Business Cloud News
Groucutt: 'Local government lacks the resource to keep up with constant changes to G-Cloud'

Groucutt: ‘Local government lacks the resource to keep up with constant changes to G-Cloud’

The lack of guidance and clarity surrounding the new G-Cloud Security Approach and the recently changed Government Security Classifications will likely further hinder adoption of cloud services in the UK public sector, according to Databarracks, a G-Cloud supplier.

In April this year the government announced changes to the Government Security Classification scheme, doing away with the ‘Impact Level’ system in favour of a simplified three tier system (‘Official’, ‘Secret’ and ‘Top Secret’). The government also introduced new cloud-specific security principles for those buying and selling cloud services through the Digital Marketplace.

Under the new regime suppliers must requalify by asserting how they meet the security principles, which they can do by selecting a predefined answer for a range of questions that determine how the principles are met. They are then required to provide evidence and documentation to support their assertion, and continuously update the assertion statements in the Digital Marketplace to ensure buyers have the latest information.

Earlier this week it was announced that suppliers seeking to join G-Cloud would not be able to apply for the Pan Government Accreditation (PGA) from the end of July. PGA certifies IT suppliers to handle data up to certain levels of sensitivity under the old impact level (IL) classification scheme, without the need to recertify for each organisation they work with.

But the government hasn’t yet announced any initiatives aimed at ensuring some continuity between the old and new digital security regime, and the need to re-certify will likely cause more overhead for some smaller suppliers – and more confusion for buyers.

“The concern we have as a G-Cloud supplier is that in light of the continuing uncertainty, local authorities will opt for what they perceive to be the safe option by continuing to procure expensive, inflexible IT solutions from their existing large suppliers,” said Peter Groucutt, managing director of Databarracks.

Groucutt explained that the constant introduction of changes to the G-Cloud programme is causing headaches for buyers of cloud services, and making it more confusing for the public sector to when it comes to procuring cloud services.

“Local government departments can’t be blamed for failing to keep up with G-Cloud,” Groucutt said. “We’ve gone from it being controlled by the Government Procurement Service (now the Crown Commercial Service) to the Government Digital Service (GDS), and now we’re swapping the CloudStore for the Digital Marketplace – not to mention the changes to the security classifications.”

“In order to drive greater adoption amongst local government departments we need to have some stability and continuity of the programme. We have often called for greater efforts for educating G-Cloud buyers, but I can imagine that when buyers are presented with this constantly changing framework the feeling is that it is better to wait until the programme has settled and stabilised.”

Groucutt’s claims may resonate with many that have followed the G-Cloud programme since its inception several years ago. While it has certainly enjoyed some successes within central government, uptake is lacking across the wider public sector. According to recently published research less than 1 per cent of local councils procured any IT services through G-Cloud. Part of that, Groucutt said, is down to education.

“While central government has the resources to adapt to these changes, local authorities do not and as a result it has painted an unfair image that they are unwilling to embrace cloud services.”

  • Nicky Stewart July 28, 2014 at 10:57 am

    As an SME which has successfully delivered public sector ICT under all the G-Cloud Frameworks to date, Skyscape Cloud Services takes a balanced view on the recent changes to the Government Security Classification Policy and the way in which G-Cloud services are to be accredited. Whilst it is right that data-owing organisations need to become more diligent and take greater responsibility for where they choose to outsource their valuable information, additional guidance is required to ensure that procurement activities can be undertaken thoroughly. From G6, this will require organisations to fully assess the characteristics of a potential supplier’s services, validating the responses they received to ensure that security risks will be properly managed. We believe that additional guidance will be made available in the coming weeks. In the meantime Skyscape Cloud Services has published a White Paper which explains the changes – this is available from our website.

  • Post a comment

    Threaded commenting powered by interconnect/it code.