Local Government: Pushing Ahead With Cloud Despite Security Bogie?

May 01, 2015

Cloud computing is already in use or is being piloted in the vast majority of local public service provider organisations responding in survey published by Socitm, the association for IT professionals.

Its new IT Trends Survey: Cloud computing services (only freely available for Socitm members) reports on the results of a ‘deep dive’ into the state of cloud computing procurement and adoption in the Socitm community carried out in last November, when 103 organisations responded to the survey invitation, mostly local authorities but including other local public services and voluntary sector organisations.

The survey found that 90% of respondents have at least a ‘toe in the water’ when it comes to cloud services, says the group, with 66% reporting they have some applications in the cloud and are investigating others and 21% that they are at the earlier stages of investigating or doing a pilot.

Some 4% have considered and rejected cloud and 4% report they are already highly invested users of cloud services. (Socitm does caution that these figures may reflect some self-selection by those choosing to complete the survey.)

Factors cited by respondents as inhibiting take up include a significant underlying concern about the security of, and accountability for, the data and information held in/passing through cloud-based systems. Some 70% cited data protection regulations as having an inhibiting effect on take-up and nearly half said there are applications or IT services for which they would not use a cloud services provider.

Perceived benefits of cloud adoption vary according to the degree to which organisations have invested in it. The most important benefits claimed by the small numbers of the highly invested are greater scalability and business continuity/disaster recovery capabilities. These are complemented by greater computing flexibility and capacity and anticipated cost savings. Those less invested place value on anticipated cost savings and facilitation of modernised of business processes. Those just piloting cite a broader range of benefits. In short the more committed value a narrower range of benefits, but value those benefits relatively more highly, than those who are at an earlier stage of adoption.

These included anything involving person-related data, mission-critical/emergency services and control systems or systems that were highly integrated with other complex systems not in the cloud. Secure email and linkages to public sector networks were also specifically cited as excluded matters, as were ERP and other core corporate systems.
Procurement is less of an issue, with 60% saying there is no inhibition from the current procurement environment.

However, of those who have procured, existing arrangements are being used with fewer using the G-cloud/Cloudstore (now the Digital Marketplace) or signing up to pay-as-you-go agreements.

The analysis acknowledges that the take up reported in its findings does seem to contradict widely-reported on-going issues with the delivery mechanism; in a separate Socitm round table held recently on G-Cloud procurement, for example, members expressed fears over process and challenge, while ICT managers are reasonably comfortable with the frameworks, legal and procurement teams are wary, with disbelief persisting in some quarters that the process is legal.

Risks Vs Benefits?

Commenting on the survey findings, Socitm head of Research Andy Hopkirk said, "Service providers have work to do in convincing many Socitm members that their personal and corporate business risks are not increased by using cloud services to an extent that outweighs the benefits."

Meanwhile Steve Shakespeare, Managing Director of Civica Services, a vendor that supported publication of the survey added, "There is an education piece needed on the different types of cloud options and what that means in terms of the benefits and acceptable risks. We understand the need to be cautious with data, and while public cloud providers may not always be the best place for this, a secure managed private cloud can work well.

"Authorities need to work in partnership with their cloud provider to look at how to deliver the right applications in the right environment for them."