What do you do when you are encouraged to host data in the cost effective and flexible public cloud, but your data is highly sensitive?
Finding a bespoke solution without escalating costs, and demonstrating its value for money, is how we helped one department with this issue.
Over the course of the project we worked closely by:
- helping to develop specific requirements
- producing a pilot as part of our Proof of Concept
- stepping in on an ad hoc basis to ensure value for money
- including them in our assurance process so that they had complete confidence in the new platform
This government department wanted to consolidate several branches of data into one centralised system. By creating a central platform, different teams could use the data available across the whole department.
The system hosted sensitive data that needed to be held separately. Segregating data by security classification (highly-sensitive and non-sensitive), would enable all users to access data appropriate to their security clearance.
Initially, the team wanted help refining their requirements. As both parties sat within government we could meet and have these discussions, which are not possible in a normal commercial environment.
Proof of Concept
Once we outlined the department’s requirements, both parties agreed FCO Services would produce a Proof of Concept for them.
The Proof of Concept included a pilot of the new system to demonstrate its effectiveness, which they also used to apply for funding.
The Proof of Concept was important because it helped the department explain why they were not looking for a public cloud solution. They made this decision because the information owners were not comfortable with holding sensitive data in the public cloud.
The data was previously classified as ‘confidential’. The new classification ‘Official – Sensitive – High’ meant the data sat within ‘Official’ and was associated with less sensitive information.
As it was categorised as ‘Official’, the department had pressure from the Home Office to go with a public cloud solution.
These are normal concerns within government, and the department used our support to demonstrate our value.
To address these concerns, we commissioned an independent benchmarking exercise, to show where FCO Services were in the market cost-wise relative to both private and public cloud. We also provided relevant case studies to help their case.
Once the project received the necessary funding, we worked very closely to help the department get the best results.
Delays in the team getting funding led to a shortfall in their staff, so we filled in the department’s teams. We helped with architectural and assurance pieces, as well as the odd presentation. Our in-government status helped us to work flexibly on an ‘as needed’ basis, rather than requiring formal contracts.
We also helped the department get value for money out of the third party commercial developer that they engaged. They wanted to avoid paying the third party developers to recreate code that already existed in the Proof of Concept pilot.
Therefore, we created a production environment that ran in parallel to the pilot. The developer could then cut code from the pilot and use it in their production of the end product.
Another change to our initial plan was the provision of end user laptops. The laptops were supposed to be provided by the third party developer, but their laptops were not assured.
Therefore, four weeks before presenting our prototype we stepped up to provide assured laptops without interrupting the roll out of the programme.
Confidence in our assurance
Including the department in our assurance process was crucial to build trust and make sure that they understood the detail of what the new solution could cope with.
To begin with, we met with the department’s own assurers. We discussed the scope that we planned to use, and asked about what other elements they would like included.
After using this in the external IT Health Check, we shared the results from the external testing company with them. Finally, we also shared the fixes that we used to deal with issues with the department’s assurers.
In addition, we invited members of the team to witness the system’s resiliency testing.
The platform is hosted across two data centres so that the failure of one data centre does not compromise the entire platform. This is tested by turning off one data centre, to confirm that the data migrates across to the other one.
Once this test was successfully completed, the data centre was put back online to demonstrate that the data migrated back to sit across the two data centres again.
This meant that the department completely understood our assurace process. It allowed them to be confident that they had a strong foundation for any future applications they might add in the future.
We delivered the whole project quickly, from approval to go forward to assurance in six months.
Providing this level of support is both unusual and expensive in a normal commercial setting. Our ability to work closely and informally is only possible because of our position in goverment.
To learn more about how we can do more for you, get in touch.