When the levee breaks

contribution by Wren Mott  |  Managing Director @ CloudLasso

A week or so ago Microsoft announced the availability of two new Azure locations – Cardiff and London - marking the addition of the UK West and UK South regions to their growing global footprint.  Naming conventions aside it is critical to note that these regions lie specifically within the borders of Great Britain.  Microsoft has unwittingly perhaps offered and delivered a Brexit strategy of its own; the timing of which, given the current political climate, could not have been more perfect.  

Coincidentally five years ago the UK government recognised the future impact of the cloud with its investment in the so-called G-Cloud. G-Cloud is not ‘cloud,’ or infrastructure at all, but rather a framework of agreements designed to pave the way for cloud adoption within the public sector and to simplify procurement.  Consumed by Government Digital Services (GDS), and falling under the purview of the COO of the Home Office in 2013, ‘G-Cloud’ represented and represents a ‘cloud first’ mandate from one of the highest offices in the land.

The only problem was that at the time no one offered a public cloud solution certified as suitable for the Home Office so they set about here and there doing what they could with private clouds and on-premises infrastructure, both of which are expensive, not conducive to a modern way of working, and laden with red tape.  Last week this changed.  The final barrier for the UK public sector’s push into the cloud has fallen.  
Over in the US Microsoft has been announcing compliance measures for bodies such as the Criminal Justice Information Services (CJIS), Defence Information Systems Agency (DISA), United States Federal Risk and Authorization Management Program (FedRAMP), and International Traffic in Arms Regulations (ITAR) workloads, so you can imagine what conversations are being held behind closed doors here in the UK to offer similar assurances.

For those who are a bit nomadic and operate in a consulting or contract capacity, or who work in the recruiting or human resources arena, you will be well aware that the supply for cloud resources, from admins to architects to developers and, yes, DevOps personnel, already exceeds demand.  When theses government digital transformation projects start gathering steam there won’t be a shortage, there will be a drought.  

Cleverly, some have seemed to recognise the impending situation.  Microsoft UK itself set out to hire seventy cloud solutions architects earlier this year.  A well-known recruiting agency recently announced that it was willing to pay for Azure training in the hope of growing its stable of ‘certified’ consultants.  And whilst I am an avid proponent of knowledge sharing and expanding our community I, too, understand that passing a few exams doesn’t really prepare you for the real world and the discussions and considerations you will face.  That only comes from experience.  Would you put someone behind the wheel of a car who had only passed their theory test?

The good news is that the community is going to need both those who have cloud, transformation, and business experience as well as those who are beginning an exciting new career.  So if you’re reading this wondering whether or not you should start looking at augmenting your skillset with cloud related technologies, the answer is a definitive ‘yes.’  The UK Government needs you!

The Home Office some time ago stated that they were culling all contractors and consultants.  I think they’ll find that they will have to reverse policy or at the very least make some changes to the way clearance is granted.  Right now there are three overarching levels of clearance:

•    Counter Terrorist Check (CTC): is carried out if an individual is working in proximity to public figures, or requires unescorted access to certain military, civil, industrial or commercial establishments assessed to be at particular risk from terrorist attack.
•    Security Check (SC): determines that a person’s character and personal circumstances are such that they can be trusted to work in a position which may involve access to ’Secret’ information.
•    Developed Vetting: (DV) in addition to SC, this detailed check is appropriate when an individual has long term, frequent and uncontrolled access to ‘Top Secret’ information. There is also Enhanced DV.

Obtaining security clearance in any form has always been a bit of a chicken and egg, or Catch-22, situation.  One cannot obtain clearance without a sponsor, however most organisations in today’s climate want someone who is already cleared.  Evidently this has to do with the cost of putting one through the process or that the organisation itself is not ‘cleared’ to sponsor someone for clearance.  To make things even more difficult if you leave a position that required clearance and spend a year or more on another project that doesn’t require clearance then your clearance ‘lapses’ and you have to go through the whole process again.  If you are a contractor how many conversations have you had that start with ‘Are you SC cleared?’  Personally, I’ve had to turn away from dozens of opportunities over the years even though I was SC cleared a few years back (it has since lapsed).

But let’s quickly turn the lens on the private sector for a moment and consider what the availability of the UK public cloud means to the incoming CIO of almost any UK owned business, whether it be within the banking, law, marketing, manufacturing, SMB, or any other sector.  The government currently in power has stated that ‘Brexit means Brexit,’ which implies that Britain will break away from the European Union.  If I were in the CIOs’ shoes and charged with going ‘cloud first’ or with executing a transformational cloud journey – a palatable term for migration and short term pain – and I had the option to host my primary workloads, services, and sensitive data in-country wouldn’t I choose to do so?  And if I already had assets running in Azure in other locations like Dublin and Amsterdam would I consider migrating them back to native soil?  Probably.  If the government doesn’t know what will happen post Brexit why take the risk of Eurocentric regulations and laws around data integrity becoming obsolete?

The announcement of Azure landing in Britain will spawn a wave of cloud based work though both the public and private sectors.  In the public sector there will be a severe resource strain made even more pronounced by the complications of security clearance coupled with the fact that government projects will require clearance of some level or another.
And, finally if you have any interest in the cloud whatsoever whether it be as an engineer, developer, strategist, architect, or other discipline, dive right in… the water is warm.

Chris Parsons