ntouk.com - Jerry Fishenden's Technology Policy blog

Following on from some of my recent postings about the benefits of virtualisation, cloud computing and new approaches to technical architectures, here are a couple of additional nuggets

Virtualisation case studies from Slough Council and Perth & Kinross, illustrating how virtualisation can lead to reduced costs, improved services agility, and improved disaster readiness.

And for those of you still wondering what it's all about, here's an article and video clip in plain English (well, plain American English that is) on cloud computing.

Technorati tags virtualisation cloud computing technology policy software+services software as a service governance SME government Azure procurement

Small and medium enterprises (SMEs) in the UK often get a raw deal when it comes to opportunities to engage with major IT projects, in the private and public sectors alike. This is a waste of potential when small firms employ more than 58 per cent of the private sector workforce and some 13.5 million people work in small firms.

But how can many of these SMEs compete effectively with the big systems integrators when organisations demand large, monolithic systems and multi-year projects with a reliance on large data centres and streamlined, contractually loaded, lines of accountability?

Despite a commitment in many areas to open up procurement to the UK's SME community (given that 64 per cent of commercial innovations come from small firms), the reality is very different. Indeed, as Kable has pointed out, in the public sector alone the top 20 IT suppliers make up 70% of the total market, between them accounting for 12bn in revenue. Indeed, in common with many organisations, government is currently trying to streamline its relationships with suppliers, which is only exacerbating the existing situation and making it harder for the UK's SME community to contribute effectively.

But why might a large company such as Microsoft care about SMEs, you may ask? The reality of the Microsoft business model is that it has always worked through partners. In the UK alone, there are around 30,000 or so Microsoft partners, the vast majority SMEs. We are as frustrated as anyone that these often innovative UK companies find it so difficult to compete on a level playing field. And, worse, the UK is losing out by denying these companies the ability to perform to their full potential.

Despite a lot of talk about new models of governance, architecture and procurement, without a clear commitment and delivery plan they are just so much noise. What we need now is both agreement on the models we are trying to progress towards and the levers that will deliver them. More than five years ago I submitted to one of the largest government departments both a vision of how to use new architectural models (based on service oriented architecture) that would break the monoliths into granular, discrete components, and the means whereby a transition from their current IT estate to the new model could be made. It is not a failure of vision or technology that prevents reformation of the UK's out-dated processes and infrastructure.

I believe the concept of cloud computing and software plus services now presents another, equally important opportunity to change the prevailing model in favour of SMEs. These new cloud services, such as Azure, provide Internet-scale services hosted in highly scalable third-party data centres. The SME community can exploit such services to provide new applications to run from the cloud or enhance existing applications with cloud-based capabilities. The open architecture of these services gives developers the choice to build Web applications, applications running on connected devices, PCs, servers, or hybrid solutions offering the best of online and on-premises. No longer is access to Internet-scale data centre resources confined to the usual big IT players. This is a real opportunity for SMEs to seize. But it requires the demand-side (such as the big private sector players and government) to ensure it addresses current short-comings in the existing governance, architecture and procurement models.

So what might be different this time around that could make real change happen when previously it has failed? Well, possibly in good economic times people can afford to be lazy and not make the decisions they need to. Change is always perceived as a risk and too many organisational cultures are risk averse, to their own detriment and those of the wider UK. But in an economic downturn, wasteful ways of working, inefficient services and poorly designed IT is a luxury no-one can afford. The current economic situation could provide the catalyst for real change that was apparently missing some 5 years ago.

I believe that there now exists a real opportunity to realise the full potential of the UK's SME community and hence enable UK plc to regenerate itself in a new, user-centric way, both improving the quality of services and reducing operational inefficiencies.

Once again the real test will be not whether the industry has a vision relevant to the people, businesses and communities of this country, but whether the right levers and leaders are in place to drive through the changes the UK requires.

Let's just hope that this is one New Year's resolution that the right influencers can both commit to - and deliver.

Technorati tags privacy cloud computing technology policy software+services governance security SME Azure procurement

2008 has been the year where the phrase "cloud computing" has become somewhat threadbare through over-use. (In case you've been on a remote desert island for the last year, the idea of cloud computing is that your computer resources are delivered from "out there" in the digital ether, accessed over the Internet. For some people, the Internet is the cloud).

The idea itself is nothing new, with services such as Hotmail having been in existence since 1996, providing email services "out there" in the cloud which we can use from anywhere in the world (well, okay, with one or two regimes excepted). What is new is the growing sophistication and diversity of systems now being offered in the cloud, ranging from simple data storage such as Skydrive through to systems such as Microsoft Healthvault and Google Health, which let users store aspects of their personal medical records in the cloud, choosing whom to share them with.

The real significance from my perspective is that recent developments offer the opportunity for a major shift in the way we think about the governance, architecture and procurement of the computer services that we need (both as individuals and as organisations). And it's not the cloud in isolation, it's the balance of running software where it makes most sense. Sometimes that will be locally on our laptops, mobile phones or video gaming consoles. And sometimes it will be services delivered to us directly from the cloud. And sometimes it will be a mix, as when I use Word locally on my laptop but work on shared documents in the cloud using free services such as Office Live.

The inestimable Wikipedia puts its finger on the cloud computing pulse when it comments:

"As customers generally do not own the infrastructure, they merely access or rent, they can forego capital expenditure and consume resources as a service, paying instead for what they use. Many cloud computing offerings have adopted the utility computing model, which is analogous to how traditional utilities like electricity are consumed, while others are billed on a subscription basis. By sharing "perishable and intangible" computing power among multiple tenants, utilization rates can be improved, as servers are not left idle, which can reduce costs significantly while increasing the speed of application development. A side effect of this approach is that "computer capacity rises dramatically" as customers do not have to engineer for peak loads. Adoption has been enabled by "increased high-speed bandwidth" which makes it possible to receive the same response times from centralized infrastructure at other sites."

This moment in the economic cycle seems a particularly opportune time to consider any new governance model that lets organisations forego capital expenditure and merely pay for what they use. It also presents an opportunity to pro-actively reduce their existing IT cost base by assimilating these new service models. In the past, organisations all assumed that they themselves needed to procure and architect the systems they required. So time after time organisations have purchased systems, built data centres and generally taken on board all the associated complex operational and infrastructure costs associated with running an in-house IT services organisation. One analogy I've heard is that this is a bit like organisations assuming they each need to build and operate their own power plants in order to have electricity.

In the UK we've had IT outsourcing for many years, which strikes me as being a bit of a half-way house where an organisation doesn't directly run its IT services itself, but finds a third party to do so. In practice, the model has not been as radical as it could have been since risk and cost factors have rarely been outsourced successfully alongside the IT itself. Cloud computing offers a more radical and disruptive alternative, where organisations can enter into a far more cost-effective and service-focused model, provided they understand the need for strong governance models (in which I also include risk and compliance).

Of course, this is not to say that some organisations may well need to keep their own computing under their own direct control. This is why governance, as much as architectural and procurement models, is such a key element. Some aspects of the UK's critical national information infrastructure for example may not be best suited to standard commercial cloud computing models. But for mainstream services, there's genuine merit in adopting this new mix of local and cloud computing- what my colleague Ray Ozzie has called "software + services" (actually of course it's all software, the choice being the mix of what is delivered locally and what is delivered from the cloud).

So, if you thought the threadbare pullover of "cloud computing" was going to fade as we head towards 2009, I'm sorry to disappoint you. I think it's going to move centre-stage, through a combination of economic circumstances and the fact it does present a revolution in the way we think about architecting and procuring systems, albeit one based on an evolution that has been ongoing since at least 1996. And in 2009 and 2010 we'll begin to see new cloud systems come online that live up to the rhetoric of 2008.

If you want a specific example, think no further than a major area such as healthcare. The prevailing model has been for an organisation such as the NHS to architect and procure everything it needs for IT services itself. But with cloud providers such as Google and Microsoft (and others) entering the market, there's a major opportunity here for a shift in thinking, with all the consequential benefits not only in the way that costs and efficiency will be impacted, but also because of the way it will strengthen the user-centric model, letting users choose and even move IT provider rather than being presented with a "choice" of precisely one.

In the meantime, let me wrap-up for now with best wishes to everyone for a peaceful and enjoyable Christmas and New Year.

Technorati tags privacy cloud computing technology policy software+services governance security procurement

Good coverage in the New York Times in response to the announcement that Microsoft is proposing to reduce the amount of time it keeps users' information as part of the provision of online search services. Significantly in making its announcement Microsoft commented:

Microsoft supports the Article 29 Working Partys call for a common standard across the industry for search anonymization, which includes a strong method of anonymizing search data to truly protect peoples privacy.

This has never just been about retention, but also about ensuring high levels of privacy in the first place. The announcement then goes on to say:

Microsoft believes that a thorough method is even more beneficial for privacy than the timeframe when anonymizing search data and has developed a strong method for search anonymization. However, both an effective anonymization method and timeframe are needed to protect peoples privacy.

Microsofts anonymization method involves irreversibly removing the entire IP address and all other cross-session identifiers, such as persistent cookie IDs. This makes it virtually impossible to connect search terms back to an individual user after they have been anonymized.

One key figure here is also the proposal to reduce the retention period to a maximum of 6 months (Live Search currently retains search data for 18 months, Yahoo for 13 months and Google for 9 months).

You can read the official announcement here.

All of this is a step in the right direction. Anything that helps protect our privacy online has to be welcomed.

Technorati tags privacy data retention technology policy Article 29 search security advertising

It's a long time since I first spoke and wrote about VRM (Vendor Relationship Management), particularly the idea that it could be a key way of delivering truly citizen-centric public services. Enabling people to take control of their own data is critical if we aren't to see a complete meltdown in the way our personal information is acquired and used. VRM of course aims to make such user control not only possible, but the prevailing model.

The underlying problem (as exhibited in many Customer Relationship Management, or CRM, systems) is that the current model is flawed. It is not organisations that should be progressively acquiring and storing large amounts of our personal data: as Sir James Crosby commented, "it's our data nobody else's". So whatever happened to the idea of data minimisation and minimal retention periods? Until technology systems reflect the reality of user control over their own data I see little prospect of improving the situation. The current model needs inverting, placing the user at the centre of design, not the provider.

Judging by the number of other people now picking up on the idea of VRM, clearly the concept is finally becoming more mainstream. It's a useful illumination of the timelag between niche innovation and general acceptance. But few people seem to be addressing the practicality of how we enable a transition from the current governance, architecture and procurement (GAP) models to one that would facilitate truly citizen-centric thinking. Without addressing this practical problem, VRM will remain a nice idea on the sidelines.

So I've been trying to address some of these issues in my various eclectic discussions and outreach. One strand of this outreach has been about how we can make improvements to the way that technologists engage with policymakers, so that public policymaking can be genuinely informed about the options now available and emergent (rather than the centre basing its thinking on a world that has already started to pass). And another is how we can actively enable an effective, sustainable marketplace in VRM (and cloud-service providers in general) that can facilitate the transition to the new model and away from the current broken one. After all, nice ideas without a practical delivery mechanism are of little use to anyone. Technology, technology policy and strategy all need to be backed-up by viable implementation plans.

Recently we've seen the likes of Microsoft Healthvault and Google Health emerging, which provide user control over personal data access in a particular area of our lives. Mydex is another more recent UK-originated example, which enables individuals to choose what information to share, and which organisations to share it with. Mydex I find interesting as it aims not only to tackle the problem in an open, inclusive way, but is also a Community Interest Company (CIC), supported by the Young Foundation. As it states on its site:

Mydex provides tools, technology and services to help you manage your personal data better, and share it with organisations in ways you feel comfortable with. Mydex's tools let you choose which organisations you give information to, and what you share: as little or as much as you want.

Of course, some personal data such as your name and address are more or less in the public domain, on the electoral roll which anybody can inspect. And you reveal more data when you transact or buy something. Mydex's real value lies in the data that only you know and can choose to share: your real preferences and intentions.

Mydex is also taking the lessons of the likes of InfoCards and Stefan Brands' work on minimal disclosure tokens. In doing so, it provides a practical illustration of how to begin the transition that many of us have been working towards for years, and in a best practice way.

Which is why I'll be keeping a very close eye on Mydex and similar developments. The technology is here but what we currently lack is the recognition that we now need to start changing the wider governance, architecture and procurement models so that we can take advantage of a much better designed technological approach to a problem that touches us all. An approach that helps deliver the much-spoken about citizen-centric model in a meaningful way, rather than leaving it just as a tagline.

Technorati tags VRM innovation technology policy Mydex Healthvault cloud computing software + services