On Saturday 9th March I had the privilege to attend UKGovCamp 2013, the free annual ‘unconference’ for people interested in public sector digital engagement. As the event was quickly sold out many were unable to attend so hopefully my report might be of use.
The day started with impassioned delegates pitching to fill the 35 sessions throughout the day. Everyone was then free to select which sessions to get involved with. As always, with 7 parallel sessions, it was tough to choose from the diverse set of public sector digital engagement subjects available. With everything we are doing to support the UK G-Cloud and having our service’s security pan-government accredited, I decided to attend the sessions on G-Cloud Security, Hacking Government websites and Talking about G-Cloud procurement.
Mark Smitham (@maakusan), the G-Cloud Security lead, explained the pan-government accreditation process and how the security classifications for government data assurance was made up of a mixture of impact levels and protective marking schemes for content. On questioning he was able to reveal that a policy document on a simplified set of levels (3 instead of 7) would be published before this summer. We look forward to seeing this document as it should make it easier for both providers and consumers of cloud services.
Neatly following on from this, Glyn Wintle (@glynwintle) entertained us all with a session on Hacking Government web sites, which included practical advice on user passwords and the attack threats caused by SQL Injection and Cross-site Scripting. Thankfully, Glyn made this workshop non-technical and many of those that attended are now busy re-setting their passwords after learning that at least 5% of passwords, such as “123456”, can be guessed by hackers without them having to resort to Ninja tactics. As an ISO 27001 certified provider of secure cloud collaboration services I asked Glyn whether he knew of any private sector security certification mark that was equivalent in robustness to the UK Government security pan-government accreditation scheme. He said he wasn't aware of any. As a consumer of private sector cloud services it is a little concerning that there is no accepted independent industry-wide scheme that we can use to validate the security claims of suppliers. At least we can show our UK public sector credentials to our private sector clients.
I lunched with David Bicknell (@GovComputing), Government Computing’s Editor, and we had a great chat about the G-Cloud, where it is now and how it might develop in the future. He made me aware of the recent announcement that system integrators intend to discount their services to compete with CloudStore suppliers in a move to scupper the G-Cloud programme. As you will see from my remarks at the bottom of this article, very little is actually being said about the amount of savings made by the G-Cloud initiative and the extra choice that is now available to public sector procurers of ICT. This topic was also discussed in the G-Cloud procurement session after lunch where Harry Metcalf (@harrym) told us how the Dept. of Health recently saved a massive 95% by placing their WordPress hosting and support with him. I mentioned that we are already saving our clients over £345,000/year collectively (75%) on the price they would expect to pay for similar products. That’s the true power of the CloudStore and open competition! Of course, I did state that SME appeal is not all about price – it’s about innovation, agility, value for money and great customer service.
The real benefit of GovCamp is the informal environment it creates for networking and sharing ideas, issues and best practice. Thanks must go to Steph Gray (@lesteph), Lloyd Davis (@LloydDavis) and Dave Briggs (@davebriggs) for all the hard work they put in and to Don Lewis of IBM UK for hosting the event.
I’m already looking forward to next year!