Is it all over for UK.gov's G-Cloud 3.0? A footnote in history awaits

At least you tried

Top three mobile application threats

The clock is ticking on G-Cloud, the UK government's IT shopping catalogue for the public sector. A year in, those running the programme are already dreaming of life after the project and admit significant cultural hurdles stand in the way of their success.

G-Cloud is the Cabinet Office’s plan to make government IT more modular and cheaper; the publication of the Government’s cloud computing strategy in October 2011 signified the birth of the project.

Denise McDonagh, the Home Office director of IT who oversees Whitehall's digital shopping centre, wants G-Cloud to be so successful that it becomes an ordinary part of daily life in the corridors of power. The aim of the project is to encourage IT departments to buy tech gear and services from a range of approved companies, potentially simplifying purchases and ensuring everyone gets a better deal.

“My challenge is to make sure what I do in running the [G-Cloud] framework, updating the store etc is embedded in the organisations that will run that,” McDonagh told the Business Cloud Summit in London last week in response to questioning by The Reg.

“We have to make propagation sustainable, we have to have champions, communities of interest, places where barriers that come up can be articulated and addressed so programs will continue.”

McDonagh has been running G-Cloud since Chris Chant retired in April. Plain-speaking Chant encouraged civil servants to change their ways and refuse to accept "s**t" IT for public-funded projects. Listening to McDonagh, it's seem as though little has changed in the public sector during 2012.

Ignorance, confusion and misinformation about G-Cloud are rife in the lower levels of the civil service, who believe that relying on a G-Cloud supplier is illegal and against policy and data protection rules policed by the Information Commissioner.

“G-Cloud is legal,” she told the civil servants at the event. “I'd ask they naysayers to talk to us so we can show how we’ve done it and show there's no legal reason at all we can't buy though G-Cloud.

“This is a government procurement service run by Bill Crothers – the government’s chief procurement officer.”

Nothing ever moves quickly in the world of Britain's civil service

To become engrained in the fabric of government McDonagh says she needs more ambitious thinking from civil servants at the CIO and CTO level, who she wants to turn into brand ambassadors and case studies for others to follow.

She pointed to the need to offload elements of IT work, such as supporting PC users and providing email, that are duplicated needlessly across departments, wasting money and IT technicians' time.

Version two of the G-Cloud website and purchasing agreements went live in October, and McDonagh reckons it's already a success – at least as far as the private-sector sellers are concerned. There are 462 suppliers offering 2,814 services and products. Three-quarters of the suppliers are also small or medium-sized businesses; another goal has been to break government IT out of the headlock held by the likes of IBM, Microsoft and Capgemini. Bringing in SMBs could lower costs and improve the supply chain's response to the needs of Britain's Sir Humphreys.

But signing up tech vendors is only part of the story and there are challenges in G-Cloud.

Getting permission to sell gear to civil servants is proving to be a bureaucratic nightmare. In a masterstroke of Whitehall wizardry, a supplier can be listed in the G-Cloud catalogue, but that doesn’t mean its products are actually authorised for use across all or any departments. Gaining the necessary security accreditation to deploy systems in sensitive areas of government has hit a massive bottleneck; companies can end up waiting nine months for approval by the Pan Government Accreditation Service.

Will all the bugs be ironed out for version three?

McDonagh attributed some of delays to new suppliers that had not anticipated the red-tape associated with accreditation. Meanwhile, bosses at smaller tech outfits told The Reg that despite jumping through hoops to register for G-Cloud, they had not made a single sale nor had a single enquiry. The Cabinet Office claimed that three-quarters of contracts on public sector IT services through G-Cloud had gone to SMBs.

McDonagh hopes to start work on G-Cloud version three before the end of the month. A review of the current version of the supply framework is underway, and she said: “I’m hoping that will be rubber stamped and let me start the process [of G-Cloud 3] by the end of the year.”

She said there needs to be “better clarity” from the government, which must explain G-Cloud more plainly to IT purchasers. Buying and invoicing could be made easier, too. She didn’t raise the prospect of changes to the supply process, including the rules on accreditation, when speaking to The Reg after the event.

Opening her presentation at the Business Cloud Summit, McDonagh noted she’d worked in various big government departments during her career and endured different types of IT delivery, from market testing to outsourcing. “I’m fully au fait with the delivery models we've had which is why I'm so passionate about making the change because the delivery models we've had are not working,” she said.

It’s not yet clear who in government will run the G-Cloud shopping catalogue after the cloud computing strategy officially ends in two years. Who will update the shelves? McDonagh hopes the website will become part of Whitehall's IT DNA, which suggests it will fall to the procurement services department. It is not clear who will run the project after the end of its three-year lifetime.

The threat, though, is that without a figurehead, the programme will become yet another purchasing framework among many others in government. G-Cloud was supposed to dilute the influence of the likes of Microsoft and IBM, but they risk but growing unchecked. The next two years will depend on whether someone is appointed to specifically lead the process and keep it as a distinct service. ®

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.