It’s finally time for governments to get all cloudy eyed.

cloudI’ve just finished a piece for a client charting the progress of cloud computing projects in the public sector around the world and I’ve got to say, it makes pretty miserable reading for the UK.

Despite the launch, to great fanfare, of the G-Cloud project a couple of years ago, awareness among public servants seems pretty low still and sales not exactly setting the world alight – G-Cloud vendors brought in £217m in July, rising to just under £250m the month after.

That said, we’re a small country, and things are looking up. The technology is mature enough and use cases are starting to spring up all over the place, which will speed adoption. However, long term outsourcing contracts are still impeding the development of cloud projects, according to Nigel Beighton, international VP of technology at Rackspace – a G-Cloud vendor.

“The public sector’s move to the cloud is still in its infancy, and I applaud what Liam Maxwell and the whole G-Cloud team are trying to do. But it will take time,” he told me via email.

“Over the past few years the cloud has matured and grown, and is now able to do just about everything you need it to do. For public sector agencies that are yet to make the move to the cloud, one of the main benefits is that it offers great flexibility and that they won’t be locked into one provider. There are also many parts of the sector that are hit with large peaks in their service at certain times of the year, and they could really benefit from a pay as you go, or utility, cloud-model.”

Over in China there is no such reticence, mainly because many public sector bodies have no existing legacy contracts/infrastructure to encumber them. I remember EMC’s Greater China boss saying as much a couple of years ago in Hong Kong and it’s still true, according to Frost & Sullivan’s Danni Xu.

She said the central government threw RMB 1.5bn (£150m) at public sector cloud development in the five major Chinese cities in 2011. Then local governments – many with more money than some countries – followed suit: witness Guangzhou Sky Cloud Project, Chongqing Cloud Project, Harbin Cloud Valley Project and Xian Twin Cloud Strategic Cloud Town Project. An ecosystem similar to that which has grown up in the UK, US and elsewhere, has developed around this new investment, she told me.

“The formation of a more complete cloud ecosystem has benefited local enterprises and local government in many ways. With plenty of cloud offerings available in the market, the public sector itself has also emerged as an important spender for cloud services, among the various vertical sectors,” Xu said.

“For instance, the Ningxia municipal government works with AWS on building a large-scale data center in the region. Meanwhile, it will also leverage Amazon’s platform to deliver e-government services in the future.”

Forrester analyst Charlie Dai counselled that most public sector projects in China are still private cloud based, at least when it comes to SoEs.

“The government is also trying to strengthen the control and regulate the market,” he added.

“The China Academy of Telecommunications Research of the Ministry of Industry and Information Technology (MIIT) launched official authorisation on trusted cloud services (TRUCS) for public cloud early this year.”

Quelle Surprise.

What is obvious, in China as in the UK and elsewhere, however, is that we’re only at the beginning of a very long journey. Whether it takes 10 or 50 years, the cloud is ultimately where governments around the world will look to in order to work more productively and deliver public services more efficiently.


Is NATO about to make cyber war a reality?

nato meetingThis week I’ve been looking at the news that NATO’s set to ratify a new cyber policy which first made public back in June. So far, so boring you might think.

Well, actually this one is pretty significant in that it seeks to extend Article 5 – the collective defence clause that if someone strikes at one NATO member they strike at them all – to the cyber world.

In doing so NATO is going further than individual governments in trying to establish international principles that a cyber attack can be considered the same as a traditional military strike.

However, the chances of the alliance actually invoking Article 5 are pretty slim – as KPMG cyber security partner Stephen Bonner told me it has only happened once before, after 9/11.

“The reality is that few cyber attacks are likely to be of sufficient scale and impact to justify invoking Article 5 – and they would not happen in isolation from a broader deterioration in international security. In other words, if there was a state attack then it would have a broader context,” he added.

“This announcement is primarily a rhetorical point which is possibly aimed at having a deterrent effect.”

That said, I think it’s still an important step.

Some might argue that the lack of clarity around what would be considered an act of cyber war kind of diminishes its value, but as McAfee director of cybersecurity, Jarno Limnéll, told me, this is the right thing to do tactically.

“I think this is wise policy, spelling out a clear threshold would encourage adversaries to calibrate their attacks to inflict just enough damage to avoid retaliation,” he argued.

Elsewhere, consultancy BAE Systems Applied Intelligence also welcomed the news.

“Cyber criminals do not respect national boundaries so protecting national interests will require increasing international cooperation,” a spokesperson told me by email.

“It is therefore encouraging to see the increasing priority which cyber is being given in NATO’s agenda. This complements multiple other initiatives nationally and internationally to address a growing security risk and help secure the systems we are increasingly reliant on.”

The new policy will not just concentrate on collective defence clause, of course, and BAE also welcomed the increasing focus on intelligence sharing between member countries and with the private sector.

Whatever the efficacy of NATO’s move, it once again underscores the increasing importance being attached to cyber channels by politicians and military leaders.

As Limnéll said, these are necessary steps given the relative immaturity of the industry.

“We have to remember that we are just living the dawn of the cyber warfare era and the ‘cyber warfare playbook’ is pretty empty,” he told me.

“Most of the destructive cyber tools being developed haven’t been actively deployed. Capabilities to do real damage via cyber attacks are a reality but fortunately there has not been the will to use these yet. However, that is one option, as a continuation of politics, for countries nowadays.”