DMossEsq

Wednesday 19 February 2014

The science of political strategy

@RSAMatthew @MTBracken Mr Cruddas hasn't noticed that @gdsteam aim to make 40,000+ public servants redundant http://t.co/MO0lWN6NZA
— David Moss (@DMossEsq) February 18, 2014

@MTBracken @RSAMatthew @JonCruddasMPNot a "good sign" for 40,000+ public servants http://t.co/p8XRRTYjrZ
— David Moss (@DMossEsq) February 18, 2014

Public service reform: credible treatment requires bold diagnosis:

... imagine a centre which saw its role as based not on power, control of money and regulation but influence, expertise and networks. What a happier, more attractive, more open and mroe effective place Whitehall would be.

Digital Efficiency Report
Cabinet Office
November 2012 (p.19):

If the proportion of savings estimated to relate to staff costs (from Fig. 6) is applied to the total estimated annual savings and then divided by an average cost per FTE [full-time equivalent, what we used to call a "person"], this amounts to a total FTE savings estimate of at least 40,000.

----------

Public service reform: credible treatment requires bold diagnosis:

David Moss on Your comment is awaiting moderation. Tue, 18th Feb 2014 2:08 pm

… from a passing reference he makes to expanding the work of the Government Digital Service, it seems Cruddas knows an incoming Labour Government should try to preserve the best of what is going on in the Cabinet Office …

The Government Digital Service (GDS) have created GOV.UK which replaces the previous central government departmental websites. GOV.UK supports Whitehall’s publishing requirements, just as the previous websites did. Net progress – nil.

The progress GDS is aiming at is to make public services digital by default, as called for by Martha-now-Lady Lane Fox in her revolution not evolution paper. The revolution involves centralising policy-making and budget control and news dissemination in GDS. Centralisation on steroids.

For digital by default to work citizens have to be able to transact with government on-line. Two problems.

Firstly, something like 16 million people in the UK can’t or won’t transact on-line.

Second, for those of us who can and will, we all need to be identifiable on-line. We need the on-line, dematerialised, digital equivalent of an ID card.

For that, GDS have the Identity Assurance Programme,IDA. IDA is already late. It creates a new institution in the unwritten British Constitution – the “identity provider” (IDP). GDS have five IDPs.

Will the British public trust these IDPs with all their personal data? Will companies trust them? It’s unlikely. The media are full of stories all day every day about breaches of security on the web. If even US military contractors can’t protect themselves – and they can’t – why should the IDPs be able to? No reason.

Without IDA, it is impossible for GDS to move on from publishing to transacting. Which is why the dial on their “transformation dashboard” is stuck stubbornly at 1 – of 25 transformation projects on the table, only 1 has gone live.

GDS show no sign of being able to get IDA off the ground. They also seem to have a blind spot about security. They just can’t take it seriously.

If Mr Cruddas is relying on GDS for transformation, he may like to consider the points above.

He may also care to consider GDS’s promise, if digital-by-default ever does take off, to make 40,000+ public servants redundant, replaced by intelligent software agents and applications program interfaces. That would be the effect of the Lane Fox prerogative – massive centralisation and standardisation. Let us hope that IDA remains late for a long time to come.

The science of political strategy

@RSAMatthew @MTBracken Mr Cruddas hasn't noticed that @gdsteam aim to make 40,000+ public servants redundant http://t.co/MO0lWN6NZA
— David Moss (@DMossEsq) February 18, 2014

@MTBracken @RSAMatthew @JonCruddasMP Not a "good sign" for 40,000+ public servants http://t.co/p8XRRTYjrZ
— David Moss (@DMossEsq) February 18, 2014

Public service reform: credible treatment requires bold diagnosis:

... imagine a centre which saw its role as based not on power, control of money and regulation but influence, expertise and networks. What a happier, more attractive, more open and mroe effective place Whitehall would be.

Digital Efficiency Report
Cabinet Office
November 2012 (p.19):

If the proportion of savings estimated to relate to staff costs (from Fig. 6) is applied to the total estimated annual savings and then divided by an average cost per FTE [full-time equivalent, what we used to call a "person"], this amounts to a total FTE savings estimate of at least 40,000.

more ►

Monday 17 February 2014

Skyscape – the Surprise as a Service company

It was such a surprise that everyone can remember where they were the day that Skyscape Cloud Services Ltd won the contract to host GOV.UK.

Skyscape was so young then that the company hadn't even submitted its first set of accounts to Companies House. One man alone owned all the shares in the company. There was plenty of competition from long-established cloud services companies with measurable track records. How did Skyscape beat them?

How did Skyscape go on to win contracts with the MOD? And HMRC? And the Home Office?

How did they qualify for pan-government accreditation?

Last month Skyscape surprised the world again with its open letter to the Government Digital Service and the Government Procurement Service. G-Cloud sales are rising "exponentially", they said, but that's not fast enough for Skyscape. G-Cloud is transforming government IT, they said, but again, not enough. Were they really saying that G-Cloud isn't working? And won't work, as currently designed?

There is a mystery exercising some of us about that open letter of Skyscape's. How did they get Bird & Bird to sign it?

Bird and Bird are solicitors. Red hot, no doubt, at drafting agreements, what are they doing signing a public complaint about operational matters drafted by a little splinter group of malcontents and addressed to what must be Bird and Bird's (prospective) clients?

While we were all pondering that, Skyscape slipped in yet another surprise. They submitted their 2013 statutory accounts to Companies House. 19 pages of surprises. They need to be rationed. You can have one now, just to be going on with.

Skyscape have used the Business review and future developments section of the Directors' report to do a hard sell. Among other things, the directors say:

With a current G-Cloud market share of circa 50%, Skyscape is the leading supplier of Infrastructure as a Service (IaaS) on the UK government's G-Cloud framework and delivers services directly to an increasing range of government departments including ...

50%?

A company that barely existed a year ago has been given 50% of G-Cloud business?

Is that the sign of a market operating efficiently?

What's the point of any other suppliers trying to sell through G-Cloud?

Those and many other questions would need to be answered if the 50% claim was accurate but, as it happens, it isn't.

Let's assume that a "current G-Cloud market share" is a share as at 23 December 2013 when Skyscape's accounts were signed. G-Cloud have published their sales figures to the end of November 2013 and Skyscape account for £1.3 million out of a total of £77.8 million. 1.7% of the G-Cloud market. Not 50%.

As for being the "leading supplier" of IaaS, according to the G-Cloud sales figures again, Skyscape do precisely no IaaS business, they make their money out of hosting, compute and storage. G-Cloud's IaaS business, such as it is, goes mainly to Intechnology plc. N Please see update below, 23 February 2014.

What will Skyscape come up with to entertain us next?

----------

Updated 23 February 2014

N Alan Mather has kindly corrected a DMossEsq mistake here.

Search through the November 2013 sales figures for G-Cloud, looking for occurrences of "IaaS", and you find 15 of them as follows:

Lot	Supplier	Product / Service Description	Total Charge £(Ex VAT)
4	Actica Consulting Ltd	IaaS procurement	11,900.00
4	Actica Consulting Ltd	IaaS procurement	12,275.00
4	Actica Consulting Ltd	IaaS contract set-up support	11,175.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	9,300.00
1	INTECHNOLOGY PLC	IaaS	9,300.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	52,618.00
1	INTECHNOLOGY PLC	IaaS	49,560.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	INTECHNOLOGY PLC	IaaS	9,500.00
1	SPECIALIST COMPUTER CENTRE	GCLOUD IAAS VPN TERMINATION	4,120.00

			226,748.00

No sign of Skyscape in the list, and thus the "Skyscape do precisely no IaaS business" comment above.

But that's not how you do it. The G-Cloud framework is divided into four Lots – 1, 2, 3 and 4 – and the whole of Lot 1 is classed as IaaS, see G-Cloud ‘Simple’ Procurement Instructions:

Lot 1 - Infrastructure as a Service (IaaS)
Lot 2 - Platform as a Service (PaaS)
Lot 3 - Software as a Service (SaaS)
Lot 4 - Specialist Cloud Services

On that basis, Skyscape had 38.86% (£1,299,765.53) of G-Cloud's IaaS business (£3,344,877.25) which, in some circles, could be described as "circa 50%", as long as you don't accidentally give the impression that you have 50% of the total market (£77.8 million) when, in fact, you only have 1.7%:

With a current G-Cloud market share of circa 50%, Skyscape is the leading supplier of Infrastructure as a Service (IaaS) on the UK government's G-Cloud framework and delivers services directly to an increasing range of government departments including ...

Updated 18.8.17

Just to keep DMossEsq's millions of readers bang up to date, it should be noted that Skyscape changed its name a year ago to UKCloud, please see Skyscape Cloud Services relaunches as UKCloud.

Why did they change their name? ElReg suggest that Skyscape rebrands to UKCloud following legal challenge by Sky. Computer Weekly magazine seem to agree, please see The Sky's the limit: Why UK Cloud has become the new name for Skyscape Cloud Services. Diginomica magazine ditto, David v Goliath – Skyscape rebrands as UKCloud after taking Sky to court.

ElReg et al may be partially right but "UKCloud" is undeniably a more appropriate name than "Skyscape". UKCloud's strategist Bill Mew argued in January this year that organisations including government departments are wrong to trust the big US cloud suppliers. In Only one cheer for the government’s public cloud endorsement he singled out Amazon Web Services (AWS) and Azure (Microsoft) in particular. It would be wrong to trust them with your data.

He says you'd be safer using UKCloud, who respect data sovereignty.

So now it's not just UKCloud v. Rupert Murdoch's Sky but also UKCloud v. Amazon and UKCloud v. Microsoft ...

... and UKCloud v. GDS, the Government Digital Service – Mr Mew is not impressed with GDS's failure to argue in favour of UK data sovereignty. DMossEsq agrees. GDS have consistently shown a complete lack of interest in the matter.

"... it was this largely inaccurate perception that public cloud is less secure than private cloud that was the main factor holding back cloud adoption. GDS’s recent very clear rebuttal of this central perception and its clear endorsement of public cloud is therefore very welcome", says Mr Mew. Cloud security is a problem and GDS saying it isn't won't comfort anyone.

Cloud security is a problem. And so is data sovereignty in the cloud. They always were and they still are. The case for cloud remains ... insubstantial.

Skyscape – the Surprise as a Service company

more ►

Sunday 16 February 2014

Some people must think that the British public is a cretin

Cyber security

more ►

Some people must think that the British public is a cretin

__________

Updated 18.2.14:

care.data

Updated 12.5.14:

Youniverse

Updated 22.5.14:

Social Enterprise UK

Updated 25.6.14 #1:

Balanced: all benefits, no costs

Updated 25.6.14 #2:

G-Cloud by Tim Hanley

Updated 27.8.14

How government websites use cookies ("Here's Brian")

Updated 5.9.14

NSTIC (National Strategy for Trusted Identities in Cyberspace)
(This example is American rather than British
but same deal
as our IDA seems to share certain features with their NSTIC)

Updated 28.11.14

Personal data stores

Updated 29.12.14

The UK should be more Estonian

Updated 13.1.15

It's not just the British, American and Estonian publics but the French one, too.

Updated 15.2.15

BBC Radio 4 World At One 23 January 2015 35'24"-41'39"

GOV.UK Verify – adrift in a world of its own:

The Great Pretender

Oh-oh, yes I'm the great pretender
Pretending that I'm doing well
My need is such I pretend too much
I'm lonely but no one can tell

Oh-oh, yes I'm the great pretender
Adrift in a world of my own
I've played the game but to my real shame
You've left me to grieve all alone

Too real is this feeling of make-believe
Too real when I feel what my heart can't conceal

Yes I'm the great pretender
Just laughin' and gay like a clown
I seem to be what I'm not, you see
I'm wearing my heart like a crown
Pretending that you're still around

Too real is this feeling of make-believe
Too real when I feel what my heart can't conceal

Yes I'm the great pretender
Just laughin' and gay like the clown
I seem to be what I'm not, you see
I'm wearing my heart like a crown
Pretending that you're still around

Songwriters
RAM, BUCK

Published by
Lyrics © Peermusic Publishing

1. While two little girls play Guess who? ...

2. ... and The Platters sing The Great Pretender,

3. Janet Hughes of the Government Digital Service and a spokesman for the Department for Work and Pensions fail to explain why GOV.UK Verify is several years late starting, and

4. David Alexander of Mydex reveals that, with GOV.UK Verify, as soon as security is breached, hackers will be able to impersonate him on all the 705 digital services for which he currently has separate logon ID and password combinations.

Updated 21.5.15 1

GaaP 1

Updated 21.5.15 2

GaaP 2

Updated 15.12.15

GOV.UK Verify (RIP)

Updated 23.12.15 1

Going out of mobile range? Turn off myGov Security Codes so you can still sign in! Go to 'settings' in your account pic.twitter.com/9H11ZZWuC9
— myGov (@myGovau) December 22, 2015

The British public and the Australian public, too

Updated 23.12.15 2

Going overseas this summer? If you're registered for myGov security codes make sure you turn them off before you go pic.twitter.com/4rUmG3M2TL
— myGov (@myGovau) December 14, 2015

The British public and the Australian public, too 2

Updated 3.1.16

Learning to be a better Civil Service

Updated 26.11.16

Why GOV.UK Verify (RIP) is safer

Updated 7.10.17

Augmented identity

Thursday 13 February 2014

G-Cloud – Animal Farm

Tony Singleton is the Chief Operating Officer of the Government Digital Service (GDS) and, since GDS took over on 1 June 2013, he is also the G-Cloud Programme Director. This morning he published Taking G-Cloud forward on the G-Cloud blog:

G-Cloud has the potential to reach an estimated 30,000 buyers across the public sector. Yet research carried out by the 6 Degree Group suggests that nearly 90 percent of local authorities have not heard of G-Cloud.

30,000 prospective customers. There's supposed to be a "cloud first" policy. 27,000 customers haven't even heard of G-Cloud. That's a problem.

Take a look at the sales figures for G-Cloud:

December 2013 CSV data: G-Cloud-Total-Spend-13-12-13
(Will we see the same surge in March 2014 as we did in 2013
when people desperately try to use up their budget before the year-end?)

"There are over 13,000 services available via the CloudStore, provided by 1186 suppliers", Mr Singleton tells us, and G-Cloud sales to date stand at £77,788,989.55. That is deemed to be a disappointing figure and the rest of his missive is about how to improve performance.

His message has been trailed by a couple of publications, see Exclusive: Government removes 100 irrelevant services from G-Cloud and G-Cloud purge 100 services. It transpires that Mr Singleton is responding to an open letter orchestrated by Nicky Stewart, the commercial director of Skyscape.

We have already come across Ms Stewart and Skyscape. Before joining Skyscape she was the G-Cloud Head of ICT Strategy Delivery. She is not pleased with G-Cloud's performance since she left. And in her open letter to GDS and the Government Procurement Service she suggests some major changes.

The customer is always wrong
"We are passionate advocates of G-Cloud, and firmly believe in its principles of open competition within a diverse and transparent market", she says, and then complains two paragraphs later that:

The level of understanding around how to buy from the CloudStore remains variable. We see a wide range of practices and attitudes, and in frequent cases the G-Cloud buying guide does not appear to be followed. We all share a common interest in safeguarding the future of the framework, and thereby the emerging G-Cloud market. As opportunities through the framework become larger (and more valuable to suppliers), there is an increased risk of challenge from those suppliers who are losing revenues to G-Cloud. A successful challenge could potentially damage the integrity of the initiative, and all that it promises to deliver to the UK public sector. We recommend that a system be put in place to enable suppliers to report variances from the G-Cloud buying guide to the G-Cloud team and CCS to enable any common issues to be addressed ...

Her passionate advocacy of "open competition" stops short of welcoming competition to G-Cloud and she wants to stamp out any failure by the customers to adhere to the standard practice laid down in the G-Cloud buying guide.

Standardisation is also her solution to the messy business of customers impertinently asking for their own terms and conditions of business:

The G-Cloud framework is standardised and designed to remove complexity. In best case scenarios contracts can be completed within hours. Nonetheless, contractual standardisation generates challenges: for the buyer whose default is their own terms and conditions; and for suppliers whose own terms and conditions are at the bottom of a contractual hierarchy ... There is a clear need to engage with buyers to establish what the G-Cloud Framework terms need to cover, and incorporate into the standard terms to the extent possible. This – coupled with renewed emphasis on the G-Cloud buying guide on the extent that additional clauses can be used – will lead to improved adoption and safer contracting for all ...

Customers must be made to understand that their petty local requirements cannot be allowed to stand in the way of the greater good. They need to be re-educated: "better central guidance and education is needed as to what constitutes a material change to service".

Half the point of G-Cloud as recommended by Chris Chant was to have short contracts that don't lock customers into their suppliers. Ms Stewart turns that on its head: "The two year call-off term is often cited by buyers as a reason for not using G-Cloud, as it would force them into a frequent procurement cycle".

Short contracts are annoying for suppliers, too, and according to Ms Stewart: "given that a 'termination for no cause' clause now exists within the framework, we recommend that GPS increase the maximum contract term to three years. We believe this would encourage the immediate take up of cloud services, allowing buyers to get maximum benefit from the market, without locking them into any given supplier or technology".

She also thinks that customers are being too fussy about security: "Clear guidance is needed very soon: this will benefit the buyer, who may opt for an unnecessarily high (and costly) security wrap, and also the suppliers who have either invested or are investing heavily in PGA accreditation".

Not only does her market annoy her by insisting on individual terms and conditions and by walking away from contracts early and by wasting time trying to ensure that their systems are secure, they further annoy Ms Stewart by not always telling her when they have money to spend:

There is little, if any, transparency of forthcoming opportunity to the supplier, which can in turn lead to negative speculation about how long-lists and shortlists are compiled. We recommend that transparency principles are applied to all areas of G-Cloud transacting:
That an opportunity pipeline is published so that suppliers can see who is planning to buy and when (Contracts Finder would be the logical channel);
That suppliers are informed if they have been long-listed – and that reasons for failing to make the shortlist are communicated to the supplier. Suppliers can then improve their products and pricing which will in turn benefit the market as a whole.

"The CloudStore is, in our collective view, reforming public sector ICT procurement", she says. G-Cloud's short contracts with small- and medium-sized enterprises (SMEs) were meant to be the alternative to long lock-ins with an oligopoly of big Systems Integrators (SIs). But, as the self-appointed spokesman for the collective, Ms Stewart clearly doesn't approve.

With apologies to George Orwell: "The customers outside looked from SME to SI, and from SI to SME, and from SME to SI again; but already it was impossible to say which was which".

----------

Updated 14.2.14

The signatories to Ms Stewart's open letter are:

Simon Hansford, CTO, Skyscape Cloud Services Ltd
Richard Steel, General Manager UK, Azeus UK Ltd
Roger Bickerstaff, Partner, Bird and Bird
Tim Bennett, Managing Director, Datatank Ltd
Richard Clarke, Head of Public Sector EMEA, Huddle
Elizabeth Vega, CEO, Informed Solutions Ltd
Marek Baldy, Business Development Director, Konetic
Mark Cooper, IS&GS Civil UK Managing Director, Lockheed Martin UK Ltd
Karen Carlton, Head of Sales and Marketing, MDS Technologies Ltd
Mark Webber, Partner, Osborne Clarke
Sam Simpson, Commercial and Delivery Director, Roc Technologies
Peter Hornsby, COO, SFW Ltd
Martin Rice, CEO, The Agile Consultancy
Scot Paton, COO, Vysionics ITS Ltd
Andrew Curtois, Senior IT Category Manager, Westminster City Council

G-Cloud – Animal Farm

G-Cloud has the potential to reach an estimated 30,000 buyers across the public sector. Yet research carried out by the 6 Degree Group suggests that nearly 90 percent of local authorities have not heard of G-Cloud.

30,000 prospective customers. There's supposed to be a "cloud first" policy. 27,000 customers haven't even heard of G-Cloud. That's a problem.

more ►

Tuesday 11 February 2014

RIP IDA – if you've got nothing to say, say it

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

17:09, yesterday afternoon, Monday 10 February 2014, an email arrives saying that the Government Digital Service (GDS) have published a new blog post, Striking a balance between security and usability.

Read it, and one question keeps asking itself – why? Why did they publish this interview with James Stewart, the director of technical architecture at GDS? What was publication supposed to achieve? What is the message they're trying to convey?

A number of messages do come across. But unless GDS is trying to undermine itself these messages can't possibly have been intended. Mr Stewart's topic is the balance between security and usability. That's the question. And his answer is – you have to balance them.

Yes James, thank you, we know that, that's the title of the blog post, the question is how? How do you balance security and usability? And since he doesn't answer that question, the inference is that he can't answer it – GDS don't know how to balance security and usability. That's the message that comes across.

That ignorance doesn't seem to worry them. That's another message that comes across. GDS aren't interested in security. Only in usability.

This isn't the first time. We saw this lack of interest in security in Public Servant of the Year ex-Guardian man Mike Bracken CBE's speech last October to the Code for America Summit 2013 and we saw signs of it again two weeks ago in the blog post by GDS's Janet Hughes and Leisa Reichelt, Security and convenience: Meeting user needs.

GDS may not be interested in security. But other people are. They understand its importance.

When GDS's David Rennie spoke at the US Identity Ecosystem Steering Group conference in January, he said that the reason there are none of the big retail banks signed up to IDA, the identity assurance programme, is that they've been too busy sorting out the aftermath of 2008's credit crunch (31'22"-32:32").

That's silly. Identity assurance is what retail banks do all day every day – they can't be "too busy" to do it.

Is the real reason that the banks won't sign up that they don't want to be associated with IDA? And they don't want to be associated with it because, without a proper understanding of security, IDA will crash on take-off, destroying the reputation and the share price of everyone connected with it?

Is that perhaps the reason why Cassidian and PayPal, who were signed up to IDA, have subsequently pulled out?

Security isn't important. What does that imply for HMRC, who are being asked to give up the long-established Government Gateway and to rely instead on IDA?

And what does it imply for the remaining "identity providers"?

It would be a shame to see the Post Office's good name besmirched. The fates of Digidentity, Mydex and Verizon don't concern us much in the UK, they don't have a reputation here to lose. But Experian should worry us all.

They don't need GDS. Experian already do identity assurance in the UK and overseas. They're good at it. They have a global brand, a global good name, and DMossEsq, for one, would like to see them keep it, not least because his pension fund is quite heavily invested in Experian. Their association with GDS and IDA is a threat to DMossEsq's retirement, and the retirement of many others – we're talking about a FTSE-100 company here.

The message from James Stewart's blog post is – Experian, get out, like Cassidian and PayPal, before the shareholders revolt. Why did GDS want to publish that?

----------

Updated 23.5.14

Ebay urges users to reset passwords after cyberattack

Auction site eBay has urged users to change their passwords after suffering what may have been the biggest-ever cyber-attack when hackers broke into a database holding its 233m customers’ personal data ...

The attack is even bigger than that which affected the US retailer Target in December, when around 40m customer credit cards were stolen by hackers, who broke into the company’s systems. The fallout from that security breach led to the resignation of Target’s chief executive in May ...

The latest in a long line of security breaches. And a harbinger of things to come unless GDS starts to take security seriously.

Updated 9.6.14

GDS published a blog post today, Sensible Security. At first it looks as if they're starting to take security seriously ...

... for routine government business and the delivery of public services, government should think about security just as a large and well-run company would do – consider the organisations who look after your savings, manufacture medicines or produce the smartphone in your pocket ... The answer is to think about security as part of the user needs ...

... but the effort proves once again to be too great and we are left with them thinking about security as ...

... something that is integral to (and should be balanced against) every other facet of the service. If we can achieve this balance, and users and risk owners alike can understand it, then we’ll have been successful.

They're no further forward than 10 February 2014 and Striking a balance between security and usability. Luckily the banks and other organisations GDS claim to want to emulate are way ahead.

Updated 20.1.15

No stopping GDS. Now they're responsible for the Public Services Network (PSN).

The what?

"Simply put, the Public Services Network (PSN) is the government’s high-performance network". That's James A Duncan's take on the matter in Making the PSN better. And he's the new new Chief Technology Officer for the PSN so he should know.

According to Mr Duncan:

For suppliers previously, a Pan-Government Accreditor (PGA) would accredit services against the requirements for the Impact Levels. This created an unwieldy bottleneck that has actively added cost to supplier services, and slowed down the rate at which new services are made available on the network. We are changing the over-the-top Service assurance to be more in-line with G-Cloud and the Cloud Service Security Principles.

The Cloud Security Principles remove the "unwieldy bottleneck" which cost money and took time by making the users responsible for assessing security themselves on the basis of unaudited assertions made by the suppliers. You can see why Mr Duncan fits in well with GDS. He has the same relaxed view of security.

What is not clear is how this makes the PSN "better".

Does Mr Duncan have any security advice for his users? For all those central government departments and local authorities and "schools, doctors’ surgeries, pharmacies, emergency services, hospitals and charities large and small"? You bet:

… we’re creating an option for connectivity that allows customers to connect using suitable encryption, via the internet.

"Suitable"? What does that mean? Like "balanced" (please see James Stewart in the post above), it means nothing.

There goes the PSN.

----------

Updated 23.11.16

After what will be six years, I'm leaving @gdsteam at the end of January. Excited to see what's next. https://t.co/VwJDRk5zBw
— James Stewart (@jystewart) 23 November 2016

Updated 23.1.17

Mystery: the departing James Stewart on DirectGov and BusinessLink.

RIP IDA – if you've got nothing to say, say it

more ►