentially up to £4 billion pounds per year in savings because of a reluctance to change current IT infrastructure. John Suffolk stated that all governments around the world, including the US and Japan, are moving to the cloud but the UK is slower than most. The reason given for the UK’s slow adoption are security and data confidentiality.
Over the past few years, my company has made extensive use of cloud computing and has also helped many other organisations adopt cloud computing, providing them with significant financial savings. In addition, the businesses also typically benefit from cloud adoption by becoming more agile in response to changing markets and demands as well as improvements in their business processes. So hearing the comments of John Suffolk, whilst not surprising me, certainly frustrated me.
As author of Learning Tree’s Cloud Computing Course, I can support the comments made by John Suffolk in two ways. Firstly, the number of government attendees at courses in the US, far outnumbers those in the UK. The sales figures indicate that there is a very large interest and adoption of cloud computing by the US government. The interest from the UK government is almost non-existent by comparison. The second area supporting the CIO’s comments are in concerns for cloud adoption i.e security and data confidentiality. These are the primary concerns voiced by all attendees of the cloud computing course.
I believe the security and confidentiality reason for lack of adoption is mis-informed. These are not cloud computing concerns – they are general computing concerns and are most certainly not specific to government. They do have further implications in the cloud but most certainly nothing that has not already been addressed. Take for example Google, they have FISMA certification for Google Apps. Amazon have PCI DSS level 1, ISO 27001, SAS 70 Type II, HIPAA amongst others, and these are all for their public clouds. Certain levels of guarantees can only be achieved by private clouds but these would help organisations more effectively provision IT infrastructure and also utilise existing infrastructure whilst meeting security and confidentiality requirements.
Probably the most frustrating thing I find about the claims of the UK governments reasoning for cautious cloud adoption is that they seem to consider their IT requirements and security and confidentiality needs to be different from others when really they are no different from many commercial organisations. Different IT services have different requirements for security, audit and compliance, so it’s a matter of making informed decisions to select the correct cloud services to be used. Further, the government can be considered one of the biggest, if not the biggest, organisation for IT usage in the UK, and so has the potential to make the largest financial savings through scale whilst streamlining business processes at the same time.
Maybe, the major barrier to faster adoption by government is a clear understanding of what cloud computing is. Because the term cloud computing covers so many different services, it is often misunderstood, and this is often not helped by supplier marketing strategies that brand many products as cloud computing when they are not. This was a major motivation for writing the Learning Tree Cloud Computing Course, to clearly define what comprises Cloud Computing, the different types of clouds (public, private, hybrid, community), highlighting the different types of services and how they are provided by the major vendors and importantly demonstrate how a business case can be built for cloud adoption, built on sound technical foundations (including security and data confidentiality). If I notice an increase in UK government attendees I will let you know!