URGH! GPS, that's another delayed mess you've got us into - suppliers Government Procurement Services is running well behind schedule on the forthcoming £1.2bn replacement to its exiting IT product framework before tender documents have even been dispatched to suppliers. Tech firms told us they had been due to receive the documented structure for the Commodity IT Hardware and Software (CITHS) …
Yes, I thought it was going to be a tale of how important deliveries ended up in a field due to a navigation issue.
Mind you, given the efficiency of government procurement, they probably wouldn't notice if half the stuff spent a month in a lorry in a field somewhere while being delivered.
HM Treasury ain't gonna do it.
They need the cash so I'd guess any and all contracts will end up with Treasury biased psuedo-companies.
One way of doing so seems to be the informal "old boy" network and the other is to make procurement processes so difficult to work and/or understand that it is out off reach of most bona fide SMEs
"Cloud first" has been put on the back burner because the options available are absolutely dire. So you're an SME and you've battled through the GPS paperwork and IL3+ certs and all the other bother and you've finally got a contract, that dream job of a proof-of-concept analytics stack for a major department, and top of the list is "Cloud First".
"Well, that's alright...", you think to yourself, you've worked with AWS and GCE and MS Azure and all the other big players, it makes life super easy! So off you toddle to the G-cloud site and peruse the options.
Your heart sinks. Stunningly overpriced, limited configuration options, barely a handful only-kind-of-certified-to-IL3-and-only-if-you-pay-a-premium, only three nines guaranteed uptime, hours or even days long response times for spinning up new machines, crap options for multiple datacentres, no options for reserving instances, no spot pricing, shoddy APIs, wonky OpenStack implementations, one-man-and-his-dog support outfits. The list goes on.
So the requirement in practice has been relaxed a bit so that if you're running on "commodity hardware" without getting locked into a proprietary data model and have a clear exit strategy for when the g-cloud stops being terrible, you're allowed to go to Fujitsu or Dell or whoever and just buy your usual kit.
If the CO want to nail that SME+Cloud wonderland they need to go to the big boys, to Amazon and MS and Google and get a UK-based, IL3 certified cloud service in place that you can provision with a single click. That's the vision of G-cloud and those are the only guys with the nouse and capacity to provide it how it should be done. End of story.
Of course, things aren't so great for the big SIs either. They're being forced to contract in SMEs to replace their own staff (usually at hideous day-rates, passed on to the taxpayer), thus throwing away their advantage of being already certified in every area, and being forced to move away from their usual infra partners, again throwing away scale and certification advantages, with the cost inevitably passed to the taxpayer. The CO needs to recognise that some contracts are just too damned big for SMEs and one-size-fits-all purchas contracts. You can't expect an SME to come in and rationalise the two hundred and something operational systems in a department like HMRC or DWP, and forcing the SIs with the capacity to do that to work with SMEs and shitty little tuppence "cloud" houses like Skyscape just to satisfy a CO editct is just going to cause everyone grief.
"Don't MI6 or GCHQ have the expertise to run a government cloud?"
Good lord no, I wouldn't trust them about as far as I could throw their respective buildings. Even if they did have the requisite expertise (and they don't, they buy in from contractors like everyone else), their organisations are entirely geared around IL6+ operations. Everything Top Secret, everyone DV, nothing outside the bubble. Running operations in the IL3-5 range (i.e. almost everything government does except intelligence) through those IL6 operators would inflate costs a tremendous amount, and split their focus away from the jobs they're actually paid to do.
The only government agency even remotely positioned in this sector is CESG, and their role is advice and certification, not operation. In theory the government could establish an in-house Government Cloud Service of some description, selling capacity internally to whatever department needs it, but what would be the point? Others have already done the job better, they just need to go through the extremely lengthy certification process so they can expose their services to buyers. All the major suppliers are some way through the process, with Google in an alpha/preview stage, MS at IL2 and AWS finally getting involved at the end of last month.
The problem isn't, has never been, one of supplier interest or capacity, or even of customer interest, it's getting the information assurance frameworks in place to allow one to deposit sixty million taxpayers' information on these black-box systems. There are 13,000 services available on the G-cloud portal, give or take, but government spent an inconsequential total of £10,000,000 on there last month. Why? Because of those 13,000 services, only a tiny handful (a total of 4 in the compute-as-a-service section, for example) are certified to IL3, and for production systems working in the space occupied by the major SIs you really need IL5.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
