G-Cloud - Using SMEs without hurting government security
The G-Cloud framework (a government initiative to encourage cloud usage by government services) has come a long way since its inception in 2012. It has been blighted with criticisms concerning poor search functionality, too much red tape and given a warning by the Major Projects Authority.Now in its fifth iteration, vast improvements have been made. The latest figures from Cabinet Office minister
Francis Maude reveal that public sector organisations have spent £175 million procuring IT services through the framework, almost doubling the spend since January this year. G-Cloud is also helping the government increase spending with Small and Medium sized Enterprises (SMEs), with more than half of contracts awarded to SMEs.
This shift in the status quo has not been welcomed by the oligopoly of Systems Integrators (SIs) who expect to lose out the most. HP has written to the treasury to complain about awarding more contracts to smaller suppliers. This group of SIs have held a cast iron grip on the public sector IT market for years, imposing long, expensive contracts with little room for innovation. G-Cloud is beginning to demonstrate that there is an alternative. As savings are increasingly reported, adoption will continue to rise.
The benefits offered by G-Cloud and smaller cloud service providers are clear – increased flexibility for contracts, significant cost savings, as well more innovative offerings and better customer service.
The standard criticism leveled at smaller suppliers is that they don't have sufficient security procedures in place for the highly sensitive data handled by the public sector.
G-Cloud originally addressed this issue by allowing each of the services on the framework to be pre-accredited for use by all departments up to IL3 (Business Impact Level 3). This meant that a government department or local authority would be able to choose from a variety of suppliers that were already accredited, rather than tendering for each service and accredit each individually. Unfortunately, buyers weren't able to realise this wider choice because the process to accredit suppliers on G-Cloud had been very slow.
In April 2014, the Government Security Classification scheme changed from the seven impact levels to just three classifications: OFFICIAL, SECRET and TOP SECRET. The Cabinet Office estimates that up to 90 percent of data will now be classified at the “Official” level.
Now, suppliers will say how they meet the Government's cloud security principals and buyers can assess and compare services based on a specific requirement. This change in classification is better suited to modern IT than the previous system, which increased cost and complexity.
According to the Cloud Industry Forum (CIF), security still remains one of the biggest barriers to cloud adoption for organisations today. We wouldn't anticipate that changing soon - security should always be one of the primary considerations when choosing a cloud service. Despite that concern, the private sector has been able to seriously evaluate the cloud services they want to adopt and assess their security requirements. The public sector on the other hand has had limited choice.
This change to the Government Security Classification means that the public sector will now have far more choice about the cloud services they use and a fairer, more competitive marketplace from which to buy them.
Peter Groucutt is managing director at Databarracks.