Digital

Cloud computing in the public sector

Man with screen cloud ICT 14736908_l Pearse Ryan explores some of the key issues in the implementation of public sector cloud, in the light of the Edward Snowden leaks.

Cloud computing in the public sector is a hot topic and a topic not without controversy. Of itself, cloud computing brings up issues for customers to consider, whether in the public or private sector. Particular issues are accentuated when viewed through the prism of public sector bodies.

All of those issues were in the process of being worked through, albeit at a slow pace, when the recent Snowden revelations put the cat amongst the pigeons. We are all aware of the revelations in relation to mass data interception by the NSA, acting in conjunction with the national intelligence services of the so-called ‘five-eyes group’ and other western intelligence services.

There is no doubt that these rolling revelations have shaken confidence in the cloud computing industry and, in particular, by reference to the suspected ease with which certain large telecom and cloud based suppliers have facilitated national security agency mass interception of personal data.

In the EU, the Commission and Parliament have taken up the issue and there will likely be fall-out, potentially at the legislative level, in the potential short to medium term. It does seem clear that recent revelations will have an impact on both cloud suppliers and customers alike.

At local level, it is likely that Ireland will ultimately adopt a public sector cloud policy similar to that adopted in the UK. This essentially involves offering to public bodies, on a catalogue type basis, a range of mainly SaaS solutions hosted on a g-Cloud, a private government cloud or hybrid public/private cloud. There are good policy reasons for adopting this type of approach although it remains to be seen whether, given the (relatively) small scale of the Irish public sector by the standards by which the large cloud suppliers operate, this strategy will ultimately bear fruit. We are in the early days of development of an Irish g-Cloud.

Cloud Computing Strategy

The formal cloud strategy is set out in a Department of Public Expenditure and Reform document, entitled Cloud Computing Strategy, dated June 2012. Thinking seems to have developed since then and we await publication of a subsequent strategy document. The 2012 strategy involved two main components:

• consolidation of data centres: and

• cloud computing services.

A data centre consolidation exercise is a sensible exercise. Logically, this would require an element of external service delivery, whether by reference to the physical data centres within the public sector framework or the management of those data centres, which the strategy recognises.

Cloud Computing 13876574_xxl it is stated that “it is anticipated that Cloud Computing will be a key part of the strategic future of ICT in the public sector, eventually becoming the default and primary delivery mode”. Use of private cloud solutions will be “limited to those that receive sanction based on solid business case and specific, unique requirements”.

Use of public cloud solutions are subject to a specified criteria-based test and in relation to hybrid-cloud solutions “the public sector will seek to develop a Public Service Community Cloud to negate the necessity for private clouds and to provide another Cloud option where the public cloud is deemed not suitable”.

It is likely that we will see an attempt to create the same type of cloud services catalogue which the UK Cabinet Office has championed. Essentially, suppliers would be asked to make their services available by way of a government cloud or, alternatively, using some form of hybrid cloud. Use of the public cloud would be reserved for particular instances, where it is felt appropriate from a security, policy and data protection compliance perspective.

The above forms the basis of a ‘cloud-first’ strategy. We are some way off achieving this strategy in reality, although it is in the nature of cloud computing that, once decisions are made, implementation can occur quickly.

Conclusion

There is no doubt that cloud computing is here to stay and will form an increasing part of the public sector landscape. The cost savings and efficiencies available through medium to large scale use of the cloud are simply too attractive for the public sector to ignore.

The issues for the public sector largely turn on migration to the cloud in a way which does not, firstly, render some sunk costs as wasted costs and, secondly, in a manner which is both secure in terms of data integrity and, in addition, complies with data protection legislation obligations.

These are not insignificant requirements and, overall, the cloud industry is beginning to show an improved awareness of customer issues and, in particular, public sector issues. We are slowly moving from a position where the cloud suppliers adopted a very rigorous business model, often unattractive to potential public sector customers, to a position where there will likely be a meeting somewhere in the middle.

There are a number of initiatives which will assist this development, which include involvement of the European Commission in a variety of standard setting and contract drafting type exercises. In addition, the industry is now more actively engaged in discussion with customer representative bodies, as well as representation before national and EU bodies, gradually moving towards a middle-ground which would be acceptable to all relevant parties.

In the interim, Ireland will likely proceed with its public sector cloud computing initiative, being mindful of developments at international level. Certainly, public sector cloud computing is in its early stages and will have a significant impact on the delivery of public sector services in the medium to long term.

Pearse Ryan is a Partner with Arthur Cox.
Tel: +353 (0)1 618 0518
Email: pearse.ryan@arthurcox.com

arthurcox

Show More
Back to top button