Insecurity for SMBs in G-Cloud changes
Government security reclassification could deter SMBs from G-Cloud services, warns Peter Groucutt
There are two initiatives going on at the same time - the G-Cloud framework and the re-classification of data, but they don't seem to be working together.
The new government security classifications will ultimately simplify the procurement of IT, but during this transition period it is the SMEs that are likely to suffer the most.
Unfortunately, in a period of ambiguity like this, buyers naturally tend to revert to what they know. In this case, it is the existing group of legacy SIs that have been supplying ICT services to government departments for many years.
G-Cloud allows smaller businesses in principle to break that cycle by offering more flexible and cost-effective services to the public sector.
There are already unanswered questions about how these new requirements are going to affect SMEs, with little guidance on where they should go for advice.
The information is out there but, as it stands, suppliers have to sift through reams and reams of paperwork to understand what is expected of them.
G-Cloud has posted some detail on its blog - with a promise of more detail to follow for G-Cloud 6 later this year. For SMEs that have been on the programme since G-Cloud 1, they will have already gone through five tender processes in two years just to have their services on G-Cloud – with no guarantees of getting any business.
For most of those SMEs, they needed to learn the Business Impact Level (BIL) of data classification used by G-Cloud and now they need to make another change.
SIs have the money and experience to be able to adapt to these changes with little in the way of consequences for how they sell their services.
If the government still wants to reach its targets of IT spending with SMEs, they must be mindful of these additional barriers.
At its inception, G-Cloud was meant to symbolise a new way for government departments to source and buy IT. We're about to enter G-Cloud 5, yet after two years, the same issues seem to be preventing the huge changes we know the new system is capable of.
New security classifications are a positive step and should make it easier and faster for government departments to choose and purchase the right type of service from vendors in the right security category.
However, in their current form it will only serve to further strengthen the position of the big SIs and take away any advantage that the SME currently holds.
For public sector departments to really see the benefits that smaller providers can offer, there needs to be more support for SMEs trying to meet changing security requirements set by the government.
Peter Groucutt is managing director of Databarracks