G-Cloud is key to the goal of channeling 25% of central government spending through small and medium-sized enterprises (SMEs) by 2015, says Mark Smitham, principal cyber security advisor for the G-Cloud programme.
“At present, only 16% of central government spending is with SMEs, and we believe G-Cloud can help drive that further,” he told the G-Cloud in Practice conference in London.
G-Cloud is aimed at making it easier for companies to get on board and tell government what they offer, said Smitham.
“There is no pre-qualification; G-Cloud is open to all qualifying companies and gets rid of all the barriers in traditional government procurement frameworks,” he said. These include lengthy tender periods.
In an update on the G-Cloud programme, Smitham said around 7,000 services are now available on the G-Cloud Store from more than 800 suppliers – 80% of which are SMEs.
“SME volume of orders is currently at 64% and SME sales spend is around 62%,” he said.
Overall, only £25m of the central government’s £44.5bn annual budget is going to cloud services.
Although the whole budget is not going to IT, the cloud spend is still relatively small, with the biggest challenge being to get the larger government departments on board, said Smitham.
“The good news is that of those projects being done through G-Cloud are typically delivering 60%-90% cost savings on previous government contracts,” he said.
So far, the biggest government spend is with the Ministry of Justice (MoJ) and the Ministry of Defence (MoD).
"They are are consuming G-Cloud services and we are seeing greater uptake of cloud services across central government departments," said Smitham.
This is indicative of the fact that both are happy that all suppliers on the G-Cloud store have met all the security requirements.
More on G-Cloud
“Suppliers need to take information security seriously,” said Smitham. Although rigorous, the pan-government accreditation service for G-Cloud has distinct benefits for suppliers, he added.
The accreditation is a nine-step process and can take up to 18 months to provide all the required assurances, but once accreditation is done, it does not have to be repeated for each customer.
However, accreditation is not permanent. Re-accreditation is necessary for G-Cloud services after 12 months, or if there is a material change to the service.
“Because it is pan-government, the accreditation opens up 30,000 potential buyers of services across government, including those in British Overseas Territories, without having to do information assurance for each one,” said Smitham.
One guaranteed way of cutting down the time it takes to achieve this pan-government accreditation is through achieving ISO27001 certification.
ISO27001, for example, covers key things such as how suppliers control and monitor access to their services and systems.
Suppliers that come in with the right combination of international security certifications could cut down the G-Cloud accreditation process to as little as two weeks, said Smitham.
In closing, he advised suppliers to engage with others who are already taking part in the G-Cloud programme and learn from their mistakes.
Image credit: David McCardle