Public cloud for the public sector – How is this possible?

Why is the public cloud interesting for the public sector?

In the public cloud of large hyperscalers such as Microsoft, AWS or Google, many services are available that could also be relevant for the federal, state and local governments in the long term. A simple example is Office products such as e-mail/Outlook or more complex products such as AI services.

Such products were first built for the US sector and commercial enterprises. They do not cover the specific requirements of the public sector in Germany, such as data protection requirements or security mechanisms for the use and operation of a cloud. Test projects are therefore necessary for possible use. The basic idea of initially testing these services in a centralized operating approach can also mean that the cloud and/or operation must be adapted. Public clouds adapted in this way are currently often referred to as 'sovereign clouds'.

Why is this done and what are the potential benefits?

One important benefit is that an incredible amount of development work has been invested by the hyperscalers for such services from the public cloud. The public sector cannot make up for this development effort for its own services so easily and, above all, so quickly. Citizens also demand that certain services that they are familiar with from their work are also available in the public sector. Another reason may be that alternative products cannot be provided as quickly or to the desired extent. There are also many third-party services available via the public cloud that may be of interest.

"The private cloud is not quite so private"

Why not use a private cloud in the data centers of IT service providers?

Operating a private cloud, for example with an Azure Stack (Microsoft Cloud), is very complex and requires a lot of staff. In addition, you don't have the advantages of the pay-what-you-use approach because all the hardware is procured on a dedicated basis. The basic idea behind the cloud is that many customers use the service and only ever pay for what they are using. Last but not least, and this is a very important reason, a private cloud must regularly communicate with the public cloud for updates. This means that the private cloud is not quite so private. The private cloud of hyperscalers has, as a use scenario, oil rigs, for example, i.e., locations that have to work for some time without a network connection to the public cloud.

What problems and challenges does the path to the cloud present?

I would see three are being very specific to the public sector:

First: For cloud strategy planning, capturing the wide range of requirements in line with legal requirements and guidelines is complex and requires in-depth industry expertise for implementation. They are the basis for all checks and possible adjustments.

Second: When moving to the cloud, the complete infrastructure, its operating models and the organization with its procedures and roles are changed. This is very complex. The appropriate approach for this is an agile method in accordance with the cloud adaptation frameworks of the major hyperscalers. In line with best practice, msg also uses the approach of iterative, i.e. self-improving models. In addition to organizing the high level of complexity, the challenge here is that the public sector does not take an equally agile and iterative approach, especially when it comes to overarching projects with various authorities and ministries. This method must first be established with the transformation to the cloud. This also requires the introduction of agile planning tools.

Third:  Customers in the public sector must often have to plan the transition  in several phases because, despite the cloud first approach, they cannot completely switch to the cloud with all of their services by way of a big bang. Certain services must not and cannot be used in the cloud. And this makes operation highly complex. It will be even more complicated with the envisaged multi-cloud, where several clouds are used. In addition to a clear transformation plan, getting these to work together in a stable and high-performance manner also requires a coordinated overall architecture concept and strong governance.

To summarize, migration to the cloud is a complete paradigm shift for the public sector. Operation, the key processes including security and data protection procedures and the approach to the migration need to be re-thought and implemented. This transition will keep many people busy for several years and is challenging in its complexity, but also very exciting.

 

"The cloud is never in a freeze state, but is constantly changing"

How does msg Public Sector solve these challenges?

I see three important elements that msg uses for this:

First, the cloud strategy: This includes an objective evaluation in coordination with all stakeholders and taking into account the protection and security guidelines as well as requirements of the public administration. This also include the classic architecture and requirements management.

Second, the Cloud transformation: To manage this, a cloud assessment must first be carried out and, based on this, the technical requirements catalog for the migration must be created. This also includes the migration support, training staff  and not forgetting innovation management. The cloud is never in a freeze state, but is constantly changing, including with regard to new services.

Third, cloud IT services and process adjustment: Nothing stays the same with the cloud. Roles and processes need to be fundamentally revised. This includes the recording and presentation of the current IT services and processes and their dependencies, the development of the required process adaptations or process introductions as well as the development of the adapted IT service catalog and support during implementation. Adaptation takes a lot of time, especially in the public sector, where reliability and stability are of great importance. At the same time, however, there is also a great deal of potential that can be leveraged here. Cloud means moving away from decentralized to centralized structures. The potential is obvious: Accelerate, streamline, improve. 

 

What specific examples are there for a solution approach?

The introduction of requirements management with the recording of requirements and the development of the architecture concept is an example in the context of cloud strategy determination. This is the basis.

Given the high level of complexity, however, it quickly becomes confusing. In concrete terms, a tool launch with configuration development and support is therefore a central support service. We have had excellent experience with the Atlassian product world and the introduction of the tool environment with JIRA and Confluence, a powerful tool for the agile approach and thus also for the switch to agile methods. Requirements management can be organized there and linked to test management via the Zephyr Scale plug-in. This means that requirements management and test management are fully integrated. Confluence supports the entire documentation and knowledge management.

 

What is msg particularly good at here?

Firstly, msg is vendor-neutral and advises customers on all cloud projects. In addition, msg has implemented many public sector projects over a long period of time and is therefore very familiar with the special requirements and regulations in the public sector. msg knows the best practice approaches for the transformation and can also map these special features of the public sector to technical challenges in the transformation to the cloud.

Furthermore, msg brings its expertise in German with geographical and cultural proximity to the customer, enabling a smooth process with international providers. This is important not least because, for example, the language used by the authorities uses specific expressions that are not directly understandable to an international company.

All in all, msg can provide holistic and comprehensive support for cloud transformation, from strategy consulting to concrete project implementation, tool introduction, technical migration support and IT process adjustments.