How can cloud take off in Scotland's public sector?
Holyrood’s latest roundtable discusses the steps required if cloud is to become a firm fixture in Scotland's public sector
“I don’t think there is any doubt as to the direction of travel,” said DLA Piper partner, John McKinlay, as he opened Holyrood’s roundtable on cloud computing. Indeed, from the ‘cloud first’ policy adopted by the UK Government nearly three years ago, to the Scottish Government’s national strategy for public sector data storage, cloud computing – storing and accessing data over the internet rather than on a local server or personal computer – is attracting more and more attention as time goes on.
“Cloud, for us, is our digital strategy,” said NHS Education for Scotland cloud transition manager, Paul Donnelly. “As far as we’re concerned, it is our future and it is the only way we’re going to survive in tough times.” The health board, which is charged with delivering education and training to all NHS staff north of the border, will this week go live on Microsoft’s Office 365 cloud platform. A director of digital transformation has also been drafted in to “shake things up”, added Donnelly.
“We were probably like most organisations in the sense that we were corporate IT dinosaurs – for want of a better phrase – stuck in the dark ages where everything had to be touchable,” he said. “Cloud and digital have not really worked that way, so changing the culture and changing the trust element has been the big factor. It is all about leadership at the top and I am lucky in my organisation to have that.”
Stirling Council ICT and information management manager, Heather Robb, said the biggest cultural barrier she faced was within her own IT team given the “comfort blanket” that the existing set-up offered. The council is currently finishing a cloud first strategy with Robb underlining the potential cost savings in a time of increasing financial constraints for local government.
Moving to work tickets on iPads and Android phones, for instance, has meant that tradesmen out mending properties do not have to come back to council HQ at every turn. “They’re going from doing five, six jobs a day to seven, eight or nine and there’s a huge difference in that,” said Robb. “There are real applications, particularly in businesses as diverse as ours because obviously as a local authority we do everything.”
Likewise, for Archie Gray, head of ICT services at employment dispute resolution body ACAS, it is the “mobility” that cloud could offer that he considers most exciting. Cloud is an opportunity for his department to “get our own house in shape while the organisation works out what going digital means”, he said.
That, however, will mean the shape of the team has to change. “We will not need ‘technology people’ anymore, we’ll need people much more round about service, who are much more interested in how the business works and can be much more proactive about working with the business on change and not respond to the business requirement for change,” he added.
That sentiment on staffing is not necessarily universal across all public sector organisations, of course. National Museums Scotland is enthusiastic about moving to cloud with their new human resources system a cloud service, so too their recently procured service desk tool, head of ICT George McDermid explained.
However, a third of the posts in his department remain empty due to an inability to compete with salary levels elsewhere. “There’s slow progress and it doesn’t matter how many people tell me it has got to be high up on my agenda, I can’t keep pace because I don’t have the skills in-house to help me keep pace,” he said.
Even with the right skills behind the scene, the technology means little unless frontline staff are empowered to use it, claimed. Stuart Graham, national infrastructure group support at NHS Scotland. “When I started in IT in health, there was a big push to give all district nurses a laptop with a mobile card in it. I worked for NHS Lanarkshire and Lanarkshire ten years ago had virtually no mobile coverage whatsoever so it didn’t matter where you went with the laptop, you couldn’t get a connection, you still had to go back to your office to plug it in.
"Now, the infrastructure has moved on a long way since then but it’s the same staff you’re talking to who have already been burned by that experience in the past.” It is about “more than enabling” clinical professionals. “It is about empowering them,” he added.
The issue of people extends beyond the frontline, though. “Do we have the wrong people doing the wrong job?” asked Donnelly. Those heading up IT departments tend not to have control of the purse strings, while the final say on projects often rests on the mindset of those in top-tier positions.
“Getting those at the top level, finance directors and chief executives, bought in [is] where government could help, getting influence at that level so it actually comes from the top and works its way down,” added Graham. “It’s never going to happen in health if it is driven from the bottom up because there is always going to be that lid that keeps it [progressing].”
That requires IT being seen as part of the business rather than purely a means to deliver it, suggested Robert Laley, business intelligence manager for the Scottish Housing Regulator. “It is about business strategy, it is not about IT strategy,” he said. “That’s where the leadership within organisations really needs to get up to a decent level of knowledge about cloud and what it can deliver because digital is just a tool to deliver the business.”
The regulator, which is responsible for protecting the interests of 600,000 social housing tenants, switched to a ‘private cloud’ – a distinct platform that sits under the management of the IT department – after a new statutory requirement to collect data around the social housing charter. “What I don’t think we realised at the time is the transference of risk; we have now got dependency on private sector suppliers in a way that we didn’t have before,” said Laley. Taking the next step of moving into ‘public cloud’, in which services are provided over the internet, would require further assurances around risk and a “few of those unknowns clarified”, he added.
In that vein, director of Stratia Consultancy, Paul Maxwell, insisted organisations must learn the right questions to ask of suppliers from the start. “I have been called in to a few different clients where they have engaged cloud providers and it’s not until I’ve got in there and actually lifted the lid up and started asking some pertinent questions [that] they’ve not come up with some very good answers,” he said.
Issues around data security may attract the greatest publicity, though it is clear that people are just as instrumental. Glasgow-based cloud computing company iomart has 35,000 servers under its care, spread across 10 data centres. “The biggest security risk to your data is often your staff rather than your cloud provider,” said technical director, Paul Jeffrey.
“It’s what your staff do with the data you collect: how they interact with the architecture it’s stored on and what type of access they’re given to sensitive data. Beyond the issue of security, it’s then a question of, ‘where are the other risks I’ve introduced to my environment?’ Monitoring and management are key areas. Do other people do that for me? How do they do it? What are their policies? Do they complement mine? There is a long list of issues but it finally comes back to the supplier selection process: how you choose a supplier and what criteria you use.”
Scottish Government officials are currently working with around 100 central government bodies to identify barriers to cloud take-up. “Security, for a long time, was coming out and we have done all our mitigation to dispel those myths,” said digital transformation manager, Jim Gordon.
Officials are also attempting to assess the total cost of ownership behind different hosting arrangements and thereby piece together a picture of the public sector. “Previously, organisations may well have just said, ‘I can buy a server for £10,000, it is going to cost me £20,000 to go to the cloud, why would I do it?’” said Gordon.
“We’re asking them to consider all the other costs associated with that server and then compare the cost of moving to the cloud, if cost is your driver. But [there are] also the additional benefits we’re trying to promote of going to the cloud, such as cost avoidance.
"We’ve already heard of the efficiencies but there is obviously a lot of kit – because of the lack of money that’s been in the public sector – coming to the end of life, so there is going to be a big need to spend to replace these. That large [amount of] money isn’t there. So we’re trying to understand what the government needs to do to prevent that big spend.”
Such was the motivation for the Thistle Foundation, a charity supporting people with disabilities and long-term health conditions, said head of ICT, Scott Moncrieff. Moving to a new building, the charity was faced with a choice between replacing ageing infrastructure and transitioning to cloud.
“Since we have quite a small IT team, one of the things that has directed us to move to a cloud solution was to take that need to stand still and maintain the systems – do the monthly patches, do the maintenance on the hardware – and give that to somebody else to worry about and allow our staff to do the day-to-day stuff, the project stuff, the stuff that provides a better service to the end user.”
For those who are convinced of the benefits cloud can bring, the process of making it a reality seems to be hindered rather than helped by the existing procurement process. “One of the issues that we’ve got with tendering is that tenders generally are weighted towards cost,” said Graham. “I just sat in a tender scoring yesterday that was 70 per cent weighted to cost.”
Meanwhile, National Museums Scotland has recently been through a couple of tenders in which suppliers have been promised a two-year fixed contract with the option of another two. “Quite a number of companies didn’t bid because the minimum they would bid for is three years,” said McDermid. “I can’t guarantee three years, I was struggling for two years, to be honest. I went for a two-year plus one plus one because the framework agreement allowed me to do that. But if companies can’t help me here, I am struggling.”
In terms of the NHS, those sitting on the other side of the negotiating table “see it as a cash cow”, claimed Donnelly. “They literally can walk in and just go, ‘we’ll give you that because we know that we’ll need to sell you that bit and we’ll need to sell you that bit’,” he said.
“We need to look at where the expertise is coming from,” added SystemsUp sales director, Robert Papier. “At the tendering stage, should you be saying to suppliers, ‘as part of this tender process, you have to be able to get it to there’, does it come maybe from having a consultancy budget where you know every new product will need this little bit [extra]. That seems the biggest trip-up.”
There is, concluded Jeffrey, a need to put suppliers under the spotlight. “Be harder on your suppliers,” he added. “And try and get a grip of your purchasing departments to make sure that your tender processes are actually what you need and not what they need to satisfy from a process perspective.”
This Holyrood roundtable was delivered in association with iomart.
Jane Morrison-Ross will join ScotlandIS in mid-August, working with current CEO Polly Purvis, who retires in October
Research by the Association of British Insurers and Pensions Policy Institute suggested there could be nearly £20bn of unclaimed pensions in the UK
While Scotland’s public sector continues to struggle with big IT projects, the private sector is flourishing, but ethics need to be built in
The tech industry body has also appointed a dedicated support manager for the North East of Scotland
Vodafone explores some of the ways IoT is significantly improving public sector service delivery
With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better...
Vodafone today announced the commencement of trials of the world’s first air traffic control drone tracking and safety technology.
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.