Andrea DiMaio

A member of the Gartner Blog Network

Andrea Di Maio
Managing VP
15 years at Gartner
28 years IT industry

Andrea Di Maio is a managing vice president for public sector in Gartner Research, covering government and education. His personal research focus is on digital government strategies strategies, Web 2.0, open government, cloud computing, the business value of IT, smart cities, and the impact of technology on the future of government Read Full Bio

Coverage Areas:

Here Comes the UK G-Cloud Store: Good First Step but Not Enough

by Andrea Di Maio  |  February 21, 2012  |  7 Comments

After a tendering process started in late 2011, the UK Cabinet Office selected over 250 vendors providing about 1700 services that government agencies can choose from in order to meet their cloud needs. Yesterday it opened its cloud store.

The store, which admittedly in its early stages, allows to browse services by type (IaaS, PaaS, SaaS, specialist cloud services) and deployment model (private, public, hybrid), as well as by vendor name and service description.

This looks like an impressive and comprehensive list of services. Hoverer the site offers a number of caveats though.

The first and probably most important one is about assurance and accreditation.

We’re still in the early stages of this work and have hundreds of products to assure, so most of the products you’ll see in the pilot CloudStore have not yet been assured.

The next stage will be to accredit some of the products in line with CESG guidance on information assurance. This means that once products have been accredited, Government buyers will be able to use them straight off the shelf without having to go through the accreditation process again. There will be products available up to IL3.

In fact I have tried to browse quite a few services and in all cases a purple ribbon at the top of the page warns you that “the service is waiting to be assured”. It appears that they are pretty much where the US government was when they first opened apps.gov, although in that case only public services were available.

The selection is quite impressive, and there is a fair amount of small players alongside the usual, large service providers. Search capabilities are moderately effective but information about suppliers is reasonably consistent to at least get to know who are the players.

The best thing is that government agencies can buy services straight from those vendors without issuing a European call for tender, which implies significant time savings.

On the downside, besides the time taken by the accreditation process, a fundamental question remains about the readiness of both prospective users of cloud services and their suppliers to really meet the objective of “moving away from custom built and hosted IT to cloud based services bought as commodities on short term contracts” as the cloudstore itself states.This is certainly not unique to the UK public sector and delves into the relative immaturity of standardization activities around cloud. However the whole idea that shifting between suppliers of a commodity service across a number of short-term contracts may take some time to materialize. Also, it is not entirely clear how agencies can assess the risk that those suppliers pose in term of long-term viability of their offering.

The Cloud Store is a great first step toward what Gartner calls a storefront in its research, (see Five Roles for Government in Cloud Computing – login required)  but there is still quite some way to go before agencies can move safely into the cloud territory.

7 Comments »

Category: cloud     Tags: ,

7 responses so far ↓

  • 1 Chris Chant   February 23, 2012 at 8:01 am

    Accreditation a downside? We have to accredit all services now and rightly. Cloudstore services will be accredited “pan government” which will enable reuse and avoid massive duplication for suppliers and the public sector today.

  • 2 Andrea Di Maio   February 23, 2012 at 8:05 am

    Chris, thanks for your comment. What I meant was the current uncertainty about the timing for accreditation, as there is no schedule available yet that I am aware of. Of course my assessment is partially skewed by how long it is taking the US federal government to establish a more centralized and sustainable C&A process for their store (with many fewer services) and, although I know that their FISMA has peculiarities that are not reflected in the UK, I believe it is an important lesson.

  • 3 Chris Chant   February 23, 2012 at 8:18 am

    Services will be accredited as they are taken up as with every other service used in public sector that requires accreditation. The difference with Cloudstore products is as I said above and this will save time and money for everyone.

  • 4 Andrea Di Maio   February 23, 2012 at 8:21 am

    Thanks Chris. Does this mean that the accreditation would be performed by the organization that buys the service first, or would the G-cloud team be responsible for that? I believe this is quite an important distinction.

  • 5 Are Government CIOs Becoming Too Complacent?   March 6, 2012 at 4:52 am

    [...] with government security regulations, also as a consequence of initiatives like the government cloud store, will give the business an easier way to buy technology services independent of their IT [...]

  • 6 Why Government IT Consolidation May Be Doomed   March 9, 2012 at 7:41 am

    [...] procurement vehicles that are meant help whoever is willing to use cloud. apps.gov, the UK CloudStore, the NZ panel contract for IaaS, and more to come give you as the CIO a lot of choice about how to [...]

  • 7 Why Government IT Consolidation May Be Doomed   March 9, 2012 at 7:41 am

    [...] procurement vehicles that are meant help whoever is willing to use cloud. apps.gov, the UK CloudStore, the NZ panel contract for IaaS, and more to come give you as the CIO a lot of choice about how to [...]