Roundtable: Cloud computing in the public sector
Many public bodies are moving data to the cloud, but there are challenges to implement the change
Holyrood and brightsolid roundtable - Image credit: David Anderson/Holyrood
Among the goals for transformation across the public sector in the Scottish Government’s digital strategy, published in March 2017, is for public bodies to move data hosting to a cloud environment wherever appropriate.
Within the Scottish Government the aim is to use common platforms and infrastructure, including cloud hosting, and introduce cloud-based collaboration tools that extend to partners who are not on the government secure network.
But while moving some of their data to the cloud might be on the agenda for many public sector organisations, it’s not always that simple.
There are questions around security, transition from on premise to cloud – and the culture change that goes that – linking cloud to legacy systems, plus the changing skills that are needed to negotiate and manage cloud contracts.
Even the term ‘cloud’ itself is not always straightforward, encompassing as it does software as service, platform as a service and infrastructure as a service.
It was some of these areas that a group of representatives from different bodies across the public sector – local authorities, national public bodies, the NHS and the justice system – sought to discuss as they met for a Holyrood roundtable discussion in association with brightsolid, a Scottish data centre and cloud hosting provider.
Of course, the ability to share data within and between organisations is one of the benefits of cloud – and another area that the Scottish Government intends to improve as part of its digital strategy – and this was where roundtable chair Ken Nicolson, of Revenue Scotland, opened the discussion.
He said: “I’m really struck with the flexibility in what the cloud offers. It is clearly at the fore for data sharing.
“Every organisation pretty much around this table will be sharing data, often sensitive data, personal information and health and care strategy, digital health and care strategies, clearly you want to be evident in this area involving local government, social security and, of course, NHS as well.”
This led on to a discussion about challenges for data security and GDPR compliance with cloud hosting, but Claire Taylor from Scottish Courts and Tribunals Service (SCTS) suggested that there should be no difference in how you manage data regardless of where it was hosted.
She said: “For me, whether you host your data in a shared service cloud solution or on your own premises, your GDPR requirements are identical, your data security requirements are identical… it’s more about just making sure that the access is correct.”
Taylor went on to suggest that the issue of moving to the cloud was more around culture than management of data, about staff fears that data was being held somewhere they cannot touch it.
“Those are more issues for me than the cleansing of the data or the quality of the data: security of data, for sure, but more access and also internal culture about letting go of the bits of tin,” she said.
However, data retention can be an issue when considering the benefits of cloud.
Taylor suggested that the amount of data that the SCTS is dealing with and the length of time it has to be kept would negate potential savings from cloud hosting.
She said: “When you’re talking about audio files for six or seven hours in court and then maybe the notes [judges] make in their chambers afterwards, that turns into an awful lot of data very, very quickly. I’m not convinced under certain circumstances that cloud is cheaper.”
Another wide implication of the cultural shift needed to embrace cloud is the change in skillsets needed, which Nicolson suggested are “more commercial than technical”.
Charlie Anderson, head of IT at Fife Council, said there were two shifts he had noted.
“From the start we’ve always said that technically we could see ourselves starting to manage a diversity of services and a diversity of providers, so it’s been key for us to put that management layer and capability in.
“So yes, it’s part commercial, but there’s also a degree of technical, having that integrated view of what’s working, not working, what’s running well, what’s giving us our money’s worth.
“And that’s a skillset that’s building, from a technical perspective.
“But we’re also seeing a much greater shift towards what I would call a solutions architecture-type job, where you’re actually looking at cloud-based services and thinking about how can we pull these together to meet business demand.
“So it’s much more of a brokerage-type service and art of the possible-type discussion we are having.”
Paul Dick, information security officer with Perth and Kinross Council, agreed.
He commented: “I think Charlie’s spot on about the brokerage idea and the IT guys having to learn, the modular nature of the cloud services, how to pull these together to make an appropriate package that’s going to service the needs of the business in that.
“I also think that we’re going to live and die by contracts on these services and it’s whether the guys in IT, who’ve been doing IT procurement just now, do they have enough knowledge at the moment to deal with the contracts they’re going to be involved with?”
Anderson added: “It’s almost like moving from an electrician to being an energy consultant.”
Chelsea Jarvie from the Scottish Government’s Social Security Directorate suggested that as cloud is a “relatively new technology”, at least in public sector terms, the skills of people who have worked in the field for a long time might be outdated and it could be difficult to get graduates with the right skills.
While cloud itself isn’t actually new, and in many cases websites or HR systems had been hosted remotely for some time, the consensus was a lot of the challenges around moving data to the cloud hadn’t been dealt with before, and one of those issues is legacy systems.
Peter Tollund of North Lanarkshire Council Tolland said: “A lot of them [legacy systems] have been there for a very long time and I think how we integrate those probably haven’t explored in any great depth by many organisations.
“And it was interesting, thinking of cloud as new, I think some of the challenges are new.
“I’m not finding it easy to find someone to talk to about how you integrate to a legacy system. There isn’t people who have been doing it for five or ten years.
“Likewise, I haven’t found people who have moved their data from one provider to another. So there’s lots of new things for me in there as things move across.”
Another challenge in the procurement process is the ongoing expense of a cloud set-up compared to the more traditional model of buying a piece of hardware or software at a given point.
Anderson said: “You’re into the realms of having to get much clearer about what that capacity forward management looks like and how it’s going to be bought and paid for.
“And just as there’s a bewildering array of services, there’s a bewildering array of ways to pay for them in the cloud and how do you know which one is most cost effective,” he said.
“We’re looking at automation tools right now and I’ve seen all sorts of things from per user to per robot to per process.
“And you think, which one will be the most cost effective and what do we buy now and how do we get that through procurement?”
This can make it difficult to try new things on a smaller scale and develop using agile processes, it was suggested.
However, there are issues with, on the one hand, a perception that there is in increased risk with having data on the cloud and, on the other, of inflated expectations, that the cloud was being presented as the solution to all problems.
David Proud, associate director of IT services at NHS National Services Scotland, had found a move to the cloud was considered too much, particularly in light of high-profile mistakes in the health service in England, while Scotland has a good track record, so people were wary of eroding the trust.
“There’s certainly a perception [of increased risk],” he said.
“We were replacing our data warehouse, there’s a huge amount of confidential data and just the thought of putting it in the cloud was too much, too big a step for people in one go.”
Instead they chose a solution that was like an on-premise cloud, which was hosted in their own data warehouse but has cloud-like qualities in terms of spin-off environments and scale up.
“It’s a step towards it,” Proud said.
“We can then change the way we work and put in place our new way of working and develop some skills.
“In the meantime we’re sorting out how comfortable people are with where the data sits. So kind of separating the two, if you like.”
Taylor agreed that steps could be helpful: “Getting people comfortable with hypervising, with not having separate boxes for things, with having it all in one box, and then you take the next step and say, well, this moves a little further and a little further and a little further.
However, she added that she found the actual term cloud computing “really confusing and really unhelpful”.
“Talking about hosting, which is basically you’ve got a box somewhere or a set of boxes somewhere, and, yes, there’s due diligence to make sure your data is separated from everybody else’s, if that’s the way you want it, is one thing.
“…But software as a service is somewhere completely separate and I think there’s this sort of… blurring of the lines between them.
“And, yes, I definitely am nervous about software as a service for us because of the sort of data that we hold, even for staff.
“The fact that someone knows that you work in criminal justice is a problem. You’re then a target in way for things that you wouldn’t be in other organisations.”
Jacqui Petrie of brightsolid said that she heard cloud computing described as a business model rather than a technology, and that’s what it is, a utility business model.
She said: “It’s more about the business model and it is just about the flexibility and the scalability of it and that’s really what you’re describing in any hardware environment, because at the end of the day it’s still sitting in tin in a data centre somewhere.”
However, sounding a note of caution, Dick suggested cloud was often “being sold as electric magic to the wrong people”.
People at a senior leadership level were getting the message ‘Put it in the cloud; it’ll be cheaper, it’ll be better and everything will be great,’ he said.
He said: “And then you look into it and go, ‘No, it won’t, unless you do this, unless you do that, there’s all this stuff to put in to do the cloud that you’re asking for, that you don’t know you’re asking for.’
There’s an education for the directors, he said.
“They need to be educated and to understand what they’re being told by the sales people and also what they’re asking for, because they don’t know what they’re asking for.
“They’re asking for savings. They’re asking for flexibility.
“They’re using this word cloud because they think that’s what’s going to make it all happen. But they don’t want to know the complexities underneath.”
The mobile connectivity programme will target areas of rural Scotland with no 4G coverage
Only 58 per cent of council websites were rated satisfactory for information on recycling and rubbish in SOCITM’s Better Connected survey
Andy Grayland has been appointed as the first chief information security officer for Scottish councils
The UK Government has announced the first recipients of Local Full Fibre Network funding
Vodafone explores some of the ways IoT is significantly improving public sector service delivery
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.