Not often considered a leader in the global technology space, Canada aims to make up ground with its call for a G-Cloud First policy. The country faces many of the obstacles other countries and corporations face when moving to cloud services -- questions of security, compliance and cost -- but it's also hindered by its own success as a resource-based economy.
In part 2 of this two-part Q&A, Neil McEvoy, the founder and CEO of the Cloud Best Practices Network, based in Toronto, acknowledges Canada's pitfalls and claims that fear of cloud may be all in our heads.
Canada has not been known as a global force in the technology space. What are the biggest hurdles it has faced?
Neil McEvoy: This is the core challenge. And I would say there are two or three aspects to this. First, overwhelmingly the No. 1 issue is that Canada is a resource-based economy, so the government is predominantly focused on resources like oil and mining, to the extent that they've been guilty of letting other industries whither. So there isn't as strong a technology policy as there could and should be. In particular, there's been a policy on a digital economy strategy promised for a few years now and it has never materialized, which is symptomatic of a lack of focus on the technology industry. Whereas if you look at the Americans and in the U.K., they're very strong in that area to the extent that in recent years the G-Cloud has now been absorbed into the U.K.'s digital government program, so they've quite rightly recognized that it's not just about buying IT at a cheaper rate, it's about the evolution of government IT and how it works to be better serving the citizens as a digital economy organization. So they're very proactively driving these types of innovations and we don't see that in Canada, predominantly for the reason that, to be brutally honest, they're just making so much money off oil; they don't necessarily have the same imperative. Quite simply: If you don't have the need for it, you don't get around to doing it.
Hand in hand with that is that the CIOs themselves aren't as proactively innovative with their use of technology; they're more reactive and traditional, sitting on what they already have rather than making investments in new technologies, which means that they're not enabling their organizations to be as productive as you can be once you master new technologies, like social media and cloud. Whereas, again, we are seeing those trends in other countries.
Basically, we have a depressed culture toward technology that needs to be livened up more. This is why missions like G-Cloud are important; they bring an air of excitement to the industry if nothing else.
How does the government plan to mitigate data security risks with cloud?
McEvoy: Security is an issue, but it becomes a red herring issue when it's taken and blown so far out of proportion. There's a lot of scare-mongering thrown into the mix as well. I believe some people contribute to that conversation who just have a fundamental aversion to the technology and want to throw mud at it for the sake of it. Equally, information security is a fundamental requirement for government cloud. I don't believe it's inherently a showstopper for cloud computing, though.
Security is an issue, but it becomes a red herring issue when it's taken and blown so far out of proportion.
The argument is always that the data needs to be residing in Canada for it to be secure, but there's no shortage of news stories about the loss of laptops, USB keys and other personal devices that have hundreds of thousands of citizen records on them and other sensitive information -- and that's as local to Canada as it gets. Of course you need information security, but the geographic location isn't a determinant of whether it's secure or not.
How you apply best practices and robust security procedures is a determinant of how secure the information is -- and you should be doing that across technologies and devices -- and it can be secure using encryption and appropriate security procedures. With those in place, an organization becomes mature enough to use any technology to its benefit, and in some scenarios, cloud is the best technology and sometimes it's not. It comes down to some common sense: No one technology is inherently more secure than another; it's just about using them sensibly. And if you approach it that way, you're free to use whatever the best tool is for the job.
How does cost play into this? In what way do you expect a Cloud First policy will lower costs?
McEvoy: Cost is a very important factor, but it's not the only one. If you approach it in a fairly narrow scope, saying, 'We want to move this old mainframe into the cloud and we want it to be cheaper,' you're not going to find it works out because there are so many other factors.
Migrating a legacy mainframe is a complex job, so you'll rack up a lot of costs simply in the consulting and migration phases before you even get to using, for example, Amazon. However, that brings you back to getting the right strategy for the adoption of cloud computing and making sure you've got the business case well planned and well thought out.
For example, a couple years ago the auditor general of Canada conducted an analysis of a large number of legacy systems that the government operates across many different agencies -- RCMP [Royal Canadian Mounted Police], Immigration and other major agencies -- and it was really scary what they came out with. They found the systems and the data centers they were running were so old and so antiquated that they were at imminent risk of collapse. Basically, the saying was, if you look at it from a business-continuity point of view, there were major red flags against the systems, and in the case of the RCMP, ones that could result in life-or-death situations.
So, if you look at how those systems need to be upgraded, it would cost a huge fortune to get high availability they need -- you'd be giving EMC one of your legs and half your bank balance. Using the cloud as an alternative scenario, you'd be leveraging the inherent distributed nature of the cloud at a fraction of the cost. That cost-avoidance factor, while ticking the boxes of mitigating risk of downtime of those very, very important systems, there's massive savings to be made. Plus, as you're modernizing the systems, you can also be improving them, like enhancing business continuity.
Caitlin White is associate site editor for SearchCloudComputing.com. Contact her at firstname.lastname@example.org.
This was first published in June 2013