How skunkworks and SME will shift gov't IT

The government published its latest IT strategy plan on Thursday, pledging to radically alter its procurement practices to help small businesses win more public-sector contracts. It also laid out plans for increasing the use of cloud computing, while reducing datacentre costs by 35 percent over five years.

Bill McCluggage, the government's deputy chief information officer, talked to ZDNet UK about the cost-cutting plans. He spoke about the role skunkworks projects will play, the government's views on cloud security and small businesses, and the likelihood of job cuts for IT professionals in the public sector.

Q: One of the government's aims is to make procurement easier for small businesses, and it says it wants to become a 'single intelligent procurer'. What does this mean?
A: If you look at IT procurement, we have broken up actions into specific requirements. We have introduced a Crown Commercial process; the Cabinet Office introduced a Crown Commercial Representative in February, the first in the SME [small to medium-enterprise] space, which is one individual focal point for procurement for small businesses.

The first bit of the puzzle is how to commoditise action down into a central activity. That's where Buying Solutions and [the Efficiency and Reform Group] are working quite heavily. Procurement will either be driven through systems integrators or through government directly interacting with the SME itself.

Another piece of the puzzle is spend controls — the Cabinet Office has brought in common infrastructure spend controls. A third piece is the introduction of government skunkworks to drive major projects and understand how projects interact.

Traditionally, skunkworks projects have been conducted under wraps and then, if successful, made public. Is this how government skunkworks will work?
No, it's not an Area 51; it's not going to be top secret. It's about bringing together different conceptual designs. We have a small team of people. At the moment we have four, but obviously we are building on that, and that will increase as we bring on board the director of ICT Futures. We want the correct person fit into [government chief information officer] Joe Harley's team.

Will the director of ICT Futures be in charge of skunkworks?
The director will directly contribute and have a heavy impact on the skunkworks environment.

Who's in charge at the moment?
Mark O'Neill is acting as the skunkworks head. The team is looking at how to fit the projects into spend controls, arranging new projects and embedding them. At the moment, we are looking at two or three projects.

How else is the government encouraging SMEs?
We'll be running what you could call Dragon's Den activities, where we say: 'here are opportunities' and 'here's what you can bring to us'. SMEs need to get onto the framework activity level.

We'll be running what you could call Dragon's Den activities, where we say: 'here are opportunities' and 'here's what you can bring to us'.

Another key element is transparency, and about making sure knowledge of what's out there is promulgated.

There's a presumption against projects over £100m. It's about the approach and behaviour of specific departments. Projects of £60m to £80m over two, three or perhaps four years pulls projects down into the catchment core of medium-sized enterprises.

Which security standards will you use for SMEs and the cloud-based systems and apps?
With cloud and security, clearly there is an issue surrounding personal data, and clearly it's not appropriate to put large data transaction elements into the public cloud.

With [high-security] systems interactions, analysts including Gartner and Forrester have recommended that SME's don't tackle that or be the first to build a cloud ecosystem.

How many SMEs run large scalable infrastructure-as-a-service platforms? We wouldn't want to compute the risk of a Fujitsu datacentre. SMEs will have opportunities, but they may not want to bid into high-risk areas.

We're not expecting SMEs to be major adopters of competing for massive infrastructure-as-a-service projects. There has to be pragmatism about where you help SMEs, which needs to be balanced against the risk profile.

In defining a security standpoint, we are...

...looking at Impact Level 3 security because the technology can sit on a government intranet and an ISP instantiation of the Public Sector Network. Public cloud can be used for services like the Ordnance Survey... and the Coins database. These are good for use with public cloud technology.

We are cognizant that the technology sits on the Government Secure Intranet and, for example, could run services on GSi. But if it had to have CESG accreditation, we would run out of systems integrators to supply networks. The government, together with the Public Sector Network, is already in a secure cluster, and we'll be using and reusing security architecture.

I told a systems integrator forum: "We can't buy what you don't offer. Get off your perches and provide us with stuff we can actually use.

Will applications that run on government networks have security accreditation?
With software-as-a-service (SaaS), there will be accredited software and non-accredited software.

SaaS can come through the G-Cloud app store with prequalification questions — but that doesn't mean it will be embedded in an Impact Level 3 [medium-security] system.

We are employing a reasonably secure SaaS platform. Apps across web services don't need fully accredited from CESG for the government to be able to use them.

The government has announced three bodies to promote the use of open-source technology in the public sector: the Open Source Implementation Group, the System Integrator Forum and the Open Source Advisory Panel. How much clout will these groups have?
The question is: who has the clout? I was speaking at a systems integrator forum recently, and I told them: "We can't buy what you don't offer — get off your perches and provide us with stuff we can actually use."

We specify outcomes. Open-source providers are active and vocal, but systems integrators can dampen or revive a market.

There's already a lot of open source use. There's a lot of Linux sitting at server levels across government, and Drupal is coming in, as is Ubuntu.

The government wants to develop a desktop prototype for use with the cloud. Will this be something like a thin client or a virtual machine?
We will develop a desktop product for the cloud. One of the areas we are looking at is virtual desktop infrastructure.

It's vitally important for investment, getting a desktop strategy. We have over 600,000 desktops in central government, so cost is quite important. We have 600,000 Windows desktop licences. HMRC has 80,000; the Home Office has 40,000. It's important to modernise the desktop device strategy and to keep pace as changes go on.

Our desktop device strategy will include the device, the operating system and the app system. Devices could be laptops, smartphones, tablets — for example, iPad or Samsung tablets. We have to consider where the security resides.

Once the desktop is defined as a device, we could use Linux, Android, iOS — apps could be open source.

We want to look at this within the next six months. With 600,000 desktops, we need a prototype environment to allow testing. I'm passionate about the desktop, as it's a major part of delivery of day-to-day work.

The government wants to reduce its datacentre costs by 35 percent over five years. Will this be achieved through consolidation?
We've got ongoing activities. [Cabinet Office cloud programme director] Chris Chant is working with Mike Truran at the Department for Work and Pensions to look at how the work on datacentres can go ahead. Most datacentres and processing power is actively in the hands of systems integrators.

How do systems integrators like HP feel about the 35 percent reduction?
HP were actually the ones who came to us and said: "We've done this with our systems, why not deliver a highly virtualised datacentre?" Fujitsu are already doing it, Atos Origin and IBM are doing it.

The key thing is how to utilise datacentres across individual boundaries, and taking them together, how to develop an ecosystem.

Will the government reduce the number of datacentres?
With cloud strategy, there's a tendency to fixate on the number of datacentres, but there is an argument to focus on the processing cost. How much per megaflop are we paying? These are the sorts of questions we are looking at.

Tom Loosemore has been recruited to reduce the number of government domains. Will that, coupled with other cost-cutting, lead to a drop in the number of IT professionals in the public sector?
Tom Loosemore is a specialist, and the reduction in domains will be a huge step forward when it starts to gain traction.

If you look at what's happening, some IT staff are leaving this week from the Cabinet Office, but those people will be redeployed. IT professionals could get into government social media.

We're not fixating on getting the number of IT professionals down, we are looking at how we can get the cost base down. Ultimately, we will see a change.