Can cloud save the NHS?
Public sector looks for gentler cuts
As the scope of cuts to the UK public sector becomes clearer, the holy grail becomes finding places where money can be saved with no impact on frontline services.
No one wants fewer hospital beds, cuts to school meals or mothballed paramedic crews if we can make do with fewer email servers and fat terminals.
The Society of IT Managers (Socitm) earlier this year published a four-page report recommending that public-sector organisations look to the cloud to help them do just that.
Martin Ferguson, head of policy at Socitm, argues that widespread uptake of the technology will save money and reduce dependency on scarce technical resources, as well as encouraging interoperability and open standards from software providers.
The government already owns a lot of kit. According to the Socitm report, the inventory includes some 200,000 servers running at about 10 per cent of capacity.
So should we just link them all up into a giant data centre and run services from there?
“We do not believe this would be wise. Our experience is that 'pan-local' provisioning of IT services achieves a more competitive response from the market and one that addresses more closely the public service outcomes and business needs of public services,” Ferguson says.
He notes that the cloud market is still immature. “Greatest maturity exists for infrastructure and for office productivity tools such as email, collaboration and so on. So we would expect to see a shift towards shared infrastructure, data centres, and generic office systems,” he says.
Another concern, of course, is that a lot of government IT is already outsourced. Would it be possible for a department or a local authority to consumer cloud, even if it wanted to?
According to Ian Osborne, project director at the IT professional association Intellect, it is in everybody’s interest to move forward with cloud.
Loads of money
Osborne: Five-year problem
“This is a five-year problem. It won’t be solved fast – government just doesn’t move like that,” he says.
“But even with the cuts, the IT budget is in the region of £13bn annually. That is a lot of money to spend.”
The implication is that the government is such a big client that suppliers will want to accommodate procurement requests if at all possible. But the client has to understand the technology to know what to ask for.
In some cases, introducing cloud would have to wait until the right point in the upgrade or contractual lifecycle. In others, it could be brought in for new or standalone projects.
“The shift towards cloud can begin within these contracts by shifting priorities. Examples might include introducing new services using cloud-based methodologies, or consolidating infrastructures to provide a cloud-based service within departments or across government to exploit surplus capacity,” Osborne says.
Adrian Steel, head of infrastructure management at Royal Mail, says that investing in cloud technologies has saved the organisation money and made it possible to upgrade kit despite vast uncertainty about the future.
“We knew our user base was likely to change. There was talk of a partial sell-off of the post office. To upgrade on the traditional licensing model, for 30,000 PCs, would be hard. So we took a leap of faith and decided to go with a pay-as-you-go model in the cloud,” he says.
The benefits have included much simpler desktop upgrades. “If you are trying to move 30,000 PCs to a new system, you’re looking at maybe 400,000 documents. Five to 10 per cent of those won’t be compatible with the new software,” Steel says.
“With virtual PCs you don’t have to roll out a new PC to 2,800 offices for testing. You test apps and documents in minutes and any flaws can be fixed overnight.”
In Lewisham, Nigel Tyrell, the local council’s head of environment, has developed a cloud-based tool for reporting graffiti and other environmental issues.
The system runs on Microsoft’s Azure cloud platform. The idea is that when people see graffiti or anything else they want to report, they take a picture of it on their smart phone and submit the picture to the LoveCleanStreets website.
“It is easier and cheaper to scale up than it would be if we tried to do it internally,” Tyrell says.
The scheme has been so successful that it is being extended across London, in exactly the kind of "pan-local" project Ferguson backs.
The project has also highlighted another benefit of cloud-based projects. “We were moving the servers to a new site and the LoveCleanStreets project was the only council service available online for four days,” Tyrell says.
Amid the optimism, Socitm also sounds a note of caution: the public sector must be especially careful about data regulations.
“IT professionals need to press for information governance and assurance to be managed strategically,” Ferguson says.
IT managers will need to take data management very seriously
The government must also be pressured to maintain data protection law and guidance in line with emerging trends.
“For example, if the public become custodians of their own data, consent for its re-use by public and other authorities radically changes the roles and responsibilities for data protection,” he says.
Tyrell says data regulations have been discussed. “When we set this up, the IT guys were worried about the data being submitted to the system on devices that were not CoCo compliant. In this case, the data isn’t being processed internally so it doesn’t apply,” he explains.
While Lewisham’s concerns have been resolved, IT managers will need to take data management very seriously, particularly the issue of where data is likely to be held, according to the Socitm report.
Although a safe harbour agreement is supposed to harmonise EU and US data protections laws, it has never been tested in court, and the USA PATRIOT Act gives the government access to all data held on US soil.
Until a test case has come to court, whenever that might be, keeping data in the EU might be the safest option.
Ferguson concludes: “The issues are not black and white, as in 'cloud is insecure', 'people can’t use their own devices', 'data offshore is inherently risky'. It is important to strike a balance between cost, flexibility and security of information, and IT.” ®
I do not want my medical records on the cloud
And anyone who does is an idiot imho.
My NHS IT plan...
Here is my proposal for the NHS IT infrastructure, it is probably poorly informed and politically impossible, but that has never stopped anyone writing before...
This article, and the others about the NHS recently, got me to I thinking that the NHS should follow the example of nebula.nasa.gov, they are building a cloud infrastructure specifically for NASA and it's dependencies. Then NHS departments could just bid for server time and pay appropriately.
The NHS could replace their local server facilities by buying five ISO container data centres (North, South, Scotland, Wales and NI) which could load balance between each other over a 10 GB/sec backbone provided by C&W or Level3 (or anyone other than BT). Modest staffing at each site could be backup support the other sites and provide remote management capabilities in the event of staffing issues. The containers can easily be supplied with generator power from the hospitals existing solutions and also have their own UPS battery backup on-board just in case. They can also have their on-line UPS batteries maintained by local renewable energy sources (such as solar, CHEP, wind, etc) and thus reducing the demand on the grid.
Combine these core server farms and backbone with a leased PWAN network between large sites (like hospitals), which is often not as expensive as it sounds if you know how to negotiate, you would have a fast and powerful network which was cost effective due to central purchasing. Local offices like doctors surgeries can survive with ADSL2+, or EFM for larger sites, into a PWAN linked to the fibre WAN. The PWAN could be sub-divided into divisional trust regions but still linked to the same core backbone with it's VLANs, preserving regional independence but taking advantage of central purchasing.
Use something like MokaFive Baremetal to deal with desktop locations instead of traditional Desktop Virt. That would help the security and support issues because you can remotely lock and retire any asset or you can rebuild a broken computer quickly and automatically. Local IT staff can the be delegated to look after a much smaller asset base with no servers to worry about, just desktop hardware assets and telecoms kit. Traditional Desktop Virt would be a risk if links were lost, but if computers had a local copy of their image they could be managed remotely with reduced risk. Distribute support between the core sites and balance the peaks/troughs between the sites. For example NI has higher unemployment and has a great many people who could do this job but by distributing the support between centres you reduce the need to centralise costs and can make use of existing office facilities without building new specific infrastructure.
Fail-over and disaster recovery would be de-centralised in this design, costs would be reduced and energy costs would be reduced. Reduced energy footprint at remote sites would improve the environmental consideration. Cooling could be managed because load-shedding could be used (google style) or in the event that cooling failed in one container it wouldn't be an issue because the other regions could cover the load. Security could be managed through a distributed core database which was related to HR databases, thus if someone was suspended their privileges could be revoked quickly. A national VLAN structure would allow regional control to be maintained and sites could have a powerful multi-core network appliance attached to their VLAN switch which would provide flexible firewall and VPN functions that provides further security protection on a local basis. Internet and government intranet peering can be achieved and managed through multiple DMZ VLANs.
Oh, and they shouldn't commission anything custom, they should buy it as COTS (commercial off the shelf) because the NHS has a history of wasting money on huge IT projects. I would view this as a radical but it need not be a 'millennial' project. Sites could even migrate slowly rather than all together at once. Some would be tempted to build fancy new offices and server rooms for such a project, but I wouldn't; I would suggest just utilising existing facilities assets as much as possible. The server assets could be retired organically as they are migrated to a virtualised infrastructure. The whole thing can sit on-top of the existing infrastructure until eventually everything is migrated.
Trusts would be encouraged to use these centralised facilities through the cost savings of centralised purchasing and yet they would retain their own independence by being able to manage their own virtualised assets rather than handing power to some over-lording authority. Local connectivity decisions can be made to suit the local needs rather than being imposed from the top because a centrally supported PWAN infrastructure could connect to any type of connectivity, but it would be for the PCT or managers to judge if deviating from standard wholesale communications infrastructure was justified.
Build it big, build it cheap, keep it flexible and give it scale...
I'll get me coat, it's the white one.
Yes - what a great idea NOT!
Everything's going great until a fault develops and ALL the NHS functionality goes tits up. Great idea hmmm.
The cloud is a myth and its services are vaporware if an emergency develops at the central server point. Don't put all the eggs in the cloud basket.