Security_eBook_blog_Banner
News / Cloud /

Her Majesty’s Secret Service trusts cloud — do you?

MI6, the U.K.’s spy agency, is using cloud services from private-sector suppliers, thanks to G-Cloud — the British government’s cloud strategy. The U.S. government has also launched a Cloud First strategy. So what are we doing here in Canada? Not enough.


Cloud security

The biggest stumbling block to cloud adoption has always come down to one thing: security.

For all those holdouts still sweating over the security of the cloud, let me introduce you to someone. His name is Bond … James Bond.

As noted by Frank Konkel in a Nextgov blog post, MI6 — fictional employer of 007 and real-life spy agency of the United Kingdom — is just one of several British government departments procuring cloud services from private-sector suppliers.

MI6 and other public U.K. agencies are doing so thanks to G-Cloud, the British government’s cloud strategy. Introduced in 2011, G-Cloud allows cloud vendors who meet certain security and technical criteria to be added to a list of pre-approved suppliers.

Once vendors get this accreditation, they can bid for government cloud contracts via the Digital Marketplace. The online service was set up as a faster, easier alternative to the old procurement system that required a lengthy approval process for each individual vendor and contract.

As Konkel rightfully asks in his blog, if MI6 has found a secure, efficient way to use cloud services, why aren’t other government bodies around the world doing the same thing?

In fact, some of them are. Shortly after Britain launched G-Cloud, the U.S. government adopted Cloud First. In a bid to cut red tape and government spending, Cloud First requires many U.S. federal agencies to evaluate cloud-based options before making any new IT purchases. As in the U.K., cloud vendors can be pre-approved to bid for government contracts if they meet criteria under Washington’s Federal Risk and Authorization Management Program (FedRAMP).

So what are we doing here in Canada? At the moment, not much.

Ottawa did get the proverbial ball rolling, requesting submissions from the IT industry and other stakeholders so it could gather ideas about how to approach a cloud policy before actually crafting one. But the deadline for that consultation process came and went in January 2015. More than a year later, crickets are all that’s been heard.

Why is Canada still without a government cloud strategy five years after the U.K. and U.S. unveiled theirs?

As Karna Gupta told me in an interview, there are three main reasons. Gupta is president and CEO of the Information Technology Association of Canada, one of the stakeholders that took part in Ottawa’s consultation process last year.

“First of all, we’ve been a slower adopter of technology, historically as a nation, compared to some of the other countries,” Gupta said. “The second reason is there have been structural changes in government with Shared Services (Canada) that also slowed things down.”

Thirdly, since a new Liberal government came to power last fall, “we have to give them probably two or three months to recalibrate where they’re at on policy issues,” he added.

Whatever is causing the delay, let’s look at what Canada might be missing out on in the meantime.

According to an independent report released earlier this month, G-Cloud has saved the U.K. government 20 to 50 per cent on procurement costs compared with legacy IT contracts. It’s also leveled the playing field for SME vendors, who have been awarded about 60 per cent of all G-Cloud contracts so far. In the U.S., Cloud First saved federal agencies about US$3.6 billion in IT costs between 2011 and 2014, according to Washington’s Government Accountability Office.

Taking a thorough, thoughtful approach is one thing. But it seems Canada is falling behind on government cloud strategy. If we don’t get back on track, it might be too late for 007 (or one of his top associates) to parachute down from a real cloud and save us.

Image by Mark Glucki

SIP eBook 2014 expertIP bottom banner update
Comments are closed.