For a public service lauded for recently saving the public sector £200m in little over two years, G-Cloud gets a surprising amount of criticism.
The Government initiative was established in 2012 to save public sector money by letting SMBs bid on cloud IT contracts, and version five went live at the end of May, and has 1,132 suppliers.
That’s 10% more than the total listed in version four, and many times the couple of hundred the framework launched with.
However, in the last month we’ve seen (and written) headlines attacking G-Cloud for being of little interest to any public body outside of Whitehall, while critics claim it lacks both search functionality and transparency.
Meanwhile the framework’s users and suppliers are set for a shake-up with the advent of new security classifications from the Government, which will hand more responsibility to procurers to ensure their chosen supplier can secure their data adequately.
So how can we expect the service to change in future? And just how much is right and wrong with the public procurement initiative as it stands?
Too many cooks?
Chris Pennell, Ovum’s lead analyst for the public sector, believes the Cabinet Office has done well so far, citing the number of SMBs it’s managed to sign up as suppliers to the latest version.
"It’s now seen as the de facto catalogue to go to for commoditised services," he says. "That shows you just how effective the Cabinet Office has been at going out and convincing suppliers that this is the route to market for cloud-based services."
But others see the number of suppliers – and their 17,000 services – as a source of potential confusion.
The Cabinet Office sent version five live with the admission that some suppliers may offer duplicate services on G-Cloud 4 and 5 – "and buyers may want to compare them" to look for savings.
However, as one G-Cloud supplier, IT security firm Skyscape, points out, there is no mechanism by which buyers can easily compare services.
Head of compliance John Godwin tells CBR: "It would be good to see how the G-Cloud website itself could capture information from suppliers and make it available in a comparable format. A consumer could select three or four different suppliers of a similar service and see how they align against each other. That would be an important feature."
Meanwhile, Pennell believes the nature of many of the suppliers has warped the nature of G-Cloud from what was originally a commodity cloud procurement service to something more focused on providing skilled technicians.
Recent figures show the highest spend comes from specialist cloud services, hitting a monthly spend peak of £24m in March, compared to second-placed SaaS services hitting a high of just £4.4m.
These ‘specialist services’ are basically skilled developers, demand for whom has been fuelled by Government departments embarking on long projects without the necessary expertise.
"They’ve spent the better part of the last decade outsourcing everything, so they’re having to body shop in staff to help plug the gaps where they don’t have the skills," Pennell explains.
This has led to G-Cloud stepping into the territory of another initiative, Digital Services Framework, designed to provide tech-skilled staff.
Compared to the outlay on specialist services via G-Cloud, at the end of May Digital Services had seen just £2.3m spent on nine contracts.
Keeping it simple
To solve this issue, G-Cloud director Tony Singleton has announced plans to simplify the procurement process for both Digital Services and CloudStore, the framework to search G-Cloud suppliers, by replacing them with the Digital Marketplace in the autumn.
The Cabinet Office hopes this will also improve search functionality after one backup-as-a-service supplier, Databarracks, claimed buyers were turning to Google to find the services they wanted because of the way services are categorised on CloudStore.
Now Singleton’s team is reportedly working with suppliers to clarify product definitions and simplify the way companies’ services are categorised.
While a non-live version of Digital Marketplace is available for alpha testing, Ovum’s Pennell questions how easy it will be to improve search functionality when the marketplace goes live in September.
"How do you shape your search functions to know you’re getting the best result? How do you define a front end that allows people to make simple searches that still delivers the results? Those are all unanswered questions so far," he says.
"How they market it, how they promote it will be key going forward, because it’s not just the success of the marketplace, but the individual frameworks. But the brands of G-Cloud and the other frameworks will eventually disappear in this digital marketplace."
This prediction is rather inauspicious news at a time when the Government admits to the need to raise awareness of the specific benefits the G-Cloud offers the wider public sector.
Appealing to councils
While the total amount of money spent through the framework hit £191.5m at the end of May, 80% of that came from central Government, with local councils contributing just £11.4m.
Additionally, a recent Freedom of Information request from Bull Information Systems caused a splash when it revealed that 26 county councils have spent less than 1% of their collective £439m budget on services via G-Cloud.
Socitm, the body for local government IT professionals, hit back by claiming G-Cloud was built for central Government.
Head of policy Martin Ferguson tells CBR: "From a local government point of view, a lot of services on there are not realistic to help local government with what services it delivers."
He cites the length of contracts (up to two years) being too short for councils required to move vast swathes of data between ever-changing suppliers, as well as a lack of competition for services.
Meanwhile, Kent County Council said that while it’s spent £94,750 via G-Cloud, the framework lacks quality assurances and time savings the council is seeking.
Lead technical architect Glen Larkin tells CBR G-Cloud can help speed the procurement process, but only if you’re happy to replace finely tuned on-premise kit for standardised cloud architecture.
"It’s not that government avoids the cloud, it’s just that we haven’t been able to define what is the standard, what is the practice that we must undergo to get into the cloud," he says, before stating that councils would nevertheless like to use cloud to ditch the complexity of their legacy systems.
"Where councils have tried to centralise everything and tried to tightly integrate all these systems, you’ve got this hairball of all these databases," he explains.
"It’s the legal ramifications that the council’s always worried about. The requirements these days are very tough."
While a Cabinet Office spokesman says there are currently 92 councils using G-Cloud, he also accepts the need to better promote the initiative.
Pennell says the best way to do this is to promote the specific benefits for local councils.
Security headache
But with local government so worried about the legal ramifications of everything it does, a new security classification system for public data could give them a fresh headache – and another reason not to use G-Cloud.
The Government Security Classification Policy was introduced in April to label public information as Official, Secret or Top Secret, replacing the impact level (IL) system, which measures data security on a scale of one to six.
G-Cloud 5 still uses IL, but version six will rely on the new policy, which will put more responsibility on buyers of cloud services to ensure their chosen supplier can meet the required security standard for storing their data.
Skyscape’s Godwin admits this could be a problem for attracting more buyers to G-Cloud.
"There’s certainly potential for confusion but we’re embracing the new framework and trying to work out how to help the buyers make the best decisions," he says, but adds that it will put an end to suppliers downplaying their security requirements to use cheaper suppliers.
"The changes make a lot of sense. Making the organisation that owns the data more responsible for how it selects its hosting provider seems a very sensible step."
He says the Government must help buyers understand how the new classification works and what questions to ask of suppliers.
Fortunately, some of this is already happening. CESG, the information security arm of British spy agency GCHQ, has released cloud security guidance in the shape of 14 cloud security principles buyers can use when evaluating the security features of suppliers.
Also, the Cabinet Office will distribute security questionnaires among suppliers to determine what security accreditations they have.
All change
Just two years and five iterations into the life of G-Cloud, the Government’s cloud procurement service appears to be on the brink of change again. The framework has met with a lot of success as the Government aims to reach its target of spending 25% of IT expenditure with SMBs, but G-Cloud 6 will represent more than just a minor tinkering.
With new security classifications putting more of a regulatory burden on both buyers and suppliers, it will be a challenge for the Government to increase adoption among the wider public sector. But this issue could be tempered by revamps to search functionality and the procurement process that should make the service much easier to use.
Despite version six’s September release, G-Cloud’s future looks brighter than the usual rainclouds that greet the month. Hopefully we will see it blow swiftly on fresh winds rather than drift aimlessly along.
This article is published in CBR Digital magazine on iPad
Available here:
https://itunes.apple.com/us/app/computer-business-review-magazine/id836607376?mt=8
