Author's note: many thanks to Henry Bell, Contino Technical Principal, with whom I co-wrote this blog!
I’ve spent the last few years working on projects across a number of public sector organizations and have seen many of them hamstrung by legacy vendor relationships, typically with the large outsourcers. As a recent computing.co.uk article has it: “[w]ith Capgemini and Accenture again signed in to long-term deals at HMRC, the tax collector can now celebrate 22 years of outsourced IT failure”.
Due to long (read: costly) procurement processes, an inability to hire enabled staff, and low risk appetites, it no doubt made sense at the time to outsource technical responsibility to third parties, and stick with them over the years. But as the technological landscape has shifted, so have requirements - for infrastructure automation, configuration management, frequent software deployments and DevOps-style team structures - and these legacy vendors are simply no longer suitable. They
As a result of legacy relationships, public sector teams can be distanced from their own platforms, unable to leverage the benefits of owning their own capabilities, such as swift server provisioning and frequent application deployments. Instead, they’re forced to shell out whatever price their third party demands for routine changes to their platform: “You want to change your VPN configuration? Oooh, that’ll be £15k, thanks.”
You want to change your VPN configuration? Oooh, that’ll be £15k, thanks.”
A public sector department that is locked into an expensive contract with an outdated vendor that is delivering in accordance with outdated delivery models represents incredibly poor value for money for the taxpayer, and can severely impact the effectiveness of the good work done in government by limiting how that value reaches the consumer.
The taxpayer is essentially subsidising large consultancies for the privilege of keeping their government departments stuck in inefficient modes of working. I’ve seen forward-thinking teams within the government then have to innovate around the dominant vendor, annexing tiny portions of their territory in an attempt to get things done quicker.
But migrating to the cloud - besides the obvious up-front benefits of improved visibility, agility and scalability - is an opportunity to leave behind outdated, sour, or potentially toxic vendor relations and to ‘bring back home’ some core technological competencies that historically may have been outsourced or managed by third parties.
Undertaking a digital transformation programme brings with it the opportunity to bring some of these capabilities back in-house and transform the way that services are delivered: pick a low-risk application or service and put together a cross-functional team that can leverage the power of ubiquitous APIs: think automated infrastructure provisioning, developer enablement, rapid software prototyping and iteration, and build/test/deploy automation. Begin to seed this knowledge throughout the organization and change is already underway.
Using this kind of transformational approach can be a catalyst for the organizational changes that must necessarily accompany technical ones, including which third parties you engage with and why. While of course there may be contractual lock-in, sometimes revisiting a relationship from a new standpoint can bring about discussion that is mutually beneficial and results in a more focused and productive service.
While there may initially be an internal skills gap, an upfront upskilling program can mean that time-to-value is reduced. As well as this, some early assistance with common patterns and best-practices tends to help organizations avoid common pitfalls when working with cloud platforms and modern software delivery practices for the first time.
The principal drivers of cloud adoption - increased organizational agility and simultaneous potential cost savings - are incredibly compelling. Despite this, as well as the government’s Cloud First policy, security concerns still linger.
However, with appropriate governance and controls in place, and assurance that cloud adoption does not necessarily imply a “wild west” security model, public sector organizations are increasingly empowered to shed legacy technologies and practices, and move towards more modern ideals, assured by appropriate compliance controls. Controls intrinsic to cloud platforms can, when correctly configured, provide deep and valuable visibility -- building on this with in-platform software solutions allows organizations to improve rather than reduce their workload and security visibility.
Over the last two years we’ve seen the traditionally risk-averse financial services industry embrace public cloud, with this happening slowly at first but now gaining huge momentum. Parallel to this, the public sector has also been waking up to these potential wins, and we’re now seeing significant pace in this market sector as well.
The government must take the opportunity to maximise the value of the cloud by using it as a springboard to new ways of working internally as well as new ways of working externally, as they increasingly look for transformation partners that are able to impart the skills and mindsets to allow government departments to own their own capability, rather than relying on an old guard that can only ever provide more of the same.