Trying to run public IT operations without using cloud services from private operators is the wrong way to go, writes Fredrik Magnusson and Peter Davidson, sourcing experts at PA Consulting. It risks becoming both unnecessarily expensive and providing poor functionality.
Access to, and utilisation of, cloud services is a prerequisite for the development of the digital society. Unfortunately, Swedish legislation in this area has been neglected. The recently adopted government directive, Secure and cost-effective IT operations for public administration, is a step in the right direction, but the cloud issue must be prioritised.
Cloud services are one of the biggest paradigm shifts in IT since the breakthrough of the internet. The services enable significant cost savings while offering increased simplicity, flexibility and accessibility. An increased proportion of modern system support is also based on cloud infrastructure, which makes it increasingly difficult to find competitive alternatives to cloud-based solutions. So, cloud services are becoming increasingly important for Sweden´s continued digitization.
But in Sweden´s public administration, the situation is locked. Narrow interpretations of Swedish confidentiality and security legislation in combination with new international regulations have created uncertainty. The lack of practice and clear directives on the issue has resulted in the current legislation being perceived in many places as a categorical prohibition on Cloud services. Secrecy and security aspects are undoubtedly very important, but to totally overlook cloud services for such reasons has been questioned from both a technical and legal point of view.
We welcome the recent introduction of a committee directive aimed at presenting frameworks and clarifying the questions regarding the legal requirements for outsourcing public sector IT operations. If it succeeds in breaking the current lock, we can avoid Sweden´s public sector finding it increasingly difficult to procure cost-effective IT operations and standard solutions.
But the directive recommends coordinated IT operations. That is, one authority manages IT operations for other authorities. This not only risks becoming unnecessarily expensive, but is also likely to result in a solution with limited functionality.
Excluding private players and forcing public administration into operating solutions without the innovation, economies of scale and flexibility of cloud services is the wrong path. The issue of cloud services should be given priority and inspiration should be drawn from other EU countries. Denmark, the United Kingdom and Estonia have come further in this matter.
During the investigation, Sweden can create the conditions for using the latest cloud technology by gaining insight into the information that individual and collaborating authorities create and manage. In this way, the use of external services can be decided for each case.
The Swedish authorities should prioritise analysing the value and sensitivity of the information they handle. Authorities should control their information flows and explore their potential to exploit the potential of cloud services to improve their respective businesses.
In this way, Sweden will seize crucial opportunities to make socially necessary changes.