Cabinet Office updates decade-old public cloud-first mandate for central government

Renault confirms Google as preferred cloud partner

Source is

The UK government’s public cloud-first policy has undergone its first major update in a decade, with the guidance now urging central government departments to “challenge themselves” to source services from a wider range of providers to prevent supplier lock-in.

Introduced in 2013, the policy mandates that all central government departments must take a public cloud-first stance when procuring new or existing services, meaning they must evaluate off-premise technologies before considering any other option. The wider public sector is not mandated to follow this guidance, but is strongly encouraged to do so.

Furthermore, organisations that wish to use on-premise technologies have to state a business case and proof that their decision not to use public cloud represents better value for money.

On 19 June, the government confirmed the policy has now been reviewed and updated by the Cabinet Office to include further guidance in the form of nine principles that public sector organisations are being urged to follow when procuring cloud services.

This constitutes the first major update to the policy since its introduction, although – as previously reported by Computer Weekly – its contents were subject to at least one review since 2013, with the most notable one occurring in May 2019.

That process was undertaken to assess whether the guidance required updating to reflect the growing appetite for hybrid cloud deployments in the public sector, but also in response to concerns that cloud-first might not be a good fit for all public sector entities or may not always save them money.

Five months later, the government confirmed the policy would remain unchanged as a result of that review.

Among the principles are reminders for public sector organisations to purchase cloud services through long-standing procurement mechanisms, such as the G-Cloud framework, and make use of the preferential pricing offered to buyers through the Crown Commercial Service’s (CCS) memorandums of understanding (MoU) with various cloud providers.

It also advises users, in instances where they have no choice but to host workloads and applications on-premise, to make use of the government’s Crown Hosting colocation offering, too.

The final principle goes on to advise public sector IT buyers to “consider all vendors” when sourcing cloud services, and to make sure they are using the “most appropriate vendor and cloud services for the task” at hand to encourage competition and spur them on to invest in improving their products.

“Organisations should always challenge themselves on the selection of a specific vendor,” the updated policy stated. “We are keen to exercise the market, and government wants to be a user of a range of vendors. This allows risk to be spread and helps manage market dominance. Where incumbent vendors are used, organisations should be aware of and actively manage vendor lock-in.”

Computer Weekly contacted the Cabinet Office for a statement about its reasons for tweaking the cloud-first strategy, and for details on the timing of the change, and received the following statement in response:

“This update to our Cloud First Policy forms part of our commitment to efficient, secure and sustainable technology,” a Cabinet Office spokesperson said in a statement.

“The improved guidance includes a new set of Cloud Principles to help UK public sector organisations use Cloud to deliver modern services for the British public.”

Back to the start

The roll-out of the original cloud-first guidance coincided with the launch of the first iteration of the G-Cloud procurement framework, with both initiatives intended to stimulate the adoption of cloud products and services in the public sector.

The framework was initially marketed as a tool for initiating change in government IT, which was characterised – at the time – by huge, lengthy contracts being awarded to the same handful of suppliers.

G-Cloud was considered to be something of an antidote to this, on the basis that contractors awarded through the framework were capped at two years in length, while its online marketplace was designed to put SMEs and larger IT suppliers on an equal footing from a buyer visibility standpoint.

In recent years, however, the government has come under fire because the amount of cloud deals being awarded to the hyperscale cloud giants, namely Amazon Web Services (AWS) and Microsoft, has soared, while a number of smaller, homegrown suppliers listed on the framework have gone out of business.

At the same time, the Cabinet Office’s Central Digital and Data Office has been overseeing a push for all central government departments to standardise in terms of the cloud-based systems they use for online productivity, which has led to almost all of them now running Microsoft 365.

Source is

Vorig artikelPodcast: Cloud security, compliance and data classification
Volgend artikelSUSE Report Highlights Cloud Security Concerns