Cloud Computing in the public sector: rapid international stocktaking

Strategies and Impact
NEIL ROBINSON, HELEN REBECCA SCHINDLER, JONATHAN CAVE AND JANICE PEDERSEN

August 2010 Prepared for the Netherland’s Ministry of Internal Affairs and Kingdom Relations (BZK)

Preface

RAND Europe was commissioned by the Dutch Ministry of Interior and Kingdom Relations to undertake a rapid international stocktaking exercise of different national public sector strategies regarding cloud computing. This is the first phase of an initiative commissioned by the Dutch Parliament to investigate the applicability of Cloud Computing for public administrations and explore a national strategy. This report thus provides a snapshot of different national strategies regarding the domains of interest and drivers for deployment of cloud computing across a number of countries: Canada, Denmark, Ireland, Japan, the United Kingdom and the United States. We also reflect on other countries where there is less publicly available data or where implementations of cloud computing are less mature. We begin by outlining a definition of cloud computing and models of service and deployment and also characterise the unique characteristics and scope of the use of clouds in the public sector context, reflecting on the benefits and risks. We then present an indicative overview of each national strategy and initiative regarding cloud computing based on our literature assessment. Brief case study style ‘vignettes’ to illustrate these strategies in practice are also presented. Our analysis of national strategies is undertaken according to a framework where we identify areas of public sector interest in cloud computing and also more discrete drivers for deployment. We then present an indicative analysis of where each country’s national initiatives sit on this matrix. We conclude with some thoughts on future policy challenges and a high level indication of the ambitious possibilities of cloud computing to support the move to the unbundling of government services. RAND Europe is an independent not-for-profit policy research organisation that aims to improve policy and decision making in the public interest, through research and analysis. RAND Europe’s clients include European governments, institutions, NGOs and firms with a need for rigorous, independent, multidisciplinary analysis. This report has not been peer-reviewed in accordance with RAND’s quality assurance standards. For more information about RAND Europe or this document, please contact Neil Robinson: RAND Europe Westbrook Centre Milton Road Cambridge CB4 1YG United Kingdom

iii

Contents

Preface ............................................................................................................iii Summary........................................................................................................ vii CHAPTER 1 Introduction................................................................................... 13 1.1 What is cloud computing?.................................................................... 13 1.2 Service Models ..................................................................................... 14 1.3 Cloud Offerings .................................................................................... 15 1.4 Overall drivers for take-up ................................................................... 15 1.5 Cloud computing is already here.......................................................... 16 CHAPTER 2 Cloud Computing in the Public Sector.........................................19 2.1 Constraints and unique features of public sector context.................... 19 2.2 Framework for public sector interest in cloud computing...................20 2.2.1 Delivery of a public service through the means of the cloud.........................................................................................20 2.2.2 Using clouds within and between government entities........... 21 2.2.3 Regulation for clouds as a public utility .................................. 21 2.3 Other exogenous drivers impinging upon national cloud computing strategy............................................................................... 23 CHAPTER 3 National Strategies ....................................................................... 24 3.1.1 Canada .....................................................................................24 3.1.2 Denmark .................................................................................. 25 3.1.3 Ireland......................................................................................28 3.1.4 Japan........................................................................................30 3.1.5 The United Kingdom (UK) ...................................................... 32 3.1.6 The United States of America ..................................................34 3.1.7 Other countries ........................................................................36 3.1.8 The counter-factual.................................................................. 37 3.2 Case Study Vignettes ............................................................................ 37 CHAPTER 4 Analysis ......................................................................................... 42 4.1 Cloud computing: future implementation trends and issues ..............43 4.2 Areas of future policy focus..................................................................44 CHAPTER 5 Conclusions .................................................................................. 46 5.1 Can Cloud Computing lead to the unbundling of government? ..........46

Verwijderd: 44 Verwijderd: 45

v

RAND Europe

Contents

REFERENCES ....................................................................................................... 49

vi

Summary

What is cloud computing?
Cloud Computing is defined by the US National Institute of Standards and Technology (NIST) as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. A key in understanding cloud computing is that it is not necessarily a new phenomenon but rather constitutes an evolutionary approach to viewing the use of IT resources. These resources or building blocks are common in other IT enabled paradigms such as Service orientated Architectures (SoA) off shoring, data mashing and Web 2.0.

Service Models
There are a number of cloud service models, including: • • Software as a Service (SaaS) - provides the cloud consumer the ability to use the provider’s applications running on a cloud infrastructure. Platform as a Service (PaaS) – provides the cloud consumer the ability to deploy onto cloud infrastructure applications developed or acquired by the consumer. Infrastructure as a Service (IaaS) – provides the cloud consumer the ability to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run software, which can include operating systems and applications.

Cloud Offerings
It is well understood there are four main types of cloud offerings, although these can be organised in many ways: • Private Clouds – where the cloud infrastructure is operated solely for one organisation.

vii

RAND Europe

Summary

• • •

Community Clouds – where the cloud infrastructure is shared by several organisations and supports a specific community. Public Clouds – where the cloud infrastructure is available to the general public or a large industry group. Hybrid Clouds – where the cloud infrastructure is a composition of two or more of the above clouds. The clouds remain unique entities, but are tied together by standardised technology that allows a degree of data and application portability.

Rationale for using cloud computing
The advantages of Cloud Computing are generally considered to be that: • Cloud Computing is economical: a ‘pay as you go’ approach and minimal up front investment is needed as services are metered just like utilities; Cloud Computing is flexible: IT infrastructure or services can be better matched to user load or requirements on a real-time basis; Cloud Computing is consistent: cloud computing can offer a higher level of service and reliability due to economies of scale provided in the cloud service provider; Cloud Computing is better for the environment: the use of pooled resources eliminates duplication in respect of dedicated IT infrastructure; Cloud Computing favours innovation and a level playing field: up-todate cloud services provide state of the art computing capabilities to all users.

• •

There are also relevant macro-economic drivers too – research indicates that take up of cloud computing could generate hundreds of thousands of jobs across the EU and support economic growth and development.

Unique constraints of cloud usage for the public sector
Despite the rationales being persistent across many uses of cloud computing, there are a number of specific constraints or key characteristics of the use of clouds in a public sector context which impinge upon the drive to adopt such solutions by governments: • Service obligation – possibly the characteristic which most sets the public sector separate from the private sector, this concerns the obligation that the public sector must deliver services to all segments of the population, not just those that are able to afford it or those for which it is the most economically advantageous to deploy. Scale – the scale of government ICT usage both in numbers of end users but also in the quantity of transactions and processes may be considered a specifically unique characteristic. Risk – Another key consideration which sets aside public sector uses of cloud computing from the private sector is in regard to the scale

viii

RAND Europe

Summary

magnitude and type of potential impact of risks due to mistakes, errors, accidental loss or malicious data interference. • Complexity – the sheer complexity of some national (or even pan European) initiatives is frequently far beyond that commonly experienced in the private sector (forcing a greater focus on interoperability). Legacy – many have commented that they see the continued existence of ‘legacy’ IT systems as one of the key issues specific to the public sector uses of cloud computing Security – there are unique security requirements associated with the public sector uses of technology and cloud computing depending on specific applications such as national security and law enforcement requirements Legal compliance & liability – the question about how to determine liability to the public for errors arising from mistakes or problems (deliberate or accidental) of data held in the cloud is markedly different from similar sorts of questions in the private sector.

A framework for public sector interest in cloud computing
We identify three main domains or areas of public sector or governmental interest in cloud computing: • Use of clouds to deliver new public services - this domain covers the use of cloud computing as a means to deliver public services to the citizen. In this respect, interest in this area is driven by an outward looking perspective as a way to transform the delivery of public services between the state and the citizen. Use of clouds to achieve efficiencies – This represents an internal focus, where the cloud app and the cloud user are government entities. The achievement of cost efficiency objectives might be a high priority in this domain and indeed investment in a single more homogenous infrastructure holds out the promise of greater efficiencies. Regulation of clouds as a public utility – the final domain of interest is in regard to public sector regulation to maximise cloud computing as a public utility for broader socio-economic rationale.

Within these areas of interest, there are specific drivers for deployment including cost saving, the provision of new or better services, transparency and accountability and energy efficiency.

Methodology
In order to populate this framework described above, we conducted research taking advantage of official government documents, country profile data from the OECD and Economist Intelligence Unit, national policy papers and peer reviewed and grey literature. We also conducted a limited number of interviews with representatives from national administrations in Denmark, Japan and Germany and from the World Economic Forum.

ix

RAND Europe

Summary

Analysis
Figure 1 below summarises our analysis of the main focus of each national strategy set against the domains of interest (across the top) and drivers (down the side). This represents our understanding of the main thrust of each national interest and driver regarding cloud computing although we recognised that there is a degree of overlap and fuzziness between some of these factors. As can be seen, there is a wide divergence in the sorts of interest governments have in cloud computing and the sorts of objectives that public administrations are looking to use the cloud to fulfil.

To deliver new government services

To make government more efficient

To regulate clouds as a public utility

Met opmaak: Nederlands (standaard), Geen spelling- of grammaticacontrole uitvoeren

Cost saving
Denmark

UK
Ireland

Ireland

Transforming Government
Japan

USA

Managing the market As an external tool USA

Canada

Figure 1. Analysis of focus of national strategies according to drivers and domains of interest Using our framework we classify the focus of each national initiative into our three domains as follows: • The use of clouds to deliver new government services for example, via the provision of cloud computing enabled healthcare or public services (e.g. citizen centric e-government or interaction with internal revenue services, citizen registration and so on). At present the Danish and United States national strategies appear to be focused in these domains. This domain of interest reflects outward facing set of priorities, usually aimed at citizens and businesses as ‘customers’ of government services. Interest in clouds to make government more efficient – another domain of public sector interest in cloud computing is in respect of rationalisation of internal infrastructure and encouraging, forcing or mandating the shared use of common infrastructures and services. The UK national strategy is perhaps the pre-eminent example of this: focused very much around ‘shared services’ and attaining cost savings in respect of internal efficiencies. The major group of

x

RAND Europe

Summary

stakeholders to benefit directly from cloud computing initiatives undertaken in this domain are other government departments. Interest in clouds to promote clouds as a public utility – The national strategies of Canada and Ireland are exemplars of this type of public sector interest in cloud computing. This revolves around an outward ‘market’ based focus on cloud computing as a mechanism to enable wider socio-economic benefits. This interest also includes drivers for cloud computing covering for example the promotion of cloud computing as a means to help bridge digital divides between the developed and developing world.

Conclusions
There remains a number of potential tractable issues going forward regarding the public sector deployment of cloud computing. It is widely understood amongst policy makers and experts that security, data privacy and data portability issues represent the most significant barriers to wider deployment. Furthermore concerns over market structure (e.g. the presence of large multinationals as the main cloud providers, whether clouds will evolve to a proprietary or open source models and the extent to which cloud computing may affect prospects for innovation. Cloud computing may offer an opportunity to ‘unbundle’ government services, ushering in a evolutionary model of public administration building on reforming efforts taken forward by the school of New Public Management. It might be possible for governments, as has occurred with the private sector in the service based economy to become, an agglomeration of services offered by others linked by ICT systems and a cloud computing based model of service provision.

xi

CHAPTER 1

Introduction

1.1

What is cloud computing?

Cloud Computing is defined by the US National Institute of Standards and Technology (NIST) as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing has become a widely talked about phenomenon, as evidenced by its peak position on Gartner’s ‘Hype Cycle Model’. Figure 2 below illustrates this model.
Met opmaak: Nederlands (standaard), Geen spelling- of grammaticacontrole uitvoeren

Figure 2. Hype Cycle Model. Source: Gartner (August 2009) While discussion over cloud computing has increased dramatically, it must be emphasised that cloud computing is not a new technology per se, but rather a new way of thinking about existing technology components. Cloud computing is an evolution in the way technology is deployed, rather than a discrete concept in and of itself. Cloud computing can be likened to the shift in models of electricity provision. Where in the past individual homes were required to generate their own electricity, the market matured and electricity moved to a model based on a central generator linked to homes via a grid. In this model, households consume only the energy which they demand, and pay for only that

13

RAND Europe

Chapter 1: Introduction

consumption. A similar shift is envisaged in the provision of computing services. Furthermore, there is an issue of this new way of thinking creeping up on users. This is the question whether individuals actually know if they are using cloud computing: for example, many large high traffic websites were using cloud style technologies before they were known as clouds – e.g. in respect of highly scalable web-server infrastructures. Similarly the growth of flexible and rapidly configurable commodity web hosting is another case in point. In conclusion, we see that Cloud computing is not an entirely new technology but rather represents an evolutionary paradigm or way of looking at the world. A number of underlying technological trends are involved in the evolution of Cloud computing. Some examples include: • Increasing processing capability - stemming from the decreasing size of lithographic techniques (leading to increasing speed of processing as more transistors are able to fit into the same physical space) Increasing storage capacity using new techniques to place more and more data onto disk drives and the commoditisation of Solid State Disk Drives (SSDs) Ubiquitous Internet access – the sheer heterogeneity, presence and scale of modes of high speed network access are contributing toward individuals having an expectation of always being online or being able to access the network. These modes range from high speed wired networks (either using cable, Fibre to the Home or *DSL technologies) or, as is increasingly common, wireless networks using radio protocols such as 802.11g/n (WiFi) or 3G / UMTS. Virtualisation - a key component in the provision of cloud infrastructure services (computation and data storage) as it enables providers to make efficient use of hardware resources and multiple customers, by using the same physical machine for different applications Web services / web application frameworks - Web Service standards such as SOAP, WDSL and UDDI to provide a communication format, interface definition and directory for discovery of Web or Internet enabled services, enabling re-use. Service Orientated Architectures - SOA is a method of constructing software with reusable services interacting through standard interfaces and protocols.

1.2

Service Models
• Software as a Service (SaaS) - provides the consumer the ability to use the provider’s applications running on a cloud infrastructure. The consumer does not manage the underlying infrastructure including networks, servers, operating systems, storage, and application capabilities (apart from user-specific application settings). An example is web-based email.

There are a number of cloud service models, including:

14

RAND Europe

Chapter 1: Introduction

Platform as a Service (PaaS) – provides the consumer the ability to deploy onto cloud infrastructure applications developed or acquired by the consumer. The consumer does not manage the underlying infrastructure, but does have control over the deployed applications. Infrastructure as a Service (IaaS) – provides the consumer the ability to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run software, which can include operating systems and applications. The consumer does not manage the underlying cloud infrastructure, but does have control over operating systems, storage, applications and possibly select networking components (for example firewalls).

1.3

Cloud Offerings

It is well understood there are four main types of cloud offerings, although as fig.1 shows, these can be organised in many ways: • • • • Private Clouds – where the cloud infrastructure is operated solely for one organisation. Community Clouds – where the cloud infrastructure is shared by several organisations and supports a specific community. Public Clouds – where the cloud infrastructure is available to the general public or a large industry group. Hybrid Clouds – where the cloud infrastructure is a composition of two or more of the above clouds. The clouds remain unique entities, but are tied together by standardised technology that allows a degree of data and application portability.

The market may offer products or solutions with different characteristics. These characteristics may be grouped into categories such as the quality of the cloud system (degree of elasticity, reliability, QoS and availability), economic characteristics (differentiated on price) and technological characteristics. 1 These characteristics may differ according to whether the user is private, public, non-commercial or end user. For example, the availability or security requirements of a private sector cloud user for the storage of stock information will be markedly different to that of a public sector organisation wishing to use a cloud for the storage of Electronic Health Records (EHR).

1.4

Overall drivers for take-up
• Cloud Computing is economical: a ‘pay as you go’ approach means that minimal upfront investment is necessary and cash flows better match total system cost. Indeed, in a Cloud model, little or no initial capital expenditure is required.

The advantages of Cloud Computing are generally considered to be that:

1

Schubert L, Jeffrey K, Neidecker-Lutz B (2010). The Future of Cloud Computing. Opportunities for European Cloud Computing Beyond 2010, Expert Group Report. Public Version 1.0, European Commission.

15

RAND Europe

Chapter 1: Introduction

Cloud Computing is flexible: IT infrastructure or services can be better matched to user load or requirements, meaning that in times of peak demand, supply can be matched. Similarly, as demand subsides, capacity can be subtracted. Further, the user-centric model of provisioning means that complex procurement mechanisms are not required and projects can get off the ground quickly. Cloud Computing is consistent: cloud computing can offer a higher level of service and reliability and the cloud provider can achieve economies of scale in respect of the availability and security provisioning in its infrastructure. Cloud Computing is better for the environment: the use of pooled resources eliminates duplication in respect of dedicated IT infrastructure. A higher utilization rate across fewer servers reduces total energy consumption. Cloud Computing favours innovation and a level playing field: up-todate cloud services provide state of the art computing capabilities to all users and quickly attain critical mass, thus motivating active innovation.

There are also relevant macro-economic drivers too: Federico Etro concluded in a 2009 paper for the Review of Business and Economics that cloud computing offered an opportunity for the creation of a few hundred thousand SMEs across European Union. This was mainly based on the reduction of the fixed costs of entry in ICT capital.2

1.5

Cloud computing is already here

Effectively, cloud computing permits the disintermediation of a classical IT department. The private sector is engaging enthusiastically in adopting cloud computing services. Among individuals too, while Cloud Computing is sometimes referred to as a “wave of the future”, the data suggest that adoption of Cloud Computing services by individual consumers is already well advanced. A 2008 Pew Internet Study found that 69 percent of online users surveyed had performed at least one of the following Cloud Computing activities: storing photos online (on sites such as flickr); storing videos online (on sites such as YouTube); using online applications (such as Google’s Office suite, Facebook or Twitter); using webmail (such as Gmail or Hotmail); paying for online data storage or using services to back up files online. Jonathan Zittrian also makes an interesting point in regard to awareness of usage of ‘the cloud’ when he talks about tethered devices (such as Amazon’s Kindle or Apples’s iPad).3 Although seemingly close to the end user, such devices are actually deeply embedded in the cloud since the provider retains a certain degree of control about usage and content on the device. The two examples include the removal of certain e-Books on the Kindle and Apple’s stipulations regarding acceptability for developers to post apps on the iTunes store.
2 Etro, F. The Economic Impact of Cloud Computing on Business Creation, Employment and Output in Europe Review of Business and Economics 2009 3

New York Times July 19 2009 Lost http://www.nytimes.com/2009/07/20/opinion/20zittrain.html?_r=3

in

the

Cloud,

16

RAND Europe

Chapter 1: Introduction

Underlying technologies of cloud computing are also being knitted together at the enterprise level, without it necessarily being called ‘cloud computing. For example in April 2010, HP announced that it had successfully managed to consolidate its data centre estate covering some 85 data centres in 29 countries into just six Next Generation Data Centers (NGDCs4) in three US cities under its Data Centre Consolidation (DCC) project.5 HP expects that this will achieve savings of US$1bn in the coming years. While public sector organisations have adopted cloud based solutions for functions such as email and image storage, governments have been much slower in moving mission-critical datasets and applications into the cloud. The willingness and strategy to adopting cloud solutions for these more sensitive requirements differs across countries.

4 According to HP, NGDCs have ‘lights out’ capability and thus can be entirely monitored and managed remotely 5 HP Building the Next Generation Data Center http://h10144.www1.hp.com/case-studies/HPdata-centers.htm

17

CHAPTER 2

Cloud Computing in the Public Sector

Governments around the globe are increasingly interested in the possibility of using cloud computing to reduce IT costs and waste, increase capability and energy efficiency, etc and have started moving non-critical applications towards a “cloud approach”. Various countries, in particular the US and Japan, and in Europe, UK and Denmark are considered fast adopters, have announced plans to move into the cloud and began to promote and build use cases. The economic impact of Cloud Computing has also been explored and a link between the adoption of cloud technologies and business creation, employment and output in Europe has been postulated. In the current financial climate this provides an added impetus for governments and policy-makers to become more interested in cloud computing.

2.1

Constraints and unique features of the public sector context

There are a number of specific constraints or key characteristics of the public sector context which impinge upon the drive to adopt cloud computing solutions by governments. • Service obligation – possibly the characteristic which most sets the public sector separate from the private sector, this characteristic concerns the fact that the public sector must deliver services to all segments of the population, not just those that are able to afford it or are the most lucrative. This is most clearly seen in respect of the different modes of service delivery in that governments have been criticised for simply putting everything online rather than actively considering the different ways in which citizens may wish to interact with government via technology. Scale – the scale of government ICT usage both in numbers of ‘clients’ but also in the quantity of transactions and processes may be considered a particularly unique characteristic of public sector uses of ICT and cloud computing more specifically. Risk – Another key consideration which sets aside public sector uses of cloud computing from the private sector is in regard to the scale and magnitude of potential impact of risks due to mistakes, errors,

19

RAND Europe

Chapter 2: Cloud Computing in the Public Sector

accidental loss or malicious data interference. Whereas in the private sector financial damage, restriction of access to markets and potential foreclosure from products and services may be considered as the logical consequences, for citizens, the potential risks arising from the misuse, alteration or loss of their information in the cloud may have potentially even more harmful consequences including the possibility of physical or social consequences. • Complexity – the sheer complexity of some national (or even pan European) initiatives is frequently far beyond that commonly experienced in the private sector. The deployment of ICTs to whole populations, on a service obligation basis, taking in information from different data stores, using different modes of delivery represents a highly specific set of characteristics that only exist in the public sector. Legacy – many have commented that they see ‘legacy’ as one of the key issues specific to the public sector uses of cloud computing, namely that the extensive sunk costs and bespoke developed legacy systems are far more prevalent in the public sector than the private sector and thus this represents a unique facet of the deployment of any cloud computing solution by governments. Indeed, Canadian public policy officials have publicly indicated that ‘legacy is strangling us’. Security – there are unique security requirements associated with the public sector uses of technology and cloud computing, specifically around the storage of different types of information in the cloud: such as criminal justice information, national security information or taxation data. Legal compliance & liability – the question about how to determine liability to the public for errors arising from mistakes or problems (deliberate or accidental) of data held in the cloud is markedly different from similar sorts of questions in the private sector due to the type, magnitude and impact of the use of technology to achieve public sector objectives. There is another question about legal liability namely that if a cloud provider fails then the question of what happens to public sector data becomes highly relevant. For example, would it be the case that cloud providers become too big to fail then they might be in receivership of government subsidy as per financial services companies were in late 2009.

2.2

Framework for public sector interest in cloud computing

We propose the following framework in respect of public sector interest in cloud computing. The public sector is interested in cloud computing in three main domains:
2.2.1 Delivery of a public service through the means of the cloud

This domain covers the use of cloud computing as a means to deliver public services to the citizen. In this respect, interest in this area is driven by an outward looking perspective as a way to transform the delivery of public services between the state and the citizen. For example, in the use of cloud and related ICTs for the delivery of public health outcomes, we might see data from

20

RAND Europe

Chapter 2: Cloud Computing in the Public Sector

blood testing being placed in the cloud to try to identify common characteristics which may be used for the provision of public health outcomes. The defining aspect of interest in clouds here is in respect of what public service outcomes (better healthcare, more security etc) may be achieved. Frequently, data mashing and other innovative cloud applications and services are in this domain. The dominant model of usage may be either public clouds or hybrid clouds (since the complex transactional nature of the applications or services will necessarily require interoperability between public sector infrastructures (especially given the likely usages involving individuals’ personal data) and public clouds in order to leverage the most economic benefit.
2.2.2 Using clouds within and between government entities

The next major area of interest for the public sector uses of cloud computing is an internal focus, where the cloud app and the cloud user are government entities. The achievement of cost efficiency objectives might be a high priority in this domain and indeed investment in a single more homogenous infrastructure holds out the promise of greater efficiencies. Practically speaking this might include the rationalisation of the data centre estate (something of a leitmotif amongst certain national cloud strategies, as we shall see). The main characteristic will be the shared use of government cloud infrastructure across departments or agencies. This will necessitate hybrid or private clouds given the complexity and interoperability requirements of different departments. Furthermore it is highly likely that the cloud apps and users will be exclusively government entities. Nonetheless, the commonality of HR, payroll or citizen relationship management requirements across government will permit such rationalisation. Furthermore the governance and control mechanisms possible within the public sector (which may be different depending on the government architecture – e.g. whether there is a highly centralised government, a federal state system etc) may make it possible that the use of a common back office cloud infrastructure can be made mandatory.
2.2.3 Regulation for clouds as a public utility

A final domain of interest is in regard to public sector regulation for clouds as a public utility for broader socio-economic rationale. Etro has developed an economic model which shows that cloud computing has the potential to create wealth and new jobs and could, if deployment speed is maximised, be linked to the creation of tens of thousands of new SMEs and between 300,000 and 1.5m new jobs in five years across Europe alone.6 According to a 2009 cloud computing survey conducted by the World Economic Forum in collaboration with Accenture, governments and regulators even more intensively cite information security issues and fear of vendor lock-in as major concerns, followed by data privacy and confidentiality and ability to meet national security requirements (WEF 2009) as inhibitors for the broader take up of cloud computing. Compared to private and SME sector take-up, governments too have serious hurdles to overcome in terms of public perception of the secure processing of citizens’ personal information in cloud computing infrastructures (ENISA, 2010). In addition, there are also legal and regulatory barriers which prevent many eGovernment applications from moving to the cloud. Etro

6 Etro, F. The Economic Impact of Cloud Computing on Business Creation, Employment and Output in Europe Review of Business and Economics 2009

21

RAND Europe

Chapter 2: Cloud Computing in the Public Sector

proposed that in order to maximise the economic impact of cloud computing (directly linked to the speed of adoption) policy-makers should seek to intervene in a number of areas including establishing international agreements in favour of unrestricted flow of data across borders, agreements between EU authorities and industry leaders on a minimum set of technological and process standards to be respected (guaranteeing data security and privacy and promoting a healthy use of the technology); expansion of broadband capacity and finally the introduction of fiscal incentives for the adoption of cloud computing and specific promotion in particularly dynamic sectors.7 Coupled with these domains are drivers for usage or deployment. These include investment decisions for example cost savings or waste reduction, supporting procurement or market stimulation and finally other altruistic objectives such as helping developing countries to leapfrog technological barriers. Table 1 illustrates a possible investment framework using our criteria and indicates the relative level of importance of each objective within a particular possible domain of interest to the public sector.
Table 1. Investment decision framework

Objectives/domains

Delivery public services Medium Low Low

of

Efficiencies and usage of clouds internally High High High

Promoting clouds as a public utility Low Low Low

Cost Savings

Saving money Waste reduction Energy efficiency

Transforming government

More and better government info available Better government services New government services Innovation Transparency accountability &

High

Low

Medium

Medium High High High Low Low

High Medium Low Medium Low Low

Low Low High Low High High

Managing the market

Following/launching customer Levelling field playing

7

http://www.weforum.org/pdf/GITR10/Part1/Chap%209_Economic%20Consequences%20of%2 0the%20Diffusion%20of%20Cloud%20Computing.pdf

22

RAND Europe

Chapter 2: Cloud Computing in the Public Sector

Facilitation of public procurement As an external tool International development

Medium Medium

Low Low

High High

There may be other criteria too, such as organisational governance (e.g. the extent to which a centrally located organisation or authority can control or mandate sub-ordinate or federated departments to implement particular technologies) or extent of risk of identified deployments (and the associate risk appetite or tolerance of the implementing authority).

2.3

Other exogenous drivers impinging upon national cloud computing strategy

Other external factors or policy agendas affect the existence, development and success of any national cloud computing strategy and may have a casual effect upon the extent to which it is possible to reap the benefits of any such strategy. For example, public policy regarding innovation, competition or broadband take up or IPR rights may all influence the implementation and success of any national strategy. ICT readiness, uptake and acceptance are also clearly relevant. Some of these can be directly influenced by policy (for example, the regulation of broadband markets in order to stimulate supply) whist some are simply exogenous factors which much be properly managed: for example, climatic conditions which may or may not favour the location of data-centres.8 Organisational culture is another factor: whether (and which) organisations are taking the lead in any deployment may affect the existence, development or even success of a cloud computing strategy. There may be other deep seated characteristics of how the populace interacts with ICTs that are relevant. If usage of Internet cafes is a popular way of getting online (due perhaps to the high cost of importing technology which drives up the price of home computers) then this may drive the success of a cloud computing strategy. Similarly, Zysman et. al. point out that India’s success as a Business Process Outsourcing and off-shoring destination was sparked by the combination of educational attainment, telecommunications liberalisation within India, rapid build-out of transpacific fibre cable and increased demand for software engineers.9

8 Peter Fleischer, Google’s European Chief Privacy Officer has commented that climate plays a role in the investment decision of where to site data-centres, Ireland being a prime example.

9 Zysman, J. Feldman, F. Murray J et al The Digital Transformation of Services: From Economic Sinkhole to Productivity Driver BRIE Working Paper 187 p24 http://brie.berkeley.edu/publications/wp187.pdf

23

CHAPTER 3

National Strategies

In the following Chapter we will present national policies, explicit and tacit objectives that have motivated public sector decisions to move applications into a cloud, and present vignette use cases. In each country section we present a short overview of some contextual factors that serve to inform the subsequent discussion, namely data from the EIU on the countries’ e-readiness rankings and the OECD on models of public administration and organisational governance.
3.1.1 Canada

According to the Economist Intelligence Unit Digital Readiness ranking Canada was ranked 11th out of 70 for 2010.10 In the OECD Country Note for 2009, Canada is termed as being: “...at the forefront of developing e-government. Overall, it exhibits a high-degree of e-government readiness characterised by pervasive access to Internet services, an educated population and a high amount of information and services available online.” Canada’s federal administrations are characterised by the OECD as having a relatively high level of flexibility to adjust funds and reallocate resources and it has made efforts to move away from a performance management system based purely on inputs and outputs to one based around outcomes. The OECD indicates that there is a high degree of delegation within the Canadian public administration. Furthermore, there is a high degree of decentralisation due to the constitutional division of powers and the increased levels of delegation of responsibilities from federal governments to provisional and local government. Most of the formal civil service is therefore employed at local level. Published in October 2009 by the CTO of Public Works Government Services Canada (PWGSC), the white paper “Cloud Computing and the Canadian Environment” followed government concerns over the decline of Canada in the global digital economy. Speaking at a conference in June 2009, Industry Minister Tony Clement pointed out that Canada had dropped from second to 10th in the OECD’s broadband ranking, and from fourth to 13th in the Economist Intelligence Unit’s e-readiness ranking, since 2001. Canada’s Cloud Strategy builds the case for adopting Cloud Computing around the benefits linked to reductions in operating costs, lower capital expenditure
10

Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902

for

2010:

24

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

and improved maintainability. Cloud Computing allows for the consolidation of Canada’s 144 data centres and disintermediation of the IT functions in each of the federal government’s 140 departments (each of which has its own CIO). The Treasury Board of Canada has obtained agreement across departments on the language and definitions for cloud computing, and received endorsement for the Government of Canada’s cloud computing roadmap. Having finalized the security architecture, the government was offering a community cloud for pay, pension, CampusDirect, and GC Intranet by January 2010. The short term goals were to use SaaS for internal collaboration, PaaS for commoditised Web hosting, and IaaS for virtual storage. In the long term, it is expected that SaaS will provide virtual offices, PaaS will be used for cloud-based application and database hosting, and IaaS will be used for departmental private and public cloud peering. As well as focussing on how government can best utilise Cloud Computing, Canada’s strategy is outward looking, with a key element being the promotion of the country’s credentials as an exporter of Cloud Computing services. Among other things, the strategy white paper cites Canada’s geographical characteristics (particularly its position next to the United States), cooler ambient temperature, low population density, existing fibre cables network, strong legislative framework (including the Privacy Act and the Personal Information Act), geopolitical stability and green, reliable electricity supplies. Gartner Inc. highlights Canada’s growth prospects, which could push the country “well beyond its current server installed base.” Finally, Canada is directly addressing the privacy and data security concerns around Cloud Computing, with the Office of the Privacy Commissioner of Canada publishing a paper entitled “Reaching for the Cloud(s): Privacy Issues related to Cloud Computing.” Furthermore, Ontario Privacy Commissioner Ann Cavoukian, recognised as a world expert in IT privacy issues, was quoted as saying, “user-centric private identity management in the Cloud is possible, even when users are no longer in direct possession of their personal data, or no loner in direct contact with the organisations that do possess it.”
3.1.2 Denmark

Denmark is ranked second in the Economist Intelligence Unit Digital Readiness ranking for 2010 out of 70 other countries.11 The OECD’s 2009 Country Note for Denmark also indicated that “Overall, Denmark exhibits a high-degree of e-government readiness. The percentage of citizens and businesses that use e-government services is well above the OECD average.” Public administrations in Denmark are characterised by the OECD as being decentralised. The budget allocation process in Denmark is top down and the executive has a degree of flexibility in reallocating funds at the end of each fiscal year. Most public services in Denmark are delivered at the local level, indicating that Denmark is a very decentralised country.12 In 2007 a new local government

11

Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902 Government at a Glance 2009 Country Note for Denmark; OECD; Paris 2009

for

2010:

12

25

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

structure was established aimed at professionalising and making more efficient the public administration. This was in concert with an action plan to reduce bureaucracy. A recently published report, “IT in practice 2010” [IT i Praksis 2010],13 emphasises that cloud computing is gaining ground in Denmark, and states that 45% of the public and private sector companies that were polled are considering using cloud computing in the next three years14. The report is used by the National IT and Telecom Agency (NITA) to support its plans regarding cloud computing. Danish cloud computing plans currently appear to be concentrated under the government’s broader ‘digital working programme,’ as laid out in the document “Digital Routes to Growth – The Ministry of Science’s digital working programme”15. This programme is informed by the findings and recommendations of the ‘High speed committee’ [Højhastighedskomitee16]. The committee was set up by the Ministry of Science, Technology, and Innovation (MSTI or Ministry of Science hereafter) in the spring of 2009 to develop suggestions of how to spread and use high speed broadband in the whole country. It was disbanded in 2010, following the delivery of its report, “Denmark as a High Speed Society”17, in January. With respect to cloud computing, emphasis is placed on the economic and environmental savings (energy consumption) to be made, particularly in the public sector. The most energy effective cloud computing solution is expected to lead to economic savings of up to about a billion Danish kroner (DKK) (about € 134 million, based on the August 2010 exchange rate). In its January 2010 policy paper on Denmark as a high-tech society, the ‘high speed committee’ recommended that: • Denmark should become a leading cloud (and IT in general) nation. The government should invest heavily in cloud computing. Being a small country, there are not sufficient economies of scale in Denmark for the government to build its own cloud, and it therefore aims to focus on the

13 Although the report by Rambøll Management Consulting is not yet publicly available, it has been reviewed by the NITA. 14 IT- og Telestyrelsen, Ministeriet for Videnskab, Teknologi og Udvikling [NITA, MSTI] (26 August 2010) “Cloud computing er ikke blot en “hype” [Cloud computing isn’t just hype]”Available online, in Danish, at http://www.itst.dk/nyheder/nyhedsarkiv/2010/cloudcomputing-er-ikke-blot-en-201dhype201d. Accessed on 26 August 2010. 15 The document is only available in Danish. Source: Ministeriet for Videnskab, Teknologi og Udvikling [Ministry of Science, Technology, and Innovation] (juni 2010 [June 2010]) “Digitale veje til vækst – Videnskabsministeriets digitale arbejdsprogram [Digital Routes to Growth – The Ministry of Science’s digital working programme],” http://vtu.dk/publikationer/2010/digitaleveje-til-vaekst/publikationen-pdf. Available online at: http://vtu.dk/publikationer/2010/digitale-veje-til-vaekst. Accessed on 26 August 2010. 16 17

http://www.itst.dk/politik-og-strategi/hojhastighedskomiteen

The document is only available in Danish. Part II – section 3.2, pg. 32 of the report deals with cloud computing. Source: Højhastighedskommiteen, IT- og Telestyrelsen [The High Speed Committee, National IT and Telecom Agency] (januar 2010 [January 2010]) “Danmark som Højhastighedssamfund [Denmark as a High Speed Society],” ISBN: 978-87-92572-05-9, http://www.itst.dk/politik-ogstrategi/hojhastighedskomiteen/resolveuid/277e2a1c6bedd06e039a8dbf7b304cde, Available online at: http://www.itst.dk/politik-ogstrategi/hojhastighedskomiteen/hojhastighedskomiteens-rapport. Accessed on 26 August 2010.

26

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

development of the infrastructure necessary for the increased use of cloud computing solutions. However, the public sector is relatively large compared to other sectors and would be an attractive customer for providers of cloud computing and of cloud-based services. Public sector experiences could help drive the resolution of challenges related to privacy, data security, expenses etc.; The public sector should undertake projects where cloud computing is used. The focus should be to gather experience and publish guidance on the use of cloud computing, among other things, to ensure clear and attractive subscription terms / standard agreements, new paradigms for safety, etc. The main aim is to clarify how to use available cloud solutions in a secure way.

The Danish MSTI has a forward-looking strategy for digitalisation in Denmark, which will focus on broadband, improved content in the digital economy, and ICT skills, all leading to increasing use of ICT and, thereby, economic growth. Challenges faced in Denmark include falling productivity and loss of standing internationally, an aging population, the increasing number of intellectual tasks that are being moved abroad, e.g. to China, and the need to reduce CO2 emissions while maintaining economic growth. In order to increase the country’s chances of converting digital possibilities to economic growth and social development, the aim is for all Danes to have access to internet connections of at least 100Mbit/s by 2020. This would put Denmark ahead of its competitors in terms of digitalisation, including ahead of Norway, which is currently leading the field. The Ministry of Science aims to provide guidelines on digitalisation for organisations and businesses. In relation to cloud computing, there is to be a focus on developing methods for improving security and privacy, publishing guidelines, disseminating experiences and acting as a pilot case for cloud computing, showing best practices of how it can be used in the public sector. A core component of the ministry’s activities is to provide information and guidance for the public and private sectors, as well as for the general public, about how to secure private information. Another major barrier to the effective use of cloud computing is seen as being the difficulty of determining the extent of the legal ramifications of using the cloud to store data and software. The IT University (ITU), in collaboration with the National IT and Telecom Agency (NITA), under the Ministry of Science, is also to be a test case for cloud computing. This is part of the ministry’s strategy to increase the digitalisation of the universities, as a means of increasing the possibilities for research, innovation, and to improve the use of existing resources. ITU is intended to be pioneer in the use of ICT. The ministry intends to develop methods for improving security and privacy, to publish guidelines, disseminate experiences with cloud computing, and to collaborate with other Nordic countries to establish a common approach to cloud computing in the public sector. This will involve defining and enforcing common standards for vendors of cloud computing solutions. The Nordic region is considered to be a sufficiently large and homogeneous market for this to be possible, and Denmark aims to bring this option up in a European context. A necessary condition for the success of this approach will be the laying out of clear guidelines relating to safety and jurisdiction. In addition, as EU president in 2012, Denmark hopes to implement digital solutions such as the

27

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

increased use of videoconferencing for EU-related activities. It is therefore conceivable that cloud computing could also be on the agenda. A number of digitalisation initiatives aimed at SMEs and the average consumer involve being quick off the mark, e.g. in the widespread adoption of the new internet protocol, IPv6, developing a “growth package” for SMEs in collaboration with the Innovation Centre for eBusiness (IBIZ Centre), and, above all, making it clear how businesses can easily use cloud computing and other e-business solutions. Although Danes already use a number of digital options, the Ministry of Science aims to improve trust in the telecommunications sector by improving security, making it easier for consumers to compare prices and solutions, as well as improve the type and amount of information that is available.
3.1.3 Ireland

The Economist Intelligence Unit ranks Ireland 17th out of 70 in its Digital Readiness rankings for 2010.18 The OECD commented in its 2009 Country Note for Ireland that: “Ireland exhibits a similar level of e-government readiness compared to other OECD countries. While Ireland has had many successes in developing internal e-government systems, co-operation across different Public Service bodies has been more difficult. Although business uptake remains high compared to other OECD countries, fragmentation of responsibility for different elements of e-government has meant that the full potential of ICT for citizens is not being realised by public sector organisations. The integration of functions for the technical and financial framework will assist in rejuvenating egovernment.” OECD data on organisation governance models for public administration in Ireland seem to suggest that Ireland is a highly centralised country, with low levels of delegation. Although Ireland has launched some initiatives to initiate reform in its public services (e.g. through the creation of agencies) these agencies have relatively little latitude compared to central government ministries which therefore may affect their flexibility.19 The Irish Government has identified cloud computing in public services as a key driver for sustainable economic renewal.20 The national strategy of the Irish Government on cloud computing was introduced by the Ministry of Energy and Communications and the Ministry of State responsible for the Information Society in 2009. The strategy entitled "Technology Actions to Support the Smart Economy"21 identified cloud computing as one of the six pillars that would drive the country's creation of Smart Economy. Within this strategy,
18

Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902 Government at a Glance 2009 Country Note for Ireland; OECD; Paris 2009

for

2010:

19
20

Building Ireland's Smart Economy: A Framework for Sustainable Economic Renewal, (2008), http://www.taoiseach.gov.ie/attached_files/BuildingIrelandsSmartEconomy.pdf, accessed 20 August 2010 Knowledge Society Strategy: Technology Actions to Support the Smart Economy, June 2009

21

http://www.dcenr.gov.ie/NR/rdonlyres/26C23436-E6B3-4842-95B320BD2AF104D6/0/FinalVersionTechnologyActionsReportFinal210709.doc, accessed 20 August 2010

28

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

cloud computing and energy efficient data centres are key actions aimed at reducing server and energy costs and creating 10,000 high-value jobs over the following 5-10 years22. This strategy is also supported by the government's initiative to provide nationwide broadband coverage to the last 10 percent of Ireland's population occupying one third of the country by area. This initiative is under a €220m National Broadband Scheme and the complete coverage of Ireland is scheduled for September 2010. Also, one of the key initiates was undertaken by the Department of Communications, Energy and Natural Resources (DCENR), which held a "High Level Strategic Workshop on Data Centres and Cloud Computing" on 1st May 2009. The workshop identified actions and opportunities for cloud computing including23: Direct access to an international IP backbone in the southern part of Ireland to reduce latency on international IP links using the existing infrastructure • Consolidation of Government Data Centres in a greatly reduced number of technically and environmentally advanced facilities. The Irish Government believes that this action will enable significant infrastructure cost savings and over time will facilitate the migration of Government applications to the new cloud computing model • Setting up of an R&D centre using funds generated by the consolidation of government data centres and networks • Defining an appropriate set of metrics and standards (a Green Grid standard) to apply to Data Centres and associated infrastructure that promotes energy efficiency in the most holistic sense possible • Provide incentives to companies to change behaviour, adopt a green ICT policy and encourage the use of standardised energy management with Data Centres • Develop a regulatory regime to keep pace with technological developments and help provide greater legal clarity for companies seeking to avail Cloud opportunities In spite of the above initiatives, cloud computing has been a controversial issue in the public sector of Ireland, especially after the Chief State Solicitor issued an e-mail to State departments advising that "issues such as data protection, confidentiality, and security and liability are not necessary dealt with in a manner that would be necessary for public sector responsibilities".24 Moreover, a recent report25 by Irish Internet Association (IIA) revealed a very small •
22 Irish Government, Press Release: Making the smart economy real, 21 July 2009: http://www.dcenr.gov.ie/Press+Releases/2009/Making+the+smart+economy+real.htm, accessed 20 August 2010 23 Knowledge Society Strategy: Technology Actions to Support the Smart Economy, 2009: http://ec.europa.eu/information_society/eeurope/i2010/docs/high_level_group/ireland-techn_actions.pdf 24 Irish Times, March 5 2010 "Cloud computing storm", http://www.irishtimes.com/newspaper/finance/2010/0305/1224265631949.html, accessed 19 August 2010. 25

IIA Cloud Computing White Paper; Cloud Business: Assessment of the Risks versus the Benefits, 25 March 2010

29

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

number of public agencies see the benefits of cloud computing in terms of money saving and increased productivity.26 One of the first practical steps is undertaken by the Local Government Computer Services Board, which develops a cloud application for linking together all local planning approvals on a single online map.27 Other planned applications of cloud computing in Ireland's public sector include eGovernment and applications for information sharing across public service bodies that are aimed at delivering high quality services, increase productivity while reducing public spending. It is the view of the Irish Government that cloud computing offers great opportunities in the ICT sector, the Government and the wider economy.
3.1.4 Japan

According to the Economist Intelligence Unit Digital Readiness ranking Japan ranks 16 out of 70.28 The OECD characterises the Japanese e-readiness as exhibiting a “high degree of e-government readiness characterised by a highly educated population and strong investment in ICT infrastructure.” In Japan revenue and expenditures are shared between central and local government (thus local government plays a large role in the delivery of public services). In Japan there is significant reliance upon private sector involvement in the delivery of government services so formally, the civil service mostly works at the local government level. Japan assigns little flexibility in how executive and line ministries can make changes to budgeted funds each year (thus placing more emphasis on strict forward planning). There is a degree of delegation provided to line departments within the central administration.29 In Japan, the Ministry of Interior (MIC) and the Ministry of Economy, Trade and Industry (METI) have issued their respective cloud strategies in June 2010, and combined define Japan’s national cloud strategy.30 Both policy documents are informed by the findings and recommendations of respective multi-stakeholder study groups, namely MIC’s Smart Cloud Computing Group, METI’s Study Group on Cloud Computing and International Competitiveness of Japan and Information-technology Promotion Agency’s (IPA) Study Group on Social Basement for Cloud Computing, and build upon earlier work, e.g. guidelines on information security measures in ASP and SaaS

26 Silicon Republic, 2010, How Ireland can help reshape the future of cloud computing, http://www.siliconrepublic.com/strategy/item/15730-how-ireland-can-help-reshap, accessed 20 August 2010

27 28

see, http://www.microsoft.com/ireland/smarteconomy/case_studies/LGCSB/, accessed 20 August 2010

Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902
29

for

2010:

Government at a Glance 2009 Country Note for Japan; OECD; Paris 2009

30http://www.soumu.go.jp/menu_news/s-news/02ryutsu02_000034.html

http://www.soumu.go.jp/main_sosiki/kenkyu/smart_kuraudo/index.html http://www.meti.go.jp/press/20100816001/20100816001.html http://www.ipa.go.jp/about/press/20100324.html. At the time of writing, no official translation of both reports has been made public.

30

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

(MIC) and SLA guidelines for SaaS (METI) published in January 2008, and MIC’s Digital Japan Creation Project31 issued in 2009. Japan’s cloud computing strategy is ambitious and aims to stimulate the creation of new markets and to renew and increase ICT take-up. The significance of cloud services is seen in their “ability to allow the entire social system, beyond the borders of companies and industries, to pool and share an enormous amount of information and knowledge, facilitating the development of a "knowledge and information society" (MIC 2010). Cloud computing is seen as a next innovation in ICT based Society and IT industry, and structured around three basic principles for the widespread use of cloud service (MIC 2010): 1. The government should promote the use of diverse cloud services 2. The government should launch the development of cloud-related technologies in light of user needs, and promote strategic initiatives to create innovations. 3. The government should fulfil its role from three standpoints, namely (i) development of the environment for the widespread use of cloud services; (ii) public support for private-sector research and development efforts; (iii) and a procuring entity of cloud services. METI proposes a three-pronged policy to promote cloud computing that builds upon 3 pillars, namely: 1. Innovation creation: creation of new services and industries using large amount of data 2. Framework development: external storage/use of data 3. Platform development: establishment of reliable and green cloud computing platforms to support social system. These three pillars are expected to help achieve three policy goals: (1) increasing Japan’s market share by acquiring footing on the global market, (2) creating new service markets worth over 40 trillion Yen in total by 2020, (3) reducing CO2 emissions associated with information processing by about 7% from the 1990 level. Cloud computing services are expected to develop in various areas, including: eGovernment (building national and local clouds), SMEs (creating a SaaS platform and services for SMEs, J-SaaS), Energy (Energy-saving networks, Smart Power Grid), Green (Green Cloud Data centres), Education (e.g. encouraging the use of practical remote training systems that use cloud computing based on collaboration between industry, universities and government, and computerizing school administrative work by using ASP and SaaS); Health (by increasing the efficiency of healthcare services by using ASP, SaaS and ubiquitous network technologies), Intelligent Traffic Systems and other Society based Information Systems.

-

31

http://www.soumu.go.jp/main_sosiki/joho_tsusin/eng/Releases/Topics/pdf/090406_1.pdf

31

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

Also public entities have become users of commercial cloud solutions. Use cases by the Japanese government include: METI’s ‘eco-system’ application system, Japan’s Post Office Customer Relationship Management System, Kofu-City’s taxpayer refunding management system.

All three solutions are hosted on Force.com (PaaS). The investment has been motivated by cost savings and efficiencies, usability, scalability, security, productivity and integrity of its platform.
3.1.5 The United Kingdom (UK)

According to the Economist Intelligence Unit 2010 Digital Readiness ranking the UK is ranked 14th out of 70.32 The OECD Country Note for the UK for 2009 indicates that: “The United Kingdom exhibits a high-degree of e-government readiness based on a well-developed communications infrastructure, an educated populace and a well-developed system of government websites.” The UK organisational governance system is very centralised with local governments receiving grants from the central administration and the central administration being responsible for many public services (including healthcare). The UK has a high degree of flexibility in its budgeting process and a high degree of authority is given to the administration to make changes to budgeted resources halfway through the fiscal year.33 Furthermore, the administrative system of the United Kingdom is characterised by a high degree of devolution to regional administrative units. However, local governments are tightly controlled by higher order agencies and ministries. In addition, the English polity has been in the state of ‘hyper-reformism’ for more than a decade. UK governments make widespread use of independent and semi-independent agencies. Strategy formulation and implementation functions are highly separated. The Government Cloud (G-Cloud) strand of the UK’s ICT Strategy for Government is summarised as “rationalising the government ICT estate, using cloud computing to increase capability and security, reduce costs and accelerate deployment speeds”.34 The ICT Strategy for Government must also be seen in the context of the Digital Agenda paper, which called for the UK Government to take a leadership role in preparing a wide ranging digital strategy for the country. Digital Britain acknowledged that the government had an impact upon the digital economy in

32 Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902 33 34

for

2010:

Government at a Glance 2009 Country Note for UK; OECD; Paris 2009 ICT Strategy for Government

32

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

terms of its role in delivering public services and market influence as well as providing an investment framework for research and development.35 According to John Suffolk, the Government’s former CIO writing in June 200936, the G-Cloud could be based on a model of a UK onshore private Cloud, using the three models of cloud use: infrastructure as a service, middleware/platforms as a service and software as a service. The lineage of this Strategy document is clear: it continues the language of ‘service transformation’ evident in the previous Transformational Government Strategy produced in 2005. The G-Cloud is considered a key enabler of the £3.2 billion annual savings laid out in the UK Operational Efficiency Programme. The G-Cloud initiative also underpins several other strands of UK ICT strategy, including: Data Centre Strategy. Rationalising down the 500 data centres used by the government, policy forces and local authorities to 12 highly secure centres. Government Applications Store (G-AS). A marketplace for the sharing and reuse of online business applications on a pay by use basis, intended to reduce software costs across the public sector and speed up procurement. Shared Services. By 2020, the G-Cloud and G-AS will together meet the internal business needs of most public sector organisations, while many back-office business activities will have been commoditised and made accessible to all public sector organisations and employees via an online portal.

-

-

While the UK G-Cloud strategy appears to suggest implementation of a monolithic public sector cloud, adoption of cloud computing in the UK has so far been on a regional basis, by organisations including town councils and regional police constabularies. According to the former UK Government CIO writing in 200937, the G-Cloud is built upon a number of strands: • • • Standardisation and simplification of the desktop (drive to commoditisation) Standardise rationalise and simplify the number of networks used in government (achieving 30% lower price than is currently paid) Rationalisation of the data centre estate (reducing from about 130 data centres to 9-12, with the properties of scalability, security, ecologically sustainable and economical)

35 HM Government Dept for Business Innovation and Skills and Department for Culture, Media and Sport Digital Britian: The Final Report June 16 2009 http://www.culture.gov.uk/images/publications/digitalbritain-finalreport-jun09.pdf 36

John Suffolk’s blog 26/06/2009 http://johnsuffolk.typepad.com/john-suffolk---governmentcio/cloud-g-cloud/

37

John Suffolk Blog 26/06/2009 http://johnsuffolk.typepad.com/john-suffolk---governmentcio/cloud-g-cloud/

33

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

• •

Deliver against the open source, open standards and reuse strategy – more efficient acquisition of software across government rather than by separate public bodies A ‘wrapper’ strategy of green IT A second ‘wrapper’ strategy of information security and assurance in concert with the National Information Assurance Strategy published in 2007.

There are four supporting strategies which go hand in hand with this and which are of relevance wherever ICT plays a role: reliable project delivery (improving project management), shared services (sharing of infrastructure, resources, people etc – something which the cloud can advance); supplier management and finally skills for the information age. Nonetheless, there is a prevailing tone from public statements that efficiency and cost cutting is the overriding driver for interest in cloud computing. Indeed, SOCTIM, in its Policy Briefing Response to the Governments ICT strategy38 indicated that in the view of its membership, the strategy: ...fails to discuss or demonstrate the wider opportunity for reducing cost or improving the public services through the application of ICTs. SOCITM went on to say that: We are concerned that the Strategy almost single-mindedly focuses on technology and how it can be delivered at substantially reduced cost. Others have commented that the strategy needs to be tailored and made as applicable as possible to local government rather than being designed around central government and difficult to apply.39 In particular the opportunities for consolidation of technology are likely to appeal to local government, who can move and adapt more quickly to such initiatives.
3.1.6 The United States of America

The Economist Intelligence Unit ranked the United States 3rd out of 70 in 2010 in its Digital Readiness index.40 According to the Country Note on the United States from the OECD, the “...United States displays a high level of e-government readiness based on broad access to the Internet, an educated population and a large amount of information made available to the public.” The US public administration efforts at reform have been identified as a mixture with presidents publicly stating their intentions to fundamentally reform the management of federal departments and agencies but with actual achievements painting a somewhat different story. This has been noted by one author as being ‘more mouth than muscle’.41 The OECD indicates that the US public administration is decentralised with many public services delivered at

38 39

SOCITIM Policy Briefing for 2010:

Untitled. By: Thomson, Rebecca, Computer Weekly, 00104787, 2/2/2010 40 Economist Intelligence Unit Digital readiness ranking http://www.eiuresources.com/mediadir/default.asp?PR=2010062902
41

Pollitt, C. Bouckaert, G. Public Management Reform: a comparative analysis Oxford University press Oxford 2004 p 49

34

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

the local and state level.42 The role of the state and local governments is comparatively strong compared to other countries. The 1993 Government Performance and Results Act and the Office of Management and Budget (the central budget authority) tracks and monitors reported performance against the strategic plans created by agencies. The US is seen to have taken the intellectual lead in cloud computing and focused early on setting standards to foster innovation. Public sector cloud computing is seen as a key enabler to lower cost of government operations and improved performance. The US federal government spends $76 billion on IT, runs 10,679 IT systems, has 300 million customers, and employs 1.9 million employees. The President’s Financial Year 2011 Budget highlights cloud computing as a major part of the strategy to achieve efficient and effective use of this Information Technology. The Federal Chief Information Officer (CIO), Vivek Kundra directs the policy and strategic planning of federal information technology investments and is responsible for oversight of federal technology spending. The US also introduced a federal cloud Chief Technology Officer (CTO) and in 2009 laid out its long term strategy for cloud computing in its Analytical Perspectives on Cross Cutting Programmes with accompanied 2010 budget plans. The strategy is built around three key drivers: Identify opportunities through data centre consolidation Centralise certification of cloud solution Develop standards for security, interoperability and data portability

Cloud computing is firmly inter-linked to eGovernment43 initiatives at the federal level. Employed in the public sector, cloud computing is expected to reduce waste, increase data centre efficiency and utilisation rates, and thus lower operating costs of public services. It is also seen to stimulate innovation in public service production and delivery, enable an open and transparent government, and support ‘green’ policy initiatives. Examples of how federal agencies are using cloud computing technologies are not sector specific and initial activities include moving non-critical applications into the cloud, examples include: consolidation of (email) services, SaaS and PaaS solutions offering rapid access to tools and services to quickly develop, test and/or deploy software and system. Currently, the federal government, in particular General Service Administration (GSA) provides cloud solutions for public sector customers through Apps.gov. Also, cloud computing has been integrated in public procurement rules. Rules defined by the Office of Management and Budget (OMB) foresee that by September 2013, all IT investments in steady state must complete an alternative analysis that includes a cloud computing based alternative as part of their budget submission.

42 43

Government at a Glance 2009 Country Note for USA; OECD; Paris 2009

Federal eGovernment policy agenda aims to cut waste in public service delivery, improve performance and enhance service delivery, enable an open and transparent government, and ensure cybersecurity.

35

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

A key driver of Cloud Computing implementation in the US is centralising the certification process of cloud solutions. In order to yield the economic benefits of cloud computing, it is important to establish a mechanism by which Cloud Computing solutions can be adopted without having to gain certification with hundreds of agencies or departments. Without common standards of security, data portability and interoperability, cloud computing will not provide the benefits expected. In the US, the National Institute of Standards and Technology (NIST), in conjunction with other government agencies, industry and academia has been charged with ensuring that appropriate standards are in place. Furthermore, these agencies will continuously test cloud-based solutions to ensure that security requirements and standards are being upheld. Not only does central certification increase the speed of acquisition, it also reduces the cost of certification. Money which would have been spent applying for approval for the individual solution from each agency and bureau is instead spent on real time security. Given the time required to adopt formal standards, through a process of consultation, consensus building and due diligence, the Federal Government established an initiative known as the Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) – a collaboration intended to validate and communicate interim cloud computing specifications, before they become formal standards. Besides, GAO’s director for information security issues has called for government-wide guidance to assist agencies in implementing cloud computing. GAO recommends that “the Office of Management and Budget, the General Services Administration, and the Department of Commerce take steps to address cloud computing security, including completion of a strategy, consideration of security in a planned procurement of cloud computing services and issuance of guidance related to cloud computing security” (Wilshusen 2010).
3.1.7 Other countries

In this section we identify further cloud initiatives that are underway but for which there is less available information. A number of other international efforts have been identified in the literature.44 For example, according to press reports the vice-mayor of the city of Dongying in China envisions a city of digital innovation utilising an IBM developed cloud platform. In another city in China, Wuxi, it is reported that the municipal government has set up a ‘cloud services factory’ aimed at SMEs (in much the same way as J-SaaS) to improve computing resources available to local companies. This software park was built with IBM to provide on demand computing resources for firms. This means that scare financial resources can be used for other business purposes and that start ups have more opportunity to thrive thus leading to wealth creation. IBM has also been working with the government in Vietnam, where cloud computing is seen as a route to a more services-led economy.45
44 Wyld, D. C.; The Cloudy future of Government IT: Cloud Computing and the Public Sector Around the World International Journal of Web and Semantic Technology Vol 1 No. 1 January 2010 45

Ibid pp 9-10

36

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

In New Zealand the drive to achieve efficiencies across the public sector use of ICT has led them to investigate centres of expertise focused on rationalising IT acquisition and also how cloud computing and SaaS can play a more significant role. In Thailand the Government Information technology Service (GITS) is establishing a private cloud for the Thai government. This builds on the deployment of cloud based email and further planned SaaS offerings. The drivers appear to be the improvement of service offerings for government agencies whilst achieving significant cost savings on IT. Germany is also known to be working on a cloud computing initiative but as yet there is no further publicly available information. Finally, a backgrounder report by Oleg Petrov of the World Bank Government Transformation Initiative discussed public sector cloud initiatives underway around the world and identified other interesting efforts in Sweden, France and Spain.46 Spain is working on setting up internal private cloud environments and both France and Sweden are considering ICT implementations utilising some form of cloud infrastructure. The World Bank study identified that in general public sector use cases were mainly focused on cloud computing in a number of areas: management of public sector housing; transportation service networks; economic development; census; health services; contracting and education.
3.1.8 The counter-factual

During the course of our research, it was difficult to locate examples of the counterfactual (i.e. governments that had not yet set out a cloud computing strategy or that had deliberately avoided doing so for various reasons). Nonetheless, as a 2009 report by the European Network Information Security Agency suggests, data portability, interoperability and privacy and security measures currently constitute the most significant barriers to the broader adoption of cloud computing. Such concerns can be manifest e.g. in respect of the Irish example where direction was given to government departments to hold back on their implementations of cloud computing due to concern over compliance with privacy laws.

3.2

Case Study Vignettes

The purpose of these case study vignettes is to illustrate the practical instantiation of the strategies described above. Kasumigaseki Cloud – Japan The Kasumigaseki Cloud, developed by Nomura Research Institute (NRI), is a community cloud for common use by national government ministries and agencies. The approach will be to gather together individual systems onto a common platform which will then evolve into a cloud architecture. It will enable various ministries to collaborate, to integrate and to consolidate hardware and create platforms for shared functions.
46

O. Petrov Backgrounder: Financial crisis and cloud computing – Delivering more for less. Demistifying cloud computing as an enabler of government transformation World Bank Government Transformation Initiative June 16 2009 available http://www.siteresources.worldbank.org

37

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

It is expected to bring substantive cost savings by reducing development, operation and maintenance cost of IT systems, allows for a more efficient use of computer resources – on demand and needs-basis, and holds the promise to deliver faster, better and new eGovernment services, by integrating shared functions, increasing collaboration among systems and providing secure and advanced governmental services. Also, the cloud is expected to reduce workloads in the private sector and for citizens, e.g. by cross-cutting ministries it is expected to reduce paper work and duplication, and to make public personal certification systems more convenient for users and expanding their use, encouraging the use of digital devices, such as smart phones and establishing and improving support systems for online applications. Phase 1 of the Kasumigaseki Cloud project runs from 2009-2011, and aims to build up computing infrastructure that is commonly used by all ministries, yet applications remain separate. In order to increase take-up, Phase 2 (2012-2015) is expected to combine respective applications into one solution to reach full potential offered by Cloud Computing. Jichitai Cloud – Japan A similar initiative is currently underway for local governments (Jichitai Cloud) that aims at reducing administrative costs of such tasks as managing residential data, tax records and local finances, and to provide interoperability among local governments. 66 cities, towns and villages are expected to participate, and share software provided by domestic vendors using a dedicated optical fiber cable network for local governments. Trial operations will start in autumn 2010. The intention is to migrate all government agencies into a private cloud by 2015. J-SaaS - Japan In 2009, Japan’s Ministry of Economy, Trade and Industry (METI) launched J-SaaS, a consortium for Software as a Service for Small and Medium Sized Companies with approximately 20 employees. J-SaaS aims to reduce the burden of ICT system investment and operational costs by providing SMEs with cloud computing services at low prices. The platform currently offers approximately 50 SaaS applications in areas such as financial accounting, payroll calculation, and tax filing, project and security management, as well as related services offerings, including groups ware and corporate analysis tools. The Japan Research Institute of New Systems of Society initially served as leading member and operator of J-SaaS from 2008-mid 2010. In June 2010, Fujitsu assumed lead responsibility for running the website. Apps.gov – United States In 2009, the General Services Administration (GSA) launched Apps.gov designed to lower cost and push innovation into government agencies. Apps.gov serves as a one-stop shop for cloud services. Cloud-based software is housed centrally and available via various devices. It features business applications, cloud services, productivity applications and social media software. Most of the services offered fall within the Federal Information Security Management Act (FISMA) certification for “low risk” solutions. City of Washington D.C. – United States In 2008, the city of Washington D.C. introduced Google Apps in order to improve service delivery and to save money. The City has shifted its 38,000 employee mail services spread across 86 agencies to the cloud (Lynch 2009). Government employees also use a cloud approach to plot locations of construction projects and broken parking meters, among other things, on Google Maps to allow residents to be informed on street

38

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

work schedules or e.g. how many computers a neighbourhood school received in a given year (Hart 2009). Google Docs and Spreadsheets have been introduced to store work flow data on city projects and employee performance information. City of Los Angeles – United States In 2009, the city of Los Angeles decided to move email services of its 30,000 employees onto cloud file services operated by Google. In response to critics worrying about security and reliability, especially for law enforcement agencies such as the Policy Department, Google agreed to store city data on its secure “Gov Cloud” platforms that are maintained within the continental United States and operated by individuals who have passed rigorous background checks, and agreed to provide financial credits to the city if the system was down in excess of service levels agreed to in the contract. Ontario Centres of Excellence – Canada In Canada, Ontario Centres of Excellence is involved in a pilot to deliver software development tools as a service to Canadian universities known as ‘Tools as a Service’ (TaaS). The pilot project gives university students, professors and other researchers anytime, anywhere access to some of IBM’s leading cloud computing offering for productivity increases. This pilot was run under the IBM Canada Centre for Advanced Studies and the Centre of Excellence for Research in Adaptive Systems. Nebula (NASA) – United States In 2009, NASA launched its (open-source) cloud computing platform, Nebula (nebula.nasa.gov). Nebula has been developed to serve two main functions: (i) to meet the high performance computing research needs of the Agency, and (ii) to increase transparency and public involvement with space efforts, permitting data mashing by citizens to support serendipitous discoveries. According to NASA, Nebula offers a SaaS experience that can rapidly address the requirements of a large number of projects, but also, as each component of the platform is also available individuals, Nebula can also serve in PaaS and IaaS capacities. Nebula uses open-source components as major building blocks of its offering. Local Government Computer Services Board (LGCSB) – Ireland One of the first practical steps was undertaken by the Local Government Computer Services Board, which developed a cloud application for linking together all local planning approvals on a single online map.47 Other planned applications of cloud computing in Ireland's public sector include e-Government and applications for information sharing across public service bodies that are aimed at delivering high quality services, increase productivity while reducing public spending. A ‘Nordic Cloud’ – defining common demands for the region Denmark holds the presidency of the Nordic Council of Ministers in 201048 and plans to focus on strengthening the Nordic region’s capacity and profile as an area of excellence in research and education. The programme document49 for
47
48

see, http://www.microsoft.com/ireland/smarteconomy/case_studies/LGCSB/, accessed 20 August 2010

http://en.vtu.dk/press/focus/2010/denmark-leading-nordic-research-cooperation, last modified April 26 2010.

49The Nordic Council of Ministers (2009) “The Nordic Region pointing the way forward: Programme for the Danish Presidency of the Nordic Council of Ministers”, ISBN 978-92-893-1913-3, Copenhagen.

39

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

the Danish presidency, while not addressing the issue of cloud computing specifically, lays out the rationale for initiatives that span the region. The most important of these are the establishment of economies of scale, making it easier for the Nordic countries to influence EU policy and to constitute a real presence on the world stage. The plans for Nordic cooperation regarding cloud computing solutions for public authorities are based on the assumption that the Nordic region constitutes a big enough and homogeneous enough market for it to attract investment by providers of cloud services. One of the ways in which the MSTI suggests that cooperation could take place is through common certification and standards. However, the issue of safety needs to be addressed before cloud computing can be used on a large scale. Although the viability and practical details of the proposed collaboration are still being investigated, the Danish hope is that this Nordic collaboration will inspire and provide practical lessons for the development of common EU solutions for cloud computing in the public sector. At present, discussions of the way forward are taking place at agency level. Following this, the proposed project will be discussed and taken forward at the ministerial level. Initial funding for the project will be raised internally by the agencies involved. ‘Digitalisér.dk’ [Digitise.dk] – Denmark: In 2009, the Danish National IT and Telecom Agency (NITA) moved a social network, Digitalisér.dk (http://digitaliser.dk/), to the cloud. Digitalisér served as a first test pilot for the use of cloud computing solutions in NITA. It is a community managed by NITA which aims to provide public sector institutions and suppliers with information about the digitalisation of Denmark and to allow these users to exchange information about the issue. Although it at this point is mainly aimed at the public sector, anyone is free to join the network. In addition, this new type of partnership between the tech community and government is intended to allow the public sector, citizens, and businesses to become participants in knowledge sharing, rather than merely receiving information50. Although nonDanish users are free to access the network, the user interface is currently only available in Danish. ‘NemHandel’ [EasyTrade]: E-invoicing in Denmark NemHandel is a national Danish infrastructure for the exchange of business documents (e.g. invoices and orders) in the public and private sectors, as well as between sectors51. The NemHandel infrastructure has been established to meet the technological needs that arose from new legislation in 2005, which obliged all suppliers of products and services to the public sector to submit invoices electronically in a specified XML-based format. The process of mandatory e-

http://www.norden2010.dk/NR/rdonlyres/ABA94ACC-A3B9-4EFD-A3703B2C6FF963C5/0/TheNordicRegionpointingthewayforward.pdf, Available http://en.vtu.dk/press/focus/2010/denmark-leading-nordic-research-cooperation

online

at:

50 Bro Thuestad, Arvid (17 November 2009) “About Digitalisér,dk” http://digitaliser.dk/resource/432461. Accessed on 26 August 2010

Online

at:

51 The National IT and Telecom Agency, Ministry of Science, Technology and Innovation (January 2009) “Open Source Software and the Public Sector” Available online: http://en.itst.dk/itarchitecture-standards/opensource/Open%20source%20software%20and%20the%20public%20sector.pdf. Accessed on 26 August 2010.

40

RAND Europe

Chapter 3: National Strategies and Case Study Vignettes

invoicing was implemented in the public sector in 2007.52 This is part of the Danish e-government strategy, which aims to provide better quality, efficiency, and value for money in the public sector. All interested parties can connect to the NemHandel infrastructure53, using software that can be downloaded free of charge, which then allows them to communicate electronically with each other for invoicing purposes.
In the Spring of 2010, the Danish national e-invoicing solution was moved into a cloud computing environment (Amazon). NemHandel served as a leading example in Pan-European Public Procurement OnLine (PEPPOL). This is an EU funded project that aims to allow “any company (incl. SMEs) in the EU [to] communicate electronically with any EU governmental institution for all procurement processes”.54

52

Fjeldberg, Thomas; Danish Agency for Governmental Management (10 July 2006) “eInvoicing in Denmark”, Available online at eGov Monitor website, http://www.egovmonitor.com/node/6669. Accessed on 26 August 2010.
53 Lippert, Cathrine (14 October 2008) “NemHandel – Open Infrastructure for E-Business”, National IT and Telecom Agency, Available online at: epractice.eu website, http://www.epractice.eu/node/277209. Last updated on 14 October 2009. Accessed on 26 August 2010. 54

http://www.peppol.eu/About_PEPPOL

41

CHAPTER 4

Analysis

As we have seen, the overview of national strategies regarding cloud computing illustrates the breadth of strategies taken by a number of different countries based on domains of interest and also drivers for deployment. For example, some are motivated more obviously by cost reduction and fiscal constraint and attracted to cloud computing because of the economic arguments, whilst others view cloud computing as a way to stimulate the market or deliver new or innovative government services to the citizen. Some still view cloud computing as a macro-level economic opportunity and are focused on stimulating inward investment as a location or host country of cloud computing. Below we present our indicative analysis as to how each country strategy fits into the framework of three domains as outlined previously. • To deliver new government services for example, via the provision of cloud enabled healthcare or public services (e.g. citizen centric egovernment or interaction with internal revenue services, citizen registration and so on). At present the Danish and United States national strategies appear to be focused in these domains. This domain of interest reflects an outward facing set of priorities, usually aimed at citizens and businesses as ‘customers’ of government services. To make government more efficient – another domain of public sector interest in cloud computing is in respect of rationalisation of internal infrastructure and encouraging, forcing or mandating the shared use of common infrastructures and services. The UK national strategy is perhaps the pre-eminent example of this: focused very much around ‘shared services’ and attaining cost savings in respect of internal efficiencies. The major group of stakeholders to benefit directly from cloud computing initiatives undertaken in this domain are other government departments. To promote clouds as a public utility – The national strategies of Canada and Ireland are exemplars of this type of public sector interest in cloud computing. This revolves around an outward ‘market’ based focus on cloud computing as a mechanism to enable wider socioeconomic benefits. This interest also includes drivers for cloud computing covering for example the promotion of cloud computing as a means for developing countries to bridge digital divides.

Figure 3 below illustrates our analysis of where we see the focus of each country’s national cloud computing strategy.

42

RAND Europe

Chapter 4: Analysis

Figure 3. Analysis of focus of national strategies according to drivers and domains of interest (Source: RAND Europe) In respect of the impact of differing governance models there are some interesting differences. In the UK, local authorities may have more room to implement the national strategy. In Ireland, by contrast, there appears to be a focus upon the use of cloud computing as an instrument to internally make government more efficient (but also, interestingly, as an outward facing vehicle to encourage investment). Canada is also focused on similar interests in respect of the deployment of cloud computing. Japan has perhaps the most comprehensive cloud computing strategy, mainly appearing to be focused broadly across the three domains of interest being driven by objectives such as transforming government and public services and managing the market. The US also has a similarly broad public sector interest in cloud computing. Here, focus is being directed toward the development of standards and frameworks to allow a bottom up approach for implementation of Cloud Computing solutions (applicable to both the private market for cloud computing and also innovation in public sector uses of cloud computing), although authorities at state and local level are already vigorously pursuing implementations. Nonetheless, there are also exemplary instances of cloud computing deployments including those that aim to make the back office function of government more efficient (for example, the use of Google Apps in the City of Los Angeles), deliver new and innovative government services (e.g. the increasing drive to transparency with respect to government data and use of data mashing to create new applications) and market orientated initiatives (e.g. the focus by NIST on developing and designing a framework to support overcoming barriers to deployment such as security concerns).

4.1

Cloud computing: future implementation trends and issues

According to a report prepared by the World Economic Forum, in the shortmedium term (1-3 years), an increasing number of public sector organisations in EU Member States will consider or adopt cloud computing. As highlighted by Schubert et al (2010), clouds offer the opportunity to build platforms with data, software and expertise together to solve problems including those associated with economic modelling, climate change, terrorism, healthcare and epidemics, etc. Besides, cloud computing is expected to assist greatly in the e-Government agenda by providing information in one place to citizens with software to manipulate data, and carries the potential to contribute to a reduction in carbon emissions and assist in achieving European emissions targets. There is strong interest in clouds and increasing uptake at the national and firm level Cloud based economic eco-systems can have specific impacts on growth and employment; (i) outsourcing, reduced management, (ii) capability extension, (iii) experimental testing environment, (iv) low cost entry point There appears to be a demand for global cloud infrastructures (perhaps stimulated by common standards)

-

43

RAND Europe

Chapter 4: Analysis

-

Due to the prevalence of US based cloud providers the US have an advantage in selling public clouds, but not in any other respect which therefore represents an opportunity for Europe to consider and exploit the implementation of private or hybrid clouds (especially relevant in the public sector context) specifically for public sector purposes.

Our analysis has shown there are some areas that require further policy consideration: Although cloud computing may be seen as the friend or foe of security there are remaining concerns with respect to how security requirements may play out in a cloud orientated world. According to ENISA these include (i) security and the benefits of scale: security measures – implemented on a larger scale – are cheaper; (ii) security as a market differentiator (security is a priority concern for many cloud customers - decision will be taken on the basis of reputation for confidentiality, integrity and resilience; lock in and loss of governance at both the policy and organisational level, isolation failure and the continuing discussion of the applicability of different regulations concerning data protection in cloud based environments. Still, as others such as ENISA have noted, major security concerns reduce cloud uptake particularly around whether the cloud provider is able to match the expectations of the cloud user in terms of security requirements and other aspects regarding confidentiality High risk of vendor lock-in for users since the lack of standards means that there exists significant vulnerability in cloud users getting their data out as well as in and transferring ‘their’ data and services from one cloud provider to another. Finally, building trust between public and private sector is considered essential for a healthy development of cloud computing in Europe (WEF 2010)

-

-

4.2 4.2.1

Areas of future policy focus
International policy - standards

In a world of global data flows, transatlantic cooperation on standards and regulation is seen to be a key enabler. Stakeholders from industry, academia and governments agree that there is a need for harmonised and global approaches to facilitate cloud operation by international businesses (Spyridaki 2010, Yokozawa 2010, Barcelo 2010, ...) – yet there is less agreement and understanding of solutions and approaches, and ideas differ per stakeholder group and often per country. There is a common belief that it is too early to design specific policies, avoid premature or disproportionate legislation, but to create a climate and develop innovative policies that encourage technology innovation.
4.2.2 International policy – data protection

The office of the European Data Protection Supervisor (Barcelo 2010) sees the following EU agenda to provide solutions and to offer venues to solve challenges and gaps.

44

RAND Europe

Chapter 4: Analysis

-

Technology solutions: Privacy by Design principle should be applied to take into account data protection when designing cloud computing services Offer interpretation and guidance (court and Article 29 Working Party) Current review process of the existing Data Protection Directive. Work will particularly focus on: (1) criteria for applicable law (targeting), (2) new principles: privacy by design, accountability, (3) data controller/processor: hybrids, new category necessary? Responsibilities should be attached to each category (security obligations),(4) updated rules on international data transfers.

-

45

CHAPTER 5

Conclusions

In this final Chapter we present our overarching conclusions from this analysis, indicating that cloud computing may represent an opportunity for the ‘unbundling’ of government services. Furthermore, we also suggest that given the relevance of other factors to the deployment of cloud computing in the public sector (e.g. broadband take up and aspects of organisational dynamics) a more appropriate way to think of the use of cloud computing in the public sector is not by identifying cloud computing as a discrete technological advance, but rather to adopt a ‘cloud’ mindset -perhaps best articulated by the US federal government’s ‘Cloud First’ mantra: that is to say, to regard cloud computing as a model for designing and planning public administrations rather than a more simplest adoption of the technological building blocks of the cloud.

5.1

Can Cloud Computing lead to the unbundling of government?

Although cloud computing may be regarded not necessarily as a discrete technological development but rather a way of thinking about designing and maintaining technology enabled solutions for various problems, it holds great potential. Particularly, with respect to the public sector, there may be a possibility to unbundle public sector services, using cloud computing as a common shared approach. Unbundling reflects the digitisation and repackaging of services formerly existing as in house business functions. Enabled by digital technology activities can be separated from surrounding processes and tasks with increasingly fine levels of granularity. This in turn leads to the opportunity of offering tasks as services, leading to functions such as accounting, payroll and supply chain management being able to be bought and sold in a market based system. In this way, it might be possible to see governments, as has happened with firms in the service based economy, becoming an agglomeration of services offered by others linked by ICT systems.55 In most understanding of the value derived from the unbundling of services, the re-composition is key – how the building blocks or elements are re-constituted into products and services, “...both in constituent modules/bundles and in final offerings...”.56 Structurally, such
55

The Digital Transformation of Services: From Economic Sinkhole to Productivity Driver http://brie.berkeley.edu/publications/wp187.pdf ibid

56

46

RAND Europe

Chapter 5: Conclusions

unbundling has been the case for some time, with an initiative well known in transformative government to create more or less autonomous agencies to supply services or executive functions. An example here is a centralised office to co-ordinate procurement across a number of other departments. Other more recent models have been along the lines of ‘shared services’. This unbundling might lead to greater standardisation and reductions in distortions due to excessive power. Whilst in the private sector this is addressed through regulatory intervention aimed at limiting the power of natural monopolists (e.g. in respect of the telecom world) in the public sector departmental regulations or agreements (internal contracts) might be a suitable initial start. Nonetheless, this re-use of commercial software, processes etc constitutes an unbundling of supply (as in the local loop unbundling case where telecom operators have to allow access to competitors to the supply side) with the aim of driving efficiency and may also facilitate unbundling of demand, where citizens or service users might only use part of what they used to get in a bundle or mix or match different bits from different suppliers. This would in turn create an interesting dynamic within government service provision with respect to choice. For example such experiments with regard to giving patients choice over the selection and provision of healthcare services have been played out recently. Cloud computing might help in overcoming artificial barriers to re-use of ICT services between departments that might otherwise constitute significant obstacles to achieving efficiency gains. For example, it is easy to see that an ICT solution developed for an Interior Ministry with attendance levels of security or resilience to deal with criminal records data might represent a sub-optimal choice for a Fisheries or Agriculture Ministry. Indeed, this may come to a point where unbundled services might be offered to the public or private industry – for example, the provision of a gold standard of governmental backed authentication from a national population register might be one such service that industry (and perhaps even ultimately individuals might find useful). Nonetheless, it may become attractive for public sector organisations to investigate models of collaborative production where some recouping of part of the costs of the acquisition of advanced facilities, services or applications, as well as opportunities to share in the risks and their management not to mention the widening of opportunities for innovation is possible.

47

REFERENCES

49

RAND Europe

Reference List

Reference List

Barcelo R. (2010). Cloud Computing: Privacy risks and EU Policy Considerations, European Data Protection Supervisor, presented at The Future of Cloud Computing, Brussels, 26th January 2010. Etro F. (2009). “The Economic Impact of Cloud Computing on Business Creation, Employment and Output in Europe”, Review of Business and Economics, June 2009, vol. 54, 2, pp. 179-208. Howlett, M.(2004) Administrative Styles and Regulatory Reform: Institutional Arrangements and Their Effects on Administrative Behaviour International Public Management Journal 7(3) pp 317-333 Hart K (2009). “Google Goes to Washington, Hearing up to put its Stamp on Government”, Washington Post, September 29, 2008. Kundra (2009). “Cloud Computing – What is its potential value for your company?” February 2009, http://www.cio.com/documents/whitepapers/WP3ComPotentialValue.pdf (Kundra was CIO for the District of Columbia at the time of the interview) Lynch, C. G., (2009). “Washington, D.C. Uses Google Apps to Cut Government Waste“, Bloomberg New, March 10, 2009. Schubert L, Jeffrey K, Neidecker-Lutz B (2010). The Future of Cloud Computing. Opportunities for European Cloud Computing Beyond 2010, Expert Group Report. Public Version 1.0, European Commission. Spyridaki K. (2010). International developments and policy issues: a US industry perspective, AMCHAM, presented at The Future of Cloud Computing, Brussels, 26th January 2010. Yokozawa, M. (2010). Discussions and Applications of Cloud Computing in Japan, Nomura Research institute, presented at The Future of Cloud Computing, Brussels, 26th January 2010. West Darell M. (2010). Saving Money through Cloud Computing, Governance Stuies, The Brookings Institution. Wilshusen, Gregory C. (2010). “Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing.” Testimony Before the Committee on Oversight and Government Reform and its Subcommittee on Government Management, Organization, and Procurement, House of Representatives, GAO-1-855T. U.S. Government Accountability Office. July 1. http://www.gao.gov/new.items/d10855t.pdf [relates to report, Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Architectures] World Economic Forum, WEF (2010). Exploring the Future of Cloud Computing: Riding the next wave of technology-driven transformation, World Economic Forum in partnership with Accenture.

50

Sign up to vote on this title
UsefulNot useful