Thoughts on British ICT, energy & environment, cloud computing and security from Memset's MD
I’m seeing Liam Maxwell tomorrow afternoon for a long-overdue catch up. As well as some usual updates and so forth I have a handful of generally-relevant topics I want to raise with him. I wish to give the SME community a last-minute chance to say if I have missed off anything important.
Remember that the topics need to fit into the overarching objective of getting more SMEs into government ICT in order to save the tax payer £billions and improve the quality of public sector services.
Even if I have not explicitly mentioned it below for a particular item, in all cases I’ll be bringing a suggestion of how to fix the problem (ie. not just a list of impractical moans). Anything you may want to add should have a “How to fix it” element. If you do feel we’ve missed something important, please let us know with a comment on this page.
I think we’re the first grassroots SME to go through the whole (ie. data centre up) IL3 accreditation process. We have already had an opportunity to feed back to CESG (they came to us which was nice), but there are some high-level challenges I want to raise that the whole of the 10% group is feeling, eg:
As with IL3, we think we’re possibly the first-ever direct PSN IL3 SME customer (as in, we’re getting it direct from BT over freshly laid fibre into a brand-new IL4-capable data centre). PSN is the foundation stone on which the IL3 G-Cloud is being built and as such it is very important that it be easy for the IL3 G-Cloud community to use.
I think Liam is aware PSN needs fixing since it is coming in house (into GDS), but it is still worth raising how it could be improved.
While in principal simplifying the old Impact Levels scheme is a sound objective, we are very concerned that the baby may get thrown out with the bathwater.
A published, clearly defined, standardised approach to information security with centralised accreditation (ie. PGA) is absolutely essential for G-Cloud’s success. CESG and industry have moved heaven and earth in the last few years to get to a point where we do have a well-defined approach for IL2 and IL3 accreditations. It is not perfect, but it is a good place to go forwards from.
We should not waste that effort nor slip back to the bad old days where it was every supplier service was being re-accredited with each department that used it.
Some of our government customers (I won’t name names 😉 are very bad at paying their bills on time, in contravention of CO guidelines. We are not alone in this by any means and it hurts SMEs especially.
Here I’m basically going to ask Liam’s permission to treat those departments as I do my other customers: if the invoice falls past due, the service gets placed on hold. My hope is that this will embolden our SME brethren to follow suit.
PS. I appreciate it is short notice, but my occasional meetings with Liam tend to coalesce at the last minute.