After a tendering process started in late 2011, the UK Cabinet Office selected over 250 vendors providing about 1700 services that government agencies can choose from in order to meet their cloud needs. Yesterday it opened its cloud store.
The store, which admittedly in its early stages, allows to browse services by type (IaaS, PaaS, SaaS, specialist cloud services) and deployment model (private, public, hybrid), as well as by vendor name and service description.
This looks like an impressive and comprehensive list of services. Hoverer the site offers a number of caveats though.
The first and probably most important one is about assurance and accreditation.
We’re still in the early stages of this work and have hundreds of products to assure, so most of the products you’ll see in the pilot CloudStore have not yet been assured.
The next stage will be to accredit some of the products in line with CESG guidance on information assurance. This means that once products have been accredited, Government buyers will be able to use them straight off the shelf without having to go through the accreditation process again. There will be products available up to IL3.
In fact I have tried to browse quite a few services and in all cases a purple ribbon at the top of the page warns you that “the service is waiting to be assured”. It appears that they are pretty much where the US government was when they first opened apps.gov, although in that case only public services were available.
The selection is quite impressive, and there is a fair amount of small players alongside the usual, large service providers. Search capabilities are moderately effective but information about suppliers is reasonably consistent to at least get to know who are the players.
The best thing is that government agencies can buy services straight from those vendors without issuing a European call for tender, which implies significant time savings.
On the downside, besides the time taken by the accreditation process, a fundamental question remains about the readiness of both prospective users of cloud services and their suppliers to really meet the objective of “moving away from custom built and hosted IT to cloud based services bought as commodities on short term contracts” as the cloudstore itself states.This is certainly not unique to the UK public sector and delves into the relative immaturity of standardization activities around cloud. However the whole idea that shifting between suppliers of a commodity service across a number of short-term contracts may take some time to materialize. Also, it is not entirely clear how agencies can assess the risk that those suppliers pose in term of long-term viability of their offering.
The Cloud Store is a great first step toward what Gartner calls a storefront in its research, (see Five Roles for Government in Cloud Computing – login required) but there is still quite some way to go before agencies can move safely into the cloud territory.