Cloud Strategies for Public Sector in Central and Eastern Europe

Transcription

1 Technology, Media and TelEcommunications Cloud Strategies for Public Sector in Central and Eastern Europe kpmg.com/cee KPMG in Central and Eastern Europe

2

3 Table of Contents Foreword 4 Introduction 6 1. What is Cloud Computing? 8 Introduction and Basic Definitions 2. Benefits of Using Cloud Computing Services Aspects Related to the Use of Cloud 30 Computing Services in Public Administration 4. Examples of Measures Aimed at Implementing 40 Cloud Computing Services in Public Administration for Selected Countries 5. Main Risk Areas Related to the Use of Cloud 52 Computing in the Public Sector 6. Research Surrounding Cloud Computing 56 Trends in Central and Eastern Europe (CEE) 7. Main Conclusions for Public Administration 78 Concerning the Implementation of Cloud Computing Appendix 1: 86 Case Studies: Use of Cloud Computing Services in Public Administration Bibliography 96 Acknowledgements 99

4 4 Cloud Strategies for Public Sector in Central and Eastern Europe Foreword 2013 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

5 Cloud Strategies for Public Sector in Central and Eastern Europe 5 The concept of cloud computing, where various IT resources including processing, data storage, applications, etc. are available via the Internet network, has revolutionized the approach to the implementation of IT functions for consumers, business and public administration. Member firms across KPMG s global network have been closely monitoring the impact of cloud computing on the business world, publishing a number of global thought leadership reports on this subject. The Lisbon Agenda outlined challenging goals for public administration across the European Union for providing various e-government services via electronic channels, for both private citizens and business entities. The current economic crisis in Europe has impacted the budgets of all the EU member states, and clearly governments are less able to allocate significant financial resources towards building up IT solutions for e-government platforms, as well as electronic service platforms for local authorities and other public organizations. Therefore, cloud computing should be considered as a very attractive strategy for the development of modern digital public administration, considering its cost efficiency. Cloud solutions can be implemented at much lower Captital Expenditure (CAPEX) rates, and following their integration, administrative agencies would only be paying for those resources they require. Cloud computing can significantly eliminate issues faced by all IT departments, at both central and local authorities, associated with capacity, purchasing, and maintenance of an IT infrastructure or data processing center. However, the application of a cloud solution requires a significant change in the perception of the overall IT strategy and its role in the functioning of public administration. In addition, one has to remember that the cloud approach stimulates innovations that drive business, administration and social developments. Therefore, we believe that governments throughout Central and Eastern Europe (CEE) should take note of the experiences that business and public administration have had with cloud solutions, in order to define their national public cloud strategies.

6 6 Cloud Strategies for Public Sector in Central and Eastern Europe Introduction 2013 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

7 Cloud Strategies for Public Sector in Central and Eastern Europe 7 Cloud computing could fundamentally change the approach organizations, both public and commercial, take in how they utilize their IT resources. It may also change the way in which organizations operate and communicate with the outside world. Perceptions surrounding cloud computing have started to change from a method enabling cost reduction to a solution stimulating innovation and considerably improving an organization s efficiency. At the moment, most public organizations purchase and own IT software and hardware, which is and will continue to be a considerable capital expenditure. Cloud computing enables such organizations to access resources that could be needed at any given time, significantly eliminating issues associated with capacity, purchasing, and maintenance of an IT infrastructure or data processing centers. In order to reap all the benefits related to transition to a cloud computing-based solution, however, requires a change in the perception of the IT role in the functioning of public administration. Capitalizing upon the opportunities that cloud computing offers appears particularly important for public administration due to: the complexity and scale of the organization, organizational distribution, potential IT resources redundancy and duplication of IT functions, as well as the need for greater cooperation and information exchange between individual public administration units. Within the context outlined above, the first section of this paper is an attempt to define cloud computing, identify cloud service delivery models and their features. Subsequent sections of the report focus on the benefits of using cloud computing, primarily contrasting this approach with the traditional model of provisioning IT resources. Aside from focusing on the benefits, the report describes the risks associated with migration to the cloud. The document also contains a selection of case studies from various public administration units in other countries using cloud computing, as well as analysis of several foreign government cloud computing strategies. In addition to case studies from other countries, this paper presents an overview of cloud computing in public administration units within Central and Eastern Europe (CEE), presents the current status of implementation in CEE as well as the region s approach to the cloud. The last section of the document contains general recommendations concerning the approach to implementing cloud computing and developing a strategy for this area based on the analysis and experience gained by KPMG s Technology, Media and Telecommunications Industry practice.

8 8 Cloud Strategies for Public Sector in Central and Eastern Europe 1 What is Cloud Computing? Introduction and Basic Definitions

9 Cloud Strategies for Public Sector in Central and Eastern Europe 9 At present, there is no single definition for cloud computing. What unites the definition, currently used by the market, is several similar and key characteristic of cloud computing such as: network access, resource pooling, flexible resource allocation and release. What differentiates cloud computing services is the fact that they can be provided as support for the organization s IT infrastructure as well as that of an external provider/supplier. Depending on the type and extent of resources made available by the service provider, there are three models of cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Cloud computing solutions, depending on the organization s specific needs, enable in sharing IT resources within the organization (also known as the private cloud) or sharing IT resources between different, independent organizations (also known as the public cloud). Definitions of cloud computing One of the organizations that has developed their own definition of cloud computing services is the American National Institute of Standards and Technology (NIST), which describes cloud computing as: a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. A similar definition is given by Gartner Inc. (referred hereafter as Gartner), who defines cloud computing as: a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service [to external customers] using Internet technologies. The entire IT infrastructure, made available to the user by a service provider through Internet connections, is commonly referred to as the cloud. The cloud architecture consists of a network of IT-related resources including: servers, mass storage devices, operating systems, software, etc.

10 10 Cloud Strategies for Public Sector in Central and Eastern Europe Figure 1.1: On-premises computing vs. Cloud Computing model On-premises Cloud computing CUSTOMER CUSTOMER Users Users IT services Hardware, Software and Data VENDOR Licences and support cost Internet IT services VENDOR Hardware, Software and Data Subscription pay-as-you-go The essence of the cloud computing model is to ensure access, by the service provider, to a pool of IT resources that can be dynamically allocated and made available to users via the Internet. The user can request or free up resources depending on the client s actual demand. The actual resource consumption such as consumed computing power units, the size of used disk space, together with actual time for which resources have been reserved for, are the basis for calculating the fee for the service.

11 Cloud Strategies for Public Sector in Central and Eastern Europe 11 Characteristics of cloud computing services At the present stage of development, an integral part of the cloud computing definition refers to the essential characteristics of this solution. Both the NIST and Gartner list five essential characteristics of cloud computing services, as shown in the diagram below. Figure 1.2: Characteristics of cloud computing services On-demand self-service Rapid elasticity Characteristics of cloud computing services Broad network access Resource pooling Measured service On demand self-service Resources are made available to the user from lean or fat platforms via the Internet. Broad network access Resources are made available to the user from lean or fat platforms via the Internet. Resource pooling Cloud resources can be pooled and made available to share between multiple users; the user may have no knowledge or control over the exact location of the provided resources. Elasticity Resources can be virtually assigned and reassigned to best fit the actual user needs; from the user s perspective, resources, made available by the service provider, appear to be unlimited and tailored to the user s needs. Measurability (pay-as-you-go) Resource use is automatically controlled. The cost of the service depends on: the type of resource (e.g. virtual mass storage, virtual machine), the size of the resources used, and the time the resources were used for (reserved), rather than the physical infrastructure.

12 12 Cloud Strategies for Public Sector in Central and Eastern Europe Types of cloud computing service delivery models There are four basic deployment models of services in the cloud private cloud, public cloud, community cloud, and hybrid cloud. Private cloud Cloud resources are provisioned for exclusive use by a single organization. The cloud infrastructure can be owned, managed, and operated by internal units of the organization or by an external provider. Responsibility for these activities can also be divided among the parties. Cloud resources can be located on or off the premises of the organization. Figure 1.3: Private cloud models Internal cloud Private cloud Organization A Organization A Organization B Organization C IT services IT services IT services IT services Internet Internet Internet Internet User A s internal IT assets VENDOR IT IT IT IT affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

13 Cloud Strategies for Public Sector in Central and Eastern Europe 13 Public cloud Cloud resources are provisioned for open use to the general public (i.e. anyone who has access to the Internet can request resources they need from the resource pool provided by the service provider). Public cloud resources can be owned, managed, and operated by external commercial, governmental or academic organizations; responsibility for these activities can also be divided among the identified parties. Public cloud resources are always located on the premises of the cloud computing service provider. Figure 1.4: Public cloud model Public cloud Organization A Organization B Organization C IT services IT services IT services Internet VENDOR IT

14 14 Cloud Strategies for Public Sector in Central and Eastern Europe Community cloud IT resources are provided for exclusive use by a specific, clearly defined community of users. These users have similar requirements (e.g. in regards to security, procedure, etc.). Community cloud resources can be owned, managed, and operated by one of the organizations that make up the community or by an external service provider. Responsibility for these activities can also be divided among the parties. Community cloud resources can be located on the premises of a member or members of the community or on the premises of the external service provider. Figure 1.5: Community cloud model Community cloud Community of users Organization A Organization B Organization C IT services IT services IT services Internet Internal/external service provider IT

15 Cloud Strategies for Public Sector in Central and Eastern Europe 15 Hybrid cloud Hybrid cloud resources are a combination of two or more individual types of clouds (i.e. private, public, or community), which remain separate entities, but are bound together through standards or proprietary technology that enables data and application portability between clouds. Figure 1.6: Hybrid cloud models Hybrid cloud Organization A Organization IT services IT services Internet Internet IT resources dedicated to the community IT IT IT Private cloud Public cloud Types of service models Typically, there are three basic models of cloud computing services. The distinction between these service models is based on the type of cloud s IT resources provided and managed by the service provider, while defining the user s scope of freedom to determine the method and purpose for using the resources. The models are: Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) The figure below shows the differences between the cloud computing service models by indicating the division of control over IT resources between the service provider and the user.

16 16 Cloud Strategies for Public Sector in Central and Eastern Europe Figure 1.7: Division of control for particular IT resources between the service provider and the user in different types of cloud computing models IaaS PaaS SaaS On premise Infrastructure as a Service Platform as a Service Software as a Service VENDOR S CONTROL DATACENTER DATACENTER DATACENTER DATACENTER IT resources under vendor s control NETWORK AND FIREWALL NETWORK AND FIREWALL NETWORK AND FIREWALL NETWORK AND FIREWALL VIRTUALIZATION VIRTUALIZATION VIRTUALIZATION VIRTUALIZATION OPERATING SYSTEM PROGRAMING ENVIRONMENT OPERATING SYSTEM PROGRAMING ENVIRONMENT OPERATING SYSTEM PROGRAMING ENVIRONMENT OPERATING SYSTEM PROGRAMING ENVIRONMENT IT resources under user s control APPLICATIONS DATA APPLICATIONS DATA APPLICATIONS DATA APPLICATIONS DATA INTERFACE INTERFACE INTERFACE INTERFACE HUMAN RESROURCES HUMAN RESROURCES HUMAN RESROURCES HUMAN RESROURCES USER S CONTROL Infrastructure as a Service (IaaS) Under this model the user gains access to computing power, storage, networks, and other fundamental computing resources. Through the use of these resources, the user can run their necessary software, which can include an operating system or applications. The user cannot manage the cloud resources made available, but has control over the operating system and installed by user applications. The user also has limited control over selected networking components such as host firewalls. Platform as a Service (PaaS) Here, the user has access to infrastructure resources, on which the user can run or develop their own applications using programing languages, libraries, services, and tools provided by the service provider. The user cannot control or manage cloud resources, i.e. network, servers, operating systems or mass storage, which are resources made available to the user. Control is limited to the applications developed by the user. The user also has the ability to configure the environment in which the application runs.

17 Cloud Strategies for Public Sector in Central and Eastern Europe 17 Software as a Service (SaaS) In this model the user uses applications provided by the service provider. The applications run on the provider s IT resources. Access to such applications is made available through a range of web-based tools (e.g. application available through a web browser) or via a program interface. The user cannot control or manage cloud resources such as the network, servers, operating systems, mass storage, or even individual applications, with the possible exception of some configuration settings on the shared application. The previously described three service models are widely used with respect to cloud computing services. However, the rapid development in this area has resulted in the emergence of other new services, which are derived from the already described model types and also provided in the as a Service model. The following can be used as examples of these new services: Software + Services (S+S) This is a modification to the SaaS model. Unlike the typical SaaS, S+S allows the user to use a shared application offline, i.e. the user has the option to install the software onto their computer. Business Process as a Service (BPaaS) This is another modification of the SaaS model. Within BPaaS, the end-user is provided with an application adapted to the needs of realizing business processes. As a general rule, the service is built on the BPO (Business Process Outsourcing) model, which, in essence, transfers certain functions or business processes taking place within the organization to a third party. Unified Communication as a Service (UCaaS) Similar to the above mentioned services, UCaaS is also based on the SaaS model. Within UCaaS, unified communication is provided based on the service provider s cloud resources.

18 18 Cloud Strategies for Public Sector in Central and Eastern Europe 2 Benefits of Using Cloud Computing Services

19 Cloud Strategies for Public Sector in Central and Eastern Europe 19 Using cloud computing services means not only a change in providing the necessary IT infrastructure and functionalities, but also a change in the way the entire organization functions. Cloud services impact the manner of execution and run-time for IT system-based processes. Organizations, using cloud services, can more flexibly and in real-time adjust on an as-needed basis the volume of IT resources and access to them. They can also minimize the time needed to implement new solutions or functionalities. Hardware and IT infrastructure is continuously, dynamically developing, and as such, the latest innovative solutions require a continuous capital commitment, which not all organizations can afford. Using cloud computing services allows organizations to manage IT resources while affecting their cost structure (capital expenditures vs. operating costs). Various governments, which have developed and implemented cloud computing strategies, reported achieving significant benefits. The UK s government estimates the potential benefits, from only G-Cloud & Application Store, to reach approximately GPB 180 million by The US government s strategy strongly emphasizes the positive impact of cloud computing, e.g. performance, efficiency and innovation. Indicators of the typical benefits and advantages of cloud computing Implementing a cloud computing model allows for a potential increase in an organization s operational efficiency. When compared to the traditional model of using IT services, cloud computing can significantly reduce costs, i.e. lowering investment expenditures in the IT infrastructure and the costs associated with its maintenance and expansion. Moreover, implementing this solution allows for the achievement of a number of business benefits that are difficult to quantify, but which are very important, as they contribute to improving the organization s efficiency and increasing the service levels provided by it. Figure 2.1: Increase in the operational efficiency Increase in the operational efficiency Changes in the organization Cost optimalization

20 20 Cloud Strategies for Public Sector in Central and Eastern Europe Benefits attributed to changes in the organization are often difficult to quantify, but may have a significant impact on the achievement of results desired by the organization. Among these benefits is minimizing downtime, i.e. lack of access to solutions and systems in the organization. Usually, this is a result of ongoing work related to repairs, hardware infrastructure maintenance, or software updates. Other benefits worthy of mention are better fulfillment of the organization s mission, quicker turnaround in offering new solutions to customers, greater enhancement of service standards, and increasing customer satisfaction, as well as increasing an organization s efficiency. Cost optimization is mainly due to the possibility of limiting investment in hardware infrastructure and software licenses and the ability to reduce the required human resources in IT. This is due to the fact that the organization does not have to invest in its own IT infrastructure, but uses it in the service model, and does not need to constantly have the infrastructure changed to handle the maximum demand. In the cloud computing model, costs are proportional to the actual needs, i.e. in accordance with actual use. Changes in the organization In the event that an organization starts using cloud computing services, the end-user is a beneficiary of the changes that occur. Some of these changes may not always be quantified, but they certainly contribute to improving the organization. These changes can be grouped into three categories, as depicted below. Figure 2.2: Increase in the operational efficiency through changes in the organization Changes in the organization Changes affecting the use of IT resources Changes affecting the organization s efficiency Changes affecting the organization s image Changes affecting the use of IT resources Better use of IT department s potential Up to 70% of costs generated by organizations IT departments are due to the completion of activities related to resource management. In the case of cloud services, the burden of hardware and, to some degree, software infrastructure management, i.e. ensuring minimal downtime operation, configuration set-up and maintenance, general maintenance and updates, etc. is on the service provider. This allows a shift in the IT department s potential to focus on issues related to the organization s mission and research into innovative services and solutions to be implemented. Access to the latest technologies and the ability to make changes in IT systems without having to take into account the investment cycle Computer hardware and software quickly lose their market value. This is due to the rapid development of information technology e.g. older hardware is replaced by models with higher performance parameters, while the functionalities offered by software are subject to continuous innovation. Purchases for IT infrastructure in the traditional IT service model are

21 Cloud Strategies for Public Sector in Central and Eastern Europe 21 associated with relatively high capital expenditures. Replacing or making major modifications to IT systems before the end of the investment cycle is often not possible. The cloud computing model allows the client greater capability and flexibility in infrastructure management. Service providers make the necessary IT infrastructure updates, taking advantage of economies of scale, and they rationalize the use of resources and the costs of maintaining infrastructure by distributing the burden among clients. Limiting the risk of IT investments as a result of reducing vendor lock-in The traditional IT service model, especially in the context of complex entities with IT resources, is often linked to vendor lock-in. Vendor lock-in is the dependence on products from one provider or technology, and technological and organizational constraints associated with any changes to the provider, such as the high costs of migration to alternative solutions. These are typical situations in the case of the use of a dedicated system/application that has been specifically developed to meet the organization s needs. Very often, any required changes to the system/application can be made only by its provider. Ensuring appropriate service standards provided by cloud service providers, using cloud computing can significantly reduce the risk of dependence on a single vendor and the potential costs associated with changes in solutions. Reducing downtime/lack of system access Implementing a cloud computing model should allow for: reducing the time required to configure and expand IT resources depending on the type of the service, these tasks are partly performed by the provider; eliminating the need to manage the physical elements of the system these tasks are performed by the provider; shortening the service s downtime in the event of an incident providers specializing in cloud services usually have more physical infrastructure resources than a single organization. As a result, they can offer different levels of service quality translating into the minimization of time when service is unavailable; accelerating the procedure related to purchasing and updating the necessary software. In the cloud computing model, these processes require minimal interaction with the vendor. The service provider is also responsible for ensuring the stability of the system, i.e. performing operations related to incident prevention. As a result, the costs associated with any repairs are borne by the service provider. Changes affecting the organization s efficiency Business agility One of the major benefits, which the organization potentially achieves by implementing a cloud computing model, is the elasticity of shared resources. Organizations using cloud computing solutions, in a situation where it becomes necessary to increase the capacity of IT resources, can start using them almost immediately. Expanding an IT system, an often expensive and time-consuming process in the traditional IT resource management model, can prevent the organization from undertaking certain tasks or projects. Using IT resources in the cloud computing model not only allows the organization to take full advantage of all opportunities impacting the development of the organization, but also minimizes the risk of a decreased level of provided services and customer satisfaction.

22 22 Cloud Strategies for Public Sector in Central and Eastern Europe Reducing the use of hardcopy documents Providing services in the cloud reduces or eliminates hardcopy documents and the costs associated with them. Services available in the cloud allow for a large portion of administrative procedures to be handled without having direct contact with another person or duplicating papers between the organization and a client. Applications available in the cloud can submit an electronic request, which may be transmitted electronically at any time during processing to respective representatives of the organization. Access from anywhere in the world Cloud computing enhances the capabilities of end-users e.g. in terms of mobility. Applications and services, offered in the cloud computing model, do not require installation so they can be used via the Internet using a wide range of access devices. Remote access to an organization s resources is potentially possible for both its employees and customers. Facilitating the development of the organization in different locations Using the cloud computing model provides the opportunity to develop the organization in different locations without having to invest in additional IT infrastructure. After connecting to the Internet, a newly-established facility automatically obtains access to necessary resources. Furthermore, the integration of systems implemented in the cloud considerably facilitates the transfer of IT resources in case of the organization s relocation. Changes affecting the organization s image Increasing levels of satisfaction for the organization s end-customer Some organizations cannot afford to invest in the best solutions needed to provide services to their customers. Changes to the cost structure, resulting from the deployment of solutions based on cloud computing, enable access to the required technologies and solutions by organizations with limited investment opportunities. Furthermore, the time required for their implementation can be much shorter, and their reliability at a significantly higher level. These organizations can thereby provide a higher standard of services to their customers; they can better adapt to their needs and, consequently, achieve a higher level of customer satisfaction. Going Green Reducing the demand for power and increasing the use of shared hardware helps to reduce negative impacts on the environment. Reducing greenhouse gas emissions from the production of energy needed to power IT devices and reducing other emissions generated during the production, transportation, and recycling of hardware components, resulting in a lower carbon footprint, a consequence of activities carried out by the organization. Implementing cloud computing solutions allows organizations to build an ecofriendly image, taking into account corporate social responsibility (CSR). Optimization of costs resulting from using cloud computing Implementing a cloud computing model is associated with a significant change in the cost structure of the organization. This type of implementation has an effect on both capital expenditures and operating costs.

23 Cloud Strategies for Public Sector in Central and Eastern Europe 23 Changes in the level of capital expenditures The main changes, which reduce the level of capital expenditures resulting from implementing a cloud computing solution in an organization, relate to the following categories: IT equipment Due to its specific characteristics, solutions based on cloud computing are provided by external providers and are often shared by multiple users, allowing for a reduction of capital expenditures on part of the organization s IT infrastructure (e.g. cabinets, servers, disc arrays, archiving robots, tape drives); Server rooms Significant changes are observed in the costs associated with the construction of server rooms, which, due to their functions, require considerable capital expenditures (e.g. emergency power systems, cooling and fire extinguishing systems, access systems, etc.). If the organization uses exclusively cloud services, these costs are incurred by the service provider. IT licenses The scale of potential savings depends on the type of cloud computing services used by the organization. In the case of IaaS services, the user bears a relatively high cost of purchase of system and utility software licenses, as the service provider is responsible only for providing software, which enables management and virtualization of the hardware environment. Within the model offering PaaS services, the provider is usually responsible for providing an operating system and application environment, e.g. programing one, while within SaaS services, the provider is responsible for all the necessary software and software licenses used by the end-user of the service. It should be noted that in some cases effective operation of the cloud computing model can also mean an increase in the capital expenditure related to the networking infrastructure. Network infrastructure The use of cloud computing services makes for more stringent requirements in regards to the transmission network. This may primarily concern increased bit rates and guarantees of a network s availability (the level of quality and reliability). As a result, the cost of network infrastructure may be higher than in the traditional IT resources model.

24 24 Cloud Strategies for Public Sector in Central and Eastern Europe Table 2.1 Comparison of capital expenditures in the traditional IT resource model versus cloud computing model Traditional model IaaS PaaS SaaS Cost of equipment (such as cabinets, servers, disc arrays, archiving robots, tape drives) No cost No cost No cost CAPITAL EXPENDITURES Cost of server rooms/data centers (e.g. buildings, air conditioning systems, fire extinguishing systems, emergency power systems) Installation cost of the transmission network (e.g. wiring, switches, routers, access network) Cost of software license: system software e.g. -- operating systems, database management systems, -- software tools, -- virtualization utility software e.g. -- information management systems (e.g. ERP, CRM), -- application software (e.g. spreadsheets, word processors, ) No cost No cost No cost Increased network installation cost due to higher bit rates and expected levels of SLA Cost of software license: system software e.g. -- operating systems, -- database management systems, -- software tools, utility software e.g. -- information management systems (e.g. ERP, CRM), -- application software (e.g. spreadsheets, word processors, ) Increased network installation cost due to higher bit rates and expected levels of SLA Cost of software license depending on the complexity of the service: - system software e.g. -- database management systems, -- software tools, utility software e.g. -- information management systems (e.g. ERP, CRM), -- application software (e.g. spreadsheets, word processors, ) Increased network installation cost due to higher bit rates and expected levels of SLA No cost (software licenses included in the cost of the shared service) Changes in operating expenses The use of cloud computing services has an effect not only on the amount of capital expenditures, but also on the structure of operating costs. Several particularly relevant cost categories that are subject to change can be distinguished: IT equipment and server rooms One of the costs for this category is electricity costs, which, taking into account the number and variety of equipment used by organizations (air conditioning systems, fire extinguishing systems, servers, switches, disk arrays, end-user terminal equipment, etc.), are usually a significant cost item. In the case of the cloud computing model, these expenses are borne mainly by the provider. The service provider accounts for these costs in a periodic fee for the service; however, due to the effect of an economy of scale, the amount of maintenance costs allocated to a single service is lower than in the costs of an individual organization. Reduction of these costs does not apply to equipment, which remains in the user s location, such as LAN switches.

25 Cloud Strategies for Public Sector in Central and Eastern Europe 25 IT licenses (maintenance fees) In the cloud computing model, license maintenance costs depend on the scope of provided services defined in the agreement with the service provider. In the case of SaaS, the user does not have to incur license costs; these costs are borne by the provider, who takes them into account in the fee for the service. Clients, using cloud computing solutions in the IaaS and PaaS models, incur only license renewal costs with respect to software that is not provided as part of the service in the case of IaaS, these are costs associated with a license for a given programing environment and individual applications, whereas in the case of PaaS, these will be mainly licenses related to specific applications. Human resources and third-party services In the case of using cloud computing services, the provider is responsible for ensuring trouble-free operation of resources made available in the cloud. The service provider is responsible for providing and maintaining the service. As a result, the client can reduce the number of employees directly involved in the infrastructure maintenance and the need for specialized services provided by external companies. The level of such reduction depends on the type of cloud services used by the organization. It should be noted that besides categories of reduced costs as a result of using cloud services, categories of increased costs or new categories of costs that did not previously exist in the traditional model these can be distinguished, namely: Fees for the provided cloud services These fees include both the costs of purchased service and storage of data, which are generated as a result of using cloud services. The fees are usually proportional to the level of service use, e.g. computing power (for IaaS and PaaS), the amount of stored data (IaaS), the number of consumers (SaaS), and the time spent using such services. It should be noted that the level of costs incurred by the service providers reflects the achieved economies of scale. Economies of scale can be observed in several terms, including: greater purchasing power that allows for negotiating discounts with hardware and software providers; reduction in IT infrastructure management costs through the integrity of systems one employee of a data processing center is able to manage a larger number of machines than in smaller establishments; higher efficiency of large computing centers resulting from the shared infrastructure and more favorable purchasing conditions, e.g. electricity. Data transmission and transmission network maintenance Using cloud computing services means that more stringent requirements need to be met in regards to the transmission network. A data transmission network operated in a traditional IT model may not meet the requirements of cloud services, e.g. due to the need to ensure higher bit rates and increasing guarantees of a network s availability (quality and reliability level). In such a situation, the costs related to the purchase of such services and maintenance of the required network infrastructure may be higher than in the traditional IT resources model.

26 26 Cloud Strategies for Public Sector in Central and Eastern Europe Table 2.2 Comparison of the operating cost structure when using the traditional IT resources model versus the cloud model Traditional model IaaS PaaS SaaS OPERATING EXPENSES Equipment maintenance costs (such as cabinets, servers, disc arrays, archiving robots, tape drives) Server rooms/data centers maintenance costs (e.g. buildings, air conditioning systems, fire extinguishing systems, emergency power systems) Software licenses maintenance costs (for e.g. operating systems, virtualization, databases, applications) Infrastructure maintenance costs (employment, thirdparty services) Transmission network maintenance costs (e.g. wiring switches, routers, access network) Data transmission costs No cost No cost No cost No cost No cost No cost No cost No cost Software maintenance costs unchanged Cost of maintenance limited to software: operating systems, databases, applications, tooling solutions, and access network solutions Higher cost of data transmission network maintenance due to the expected higher level of SLA Higher cost of data transmission due to increased bandwidth demand (greater amount of data sent and received from outside the internal network) Utilization cost for the computing power of the infrastructure (e.g. monthly, annual), settled by consumption/system load Cost of data storage facilities use (e.g. monthly, annual), settled by occupancy Cost of software maintenance limited to: databases, applications, tooling solutions Cost of maintenance limited to software: operating systems, databases, applications, tooling solutions and access network solutions Higher cost of data transmission network maintenance due to the expected higher level of SLA Higher cost of data transmission due to increased bandwidth demand (greater amount of data sent and received from outside the internal network) Utilization cost for the computing power of the platform (e.g. monthly, annual), settled by consumption/system load Cost of data storage platform use (e.g. monthly, annual), settled by occupancy No cost Cost of maintenance limited to the access network Higher cost of data transmission network maintenance due to the expected higher level of SLA Higher cost of data transmission due to increased bandwidth demand (greater amount of data sent and received from outside the internal network) Cost of using the software (e.g. monthly, annual), settled by its use (e.g. the number of records, users) Cost of data storage facilities use, complementary to the functionalities of the used software (e.g. monthly, annual), settled by occupancy No cost Cost of data transmission between resources of the infrastructure provider (e.g. monthly, annual), settled by occupancy Cost of data transmission between resources of the infrastructure provider (e.g. monthly, annual), settled by occupancy Cost of data transmission between resources of the provider of the platform or infrastructure, complementary to the functionalities of the used software (e.g. monthly, annual), settled by occupancy affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

27 Cloud Strategies for Public Sector in Central and Eastern Europe 27 Expectations of benefits of using cloud computing by public administration When faced with the task of determining its approach to cloud computing, public administrations in many countries often try to identify benefits and estimate cost savings, which will arise from migrating to the cloud. It is not an easy task, since many of these benefits are hard to measure; while others, for which theoretically accurate estimates can be made, are obstructed by, for example, a large number of organizational units with many diverse performed functions, existing processes and infrastructure. Below are some examples, where potential benefits of migrating to cloud computing services were measured and estimated. A savings estimate was attempted to be made by, e.g. the UK government. In its Government Cloud Strategy published in March 2011, the UK presented the centrally expected savings resulting from migration to cloud-based solutions (G-Cloud), efficient use of services and applications from the Application Store, as well as consolidation and more efficient use of data center resources. The estimates are presented in the table below: Table 2.3 Expected benefits resulting from migrating to a cloud computingbased solution (UK) Savings (in GBP million) G- Cloud & Application Store Consolidation of data centers Source: HM Government, Government Cloud Strategy, 2011 affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

28 28 Cloud Strategies for Public Sector in Central and Eastern Europe Another example comes from the USA. The Federal Cloud Computing Strategy published in February 2011, presents the benefits of using cloud computing. The strategy relates to increased operational effectiveness and efficiency of the organization, as well as innovative services offered by the government. It forecasts a savings of 30% for computer hardware and software. The following table summarizes the benefits described in the strategy. Table 2.4 Benefits described in Federal Cloud Computing Strategy (USA) Cloud computing Improved asset utilization (server utilization > 60-70%) Aggregated demand and accelerated system consolidation (e.g. Federal Data Center Consolidation Initiative) Improved productivity in application development, application management, network, and enduser Cloud computing Purchase as-a-service from trusted cloud providers Near-instantaneous increases and reductions in capacity More responsive to urgent agency needs EFFICIENCY EFFECTIVENESS INNOVATION Traditional model Low asset utilization (server utilization <30% typical) Fragmented demand and duplicative systems Difficult-to-manage system Traditional model Years required to build data centers for new services Months required to increase capacity of existing services Cloud computing Shift focus from asset ownership to service management Tap into private sector innovation Encourage entrepreneurial culture Better linked to emerging technologies (e.g. devices) Traditional model Burdened by asset management De-coupled from private sector innovation engines Risk adverse culture Source: The White House Washington, Federal Cloud Computing Strategy, 2011

29 Cloud Strategies for Public Sector in Central and Eastern Europe 29

30 30 Cloud Strategies for Public Sector in Central and Eastern Europe 3 Aspects Related to the Use of Cloud Computing Services in Public Administration

31 Cloud Strategies for Public Sector in Central and Eastern Europe 31 Interest in adapting cloud computing services can be seen at various levels of public administration. The main reasons for adapting cloud services is the possibility of reducing expenditure on infrastructure and the immediate implementation of applications based on cloud services. Analysis of adopted cloud computing services by the public sector shows that public administration representatives use cloud services primarily in areas which do not include applications critical for operations and which are not integrated with other IT systems or newly implemented software. Cloud services can be used in many aspects of the public sector. Analysis of several cases of cloud services use by public administrations throughout the world shows that SaaS is the most widely used model. A significant proportion of the analyzed cloud applications concerned migration and human resources management services. Most of the projects analyzed were implemented by public sector units within the last months, and some of them were still in the pilot stage. Selected findings and observations from a global KPMG survey on public administration s stance on the use of cloud computing services In 2011, KPMG in collaboration with Forbes Insights conducted a survey on cloud computing among public administration institutions.* Over 400 representatives of public institutions from 10 countries representing the central, regional, or local government levels participated in the survey (53%, 25% and 23%, respectively). Furthermore, KPMG used the results of a survey conducted among over 800 business representatives around the world to obtain a broader context. The results of the survey provided valuable insight into public institutions attitudes toward cloud computing. The results indicate that the public sector is slower to adopt cloud computing than the private sector, however, numerous public organizations have undertaken such measures: e.g. approximately 24% of institutions are already carrying out pilot projects, and nearly 20% have already carried out a partial implementation of such solutions. Figure 3.1: Shift to the cloud: Which of the following activities has your organization undertaken as part of its move toward adopting/implementing a cloud environment? Developing a strategy 29% 38% Testing of a proof of concept 24% 35% Partial implementation 19% 32% 0% 10% 20% 30% 40% Government/Public sector Private sector * KPMG International The Clarity in the Cloud A global study of the business adoption of Cloud, 2011

32 32 Cloud Strategies for Public Sector in Central and Eastern Europe For both the public and private sectors, the expected benefits of using cloud computing are cost savings and change in the way sectors communicate with the environment. The information provided by the participants indicates that the expected cost advantage areas are the reduction of investments in IT infrastructure and the reduction of people maintaining internal processes. The public sector also emphasizes an increase in the ease of facilitating management and enhanced transparency of operations as potential positive impacts from the cloud computing adaption. Figure 3.2: Which of the following statements best describe the potential impact of cloud on your business model/operations? It will fundamentally change our business model It will change our interaction with customers (i.e. constituents/citizens) and suppliers It will provide management with greater transparency on transactions 28% 32% 39% 39% 37% 32% It will reduce costs 50% 50% It will accelerate time to market 24% 35% No significant impact 12% 18% Other (please specify) 3% 1% 0% 10% 20% 30% 40% 50% 60% Government/Public sector Private sector The biggest concerns arising from the use of cloud computing among the public sector representatives are related to data security. Such concerns were reported by almost half of the respondents. The most frequently indicated approach (by approximately 80% of participants) to reduce these concerns was the certification of such a solution provider by a public administration organization. Figure 3.3: Public sector characteristics that affect the rate of adaptation of cloud computing services Public sector characteristics that affect the rate of adaptation of cloud computing services Approach to risk management Level of complexity of the organization Dispersion of the organization The KPMG report based on the information and opinions obtained in the survey also identifies issues that are likely to affect the rate of adaptation of cloud computing by the public sector. Approach to risk management Due to their specific characteristics, public sector institutions usually have a different approach to risk management than the private sector. Institutions are relatively less likely to take action associated with increased risk levels, such as the use of new, not necessarily fully tested technologies. The risk acceptance level in the private sector is many times greater, since companies take on such risk and manage it appropriately to create a competitive advantage. In the

33 Cloud Strategies for Public Sector in Central and Eastern Europe 33 public sector, the reward for taking on risk and achieving a success is usually lower. However, in the case of where the risk manifests and adverse effects may occur, the consequences, for both the institution and the employee taking on the decision, are usually negative. Level of complexity of the organization The structure and organization of the public sector is significantly different in terms of size and scope of operations compared to that of corporations. Public sector organizations are generally large, extensive, and handle a relatively wide range of operations (which correspond to business lines within a company). Private corporations are often smaller and less internally diverse. For these reasons, implementation of cloud-based solutions in public institutions can be relatively difficult and require more resources. Dispersion of the organization Public sector organizations are often more scattered and located in less urban areas than private sector organizations. Cloud-based solutions require a centralization of resources; therefore, the challenge will be to provide an adequate infrastructure for each location and with that come the associated costs. On the other hand, cloud computing facilitates remote access to applications, which, in turn, can facilitate the work of territorially dispersed organizations. Potential areas for using cloud computing in public administration Potential use of cloud computing by the public sector may have a much different application. Theoretically, there are no limits for the public sector to use cloud services in the IaaS, PaaS and SaaS models. These solutions are used for both the internal optimization of daily operations of institutions and external communication with the public. Following are examples of the potential division of essential cloud services used by public sector units. Figure 3.4: Examples of the potential division of essential cloud services used by public sector units with regard to activities such as citizen engagement, government productivity and internal processes SaaS Citizen engagement Government productivity Internal processes applications Wikis/Blogs /IM Core mission applications Business services applications Social networking Virtual desktop Government websites hostings PaaS Database and DBMS Developer tools Testing tools Directory services IaaS Virtual machines Server-hosting CDN Storage Web servers

34 34 Cloud Strategies for Public Sector in Central and Eastern Europe Functionalities available in the SaaS model In the SaaS model, the end-user can access cloud applications offered by the provider via a web browser. The public sector can take advantage of: Applications enabling communication with the public including applications that enable the hosting of wikis/blogs, social networking and government websites. These applications serve to share information with the public and foster involvement in government initiatives. Applications enhancing the effectiveness of the public sector including applications, word processors, spreadsheets, cloud-based virtual desktops. The aim of these applications is to increase the efficiency in the public sector and reduce costs. Applications enhancing the public sector s internal processes using applications that facilitate the core business, are specific to individual departments, and provide support activities (such as human resources management, accounting, purchasing process, asset management). The above-mentioned examples show that cloud services can be used in many aspects of the public sector. A survey of several dozen cases of public administration using cloud services in different countries demonstrates that the most widely used model is SaaS. A significant proportion of the clouds in question dealt with migration and human resources management services, and most of the projects were implemented within the last few years, while some were still in the pilot stage. Functionalities in the PaaS model In the Platform as a Service model, the client can create, develop, or test applications run on the infrastructure provided by the service provider, using the programing environment and development/programing tools, which are also provided by the provider. Examples of IT resources made available in the PaaS model are: Databases available with database management software (DBMS). Test tools tools used to ensure the quality of the developed software, enabling verification and validation of developed applications. Programing tools tools used to create, modify, and maintain other applications. Directory services services that enable administrators with a single mode of cataloging devices and network services. The directory service is a database consisting of: users, applications, network devices, and other network resources. Functionalities in the IaaS model In the Infrastructure as a Service model, IT infrastructure provides a number of functionalities, including data storage, network services and backup services. The end-user is able to use the infrastructure provided to implement and run any software including an operating system and applications. Basic services available within IaaS are: Virtual machines provider procures virtualized IT resources. Server hosting provider grants access to server room resources via the Internet. CDN (Content Delivery Network) the client has access to a server network increasing the speed of accessing data as well as reducing the load on the primary server. Data storage the client has access to IT equipment used for storing large data quantities.

35 Cloud Strategies for Public Sector in Central and Eastern Europe 35 Web servers the client has access to servers performing specific network services (such as web content delivery). Case studies of public administration using cloud computing services The case studies below concerning cloud computing in public administration were selected based on an analysis of several dozen examples from around the world. KPMG s survey selected cases to present a broad spectrum of cloud applications in different countries and on various continents, at different government levels (central, regional and local), in a variety of functional areas, as well as for different models (IaaS, PaaS, SaaS). In addition, we tried to assess the comparableness of each case with the situation in Poland (i.e. omitting examples of the cloud environment at NASA, the US space agency, which has no counterpart in Europe, especially not in Poland). Figure 3.5: Division of discussed case studies with regard to functionalities such as citizen engagement, government productivity and internal processes Citizen engagement Government productivity Internal processes applications SaaS S1: Mobile application Suffolk County, Great Britain S5: Water use monitoring platform Dubuque, Iowa United States S2: Migration of to the cloud Los Angeles City, United States S3: Optimalization of the energy consumption by the internal IT resources The General Services Administration (GSA), United States S4: Application for recording compensation and other services in the field of HR management Essex County, Great Britain PaaS I1: Private Cloud e-learning Application Local Government in Castilla, Spain P1: Application supporting sales of ecological consumer electronics and appliances Ministry of Economy, Trade and Industry, Japan P2: Application to handle recurring international fleet audit Maritime Safety Authority, Australia IaaS I2: Utilization of cloud in science Los Alamos National Laboratory, United States I4: Virtualization of servers and applications Ministry of the Economy and Public Finance, Argentina I3: National e-invoice system NemHandel National IT and Telecom Agency, Denmark In an attempt to improve the presentation of the wide-range use of cloud computing services by public sector entities and to facilitate analysis, cases described here have been assigned to one of the potential cloud applications presented in the previous section. The tables below present the type of service used in the cloud, results after transitioning to the cloud environment, and the benefits of such a transition. More detailed descriptions are available in Appendix 1.

36 36 Cloud Strategies for Public Sector in Central and Eastern Europe Table 3.1 Case studies of public administration using cloud computing services I1. Local government in Castilla, Spain IaaS + SaaS Service Results and benefits Private cloud implementation access to IT resources for subsidiaries in an IaaS model and access to e-learning applications (SaaS) More efficient IT asset management within the region reduction in the number of computing centers while simultaneously providing a higher performance infrastructure. Implementing the cloud computing services enabled a faster development of e-administration services and e-learning. According to estimates made by local authorities, cloud implementation made it possible to reduce the costs associated with purchase and utilization of IT resources by approx %. I2. Los Alamos National Laboratory, USA IaaS Service Results and benefits Providing employees with virtual servers and memory in a private cloud model Optimized utilization of physical IT infrastructure resources. The solution allowed for savings amounting to USD 1.4 million per annum (including savings on energy costs, reduction of electronic waste). I3. National IT and Telecom Agency, Denmark IaaS Service Results and benefits Migrating the national e-invoice system NemHandel to a public cloud Increased current system bandwidth based on the flexible IT infrastructure scale, which depends on demand. The system works as follows: a supplier sends the invoice to the VAN operator, which determines the invoice receiver location by GLN number. Then the invoice is sent to the proper VAN operator or directly to the receiver institution. Developing an IaaS solution accelerated and regulated the workflow and decreased the amount of stored paper documentation. Developing IaaS solution accelerated and regulated the workflow and decreased the amount of stored paper documentation. Savings in projected areas were achieved; however, the forecasted period of return on investment extended to 28 months. After implementation, it turned out that the monthly cost of using the service was about 20% lower than initially projected. However, the real cost of migrating the application into the cloud was twice as much as that originally forecasted (as there were necessary corrections to be made in the application architecture, which forced corrections to be made to the primary environment platform prior to the correction to be made to the application, i.e. without the use of cloud).

37 Cloud Strategies for Public Sector in Central and Eastern Europe 37 I4. Ministry of the Economy and Public Finance, Argentina IaaS SaaS Service Results and benefits Virtualization of servers and applications used by ca. 11,000 users in different governmental organizations The Ministry of Economy and Public Finance was responsible for managing a network for 112 agencies, which was connected with the need for ongoing monitoring, control of information security and help desk staff employment. Via Citrix solutions development (XenServer and XenApp), the Ministry delivered an effective and secure IT environment and central IT structures management. A single backup point was employed for all data. Moreover, the IT hardware lifecycle got longer from 3 up to 8 years. P1. Ministry of Economy, Trade and Industry, Japan PaaS Service Results and benefits Using a commercial platform (PaaS) in order to provide access to a network application supporting ecological consumer electronics and appliances sales Launching a web application for transactions made in the Eco Points Program based on cloud resources. The program was made available to end-users in a SaaS model. The application performance capabilities were designed to handle 40 million visits during peak times. There was an expectation to handle 20 million transactions, of which more than 500,000 were anticipated in the first month. P2. The Maritime Safety Authority, Australia PaaS Service Results and benefits Using a commercial PaaS platform to provide access to a network application to handle recurring international fleet audits operating in a SaaS model Achieved savings associated with the purchase and IT infrastructure management. The total cost to implement an electronic version of the register amounted to AUD 30,000, including the application design, administration staff training, annual fee, and yearly maintenance cost. The implementation cost for a similar application in the traditional model was estimated to be AUD 200, ,000. SaaS Service Results and benefits S1. Suffolk County, UK Implementing a mobile application in a SaaS model for the purpose of developing new standards of communication with residents Obtained a new tool to communicate important messages to residents (most people lived in rural areas). Ease of access via mobile phones to certain county services.

38 38 Cloud Strategies for Public Sector in Central and Eastern Europe S2. Los Angeles, California, USA Service Migrating electronic mail to the cloud Electronic mail for 17,000 administrative and municipal services employees was transferred to the Google cloud, obtaining a SLA of 99.9%. SaaS Results and benefits The newly implemented solution reduced the number of administration and city services employees operating the system from 16 to 7 full-time employees. The implementation cost amounted to approx. USD 0.9 million. The total savings are expected to be USD 5 million, and will be achieved through the following: the cost of using electronic mail being reduced annually from USD 450 to USD 150 per user; achieving a savings of USD 3 million on IT workers compensation by 2013; savings of more than USD 1.6 million on computer equipment and USD 1.3 million on software. S3. The General Services Administration (GSA), USA SaaS Service Results and benefits Software implementation optimizing energy consumption by internal IT resources Software installation was implemented within a week on more than 17,000 workstations and servers used by GSA. The cloud-based solution allowed for a significant reduction in the demand for electricity by centralizing energy consumption management. Reduced greenhouse gas emissions by more than 2 million kg of equivalent CO 2 over the span of a year. Achieved a savings of USD 200,000 on software and reduced power costs by around USD 400,000 within the year. SaaS Service Results and benefits S4. Essex County, UK Software implementation to record compensation and other services for Human Resources Management Reduced payroll processing time from 18 to 4 hours. With the cloud technology, Essex County was able to provide its HR system to public sector subsidiaries. IT size and cost in the field of human resources management was reduced. Achieved a savings of over USD 900,000 during the first year of operating the new HR system. The cost of a single pay slip was reduced by approx. 25%.

39 Cloud Strategies for Public Sector in Central and Eastern Europe 39 S5. Dubuque, Iowa, USA SaaS Service Results and benefits Using an SaaS model application platform for ongoing monitor of the use of water resources and energy in the city The platform performs a registration every 15 minutes and passes the information, together with weather information, demographic data and household characteristics, to the cloud. All data is analyzed in the cloud service. Moreover, it enables creation of statistics and forecasting of water and energy use. As a result, water utilization decreased 6.6% over 9 weeks, the water leak detection increased and savings were achieved. The electricity consumption decreased by 11%. The above examples indicate that public administration representatives use cloud services primarily in areas which do not include applications critical to operations and which are not linked with other IT systems or newly implemented software. Interest in implementing cloud computing services can be seen at every level of state administration. The main reasons for using cloud services are the possibility of reducing expenditure on infrastructure and the immediate implementation of applications based on cloud services. Public administrations approaches to the implementation of cloud services are quite diverse in different regions of the world. The greatest progress in implementing cloud services for public administration can be seen in the Asia- Pacific region and in the US, while the public sector in Europe is still in the early stages of adaptation. affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

40 40 Cloud Strategies for Public Sector in Central and Eastern Europe 4 Examples of Measures Aimed at Implementing Cloud Computing Services in Public Administration for Selected Countries

41 Cloud Strategies for Public Sector in Central and Eastern Europe 41 The UK is one of the most advanced European countries in regards to using cloud computing solutions by the public administration sector. The strategy adopted there introduces the application of ICT utilization for public sectors when selecting a cloud solution within acceptable risk levels and, which must meet information security requirements. As part of the implementation of this strategy, a Government Application Store was launched in the cloud for public sector entities in The US is a global leader in cloud computing. The federal government has announced and implemented policies, plans, and programs that require departments and federal agencies to modify their IT assets. Cloud computing is one of the recommended solutions. Similarly to the British government s strategy, this strategy places a significant emphasis on having easier access to cloud computing applications (via the website Apps.gov) and consolidating data processing centers. Status of current work carried out by the European Commission regarding cloud computing European Union Cloud Computing Strategy The need to develop an EU cloud computing strategy was emphasized in a document entitled Digital Agenda for Europe, published on 19 May 2010 by the European Commission. The paper focused on utilizing cloud solutions for the purposes of public administration and the science sector. The document clarifies the EU s development in terms of the ICT strategy through 2020 (EUROPE 2020 A strategy for smart, sustainable and inclusive growth COM(2010)). The completion of the cloud computing strategy was adopted in Finally in September 2012, the European Commission adopted a cloud computing strategy paper: Unleashing the Potential of Cloud Computing in Europe. In that document are key actions of the European Commission defined as follows: Standardization and certification Identification of detailed map of necessary standards assuring clients of reliability of cloud services (in cooperation with ETSI); Preparation of a list of voluntary certification schemes (with the support of the ENITSA organization); Definition of harmonized metrics for carbon emissions, water and energy consumption of delivering cloud services. Terms and Conditions Model terms and conditions preparation in agreement with stakeholders, particularly SMEs and consumers, taking into consideration Common European Sales Law and aspects that lie beyond, in order to build the trust of using cloud services and protect customers.

42 42 Cloud Strategies for Public Sector in Central and Eastern Europe European Cloud Partnership establishment Identification of public sector requirements for cloud computing services leading to joint procurement by public bodies; More information about the European Cloud Partnership is provided in further part of this chapter. As cloud computing technology develops, the European Union Cloud Computing strategy was extended from such specific areas as e-government and science into more general ones, encapsulating diverse sectors. The main goal of the Digital Agenda regarding cloud computing technology is to make Europe cloud-active, beginning with turning IT solutions in governance into the cloud. That is expected to be the acceleration for the cloud market, encouraging enterprises in particular SMEs to deploy As-a-Service solutions. The official strategic document claims that improving the cloud market generates benefits on both sides suppliers and client enterprises. Legislative changes The need to introduce legislative changes to Directive 95/46/EC over the protection of data was stipulated in the Digital Agenda for Europe, and draft amendments were submitted by the European Commission at the beginning of These amendments are intended to strengthen legal regulations concerning privacy on the Internet and boost the digital economy in the European Union, among others, by means of eliminating legal loopholes, simplifying the legislative environment, and establishing clear rules governing cross-border data transfers. Nevertheless, some experts contest the stipulated amendments will not solve the current problems related to cloud computing. Moreover, during the ECP Steering Board meeting in Tallinn it was pointed out that the legislative changes process in the European Union is time-consuming. At the moment, compliance guidance is claimed to be the most proper and effective solution. European Cloud Partnership (ECP) and research & development works The establishment of the so-called European Cloud Partnership (ECP) is of particular importance to the public sector. The undertaking was announced for 2012, and an initial budget of EUR 10 million was allocated to the cause. The ECP aims to unite representatives of the public sector, industry, providers, and the customers of services offered in the cloud. The ECP s objective is to increase the bargaining power of the public sector in negotiations with cloud computing services providers. This is to be achieved through an integration and harmonization of the public sector units approaches and the development of common standards for the purchasing process taking into consideration security issues and competition standards. The European Commission supports research and development in the area of cloud computing. The European Union s main tool for financing research and development is the Seventh Framework Program (FP7). Currently, FP7 also encompasses projects related to cloud computing solutions. Total financing amounted to more than EUR 382 million. Since its establishment, two official reports from the ECP Steering Board meetings have been published. The main areas of ECP s work are: Data security preparation of Cloud Certification Schemes, e.g. bronzesilver-gold security levels as well as Cloud for Europe project, elaborating the transparency of security processes; Standardization provision of map of standards for cloud computing services, excluding preparing new standards;

43 Cloud Strategies for Public Sector in Central and Eastern Europe 43 Model Terms and Conditions preparation of template SLA, the cloud decision flowchart and a cloud checklist; Cloud Code of Conduct planned to be complete by April Adoption of code by cloud suppliers is planned to be voluntary and is expected to build the businesses and citizens confidence. The official strategy of ECP is scheduled to be published before the October 2013 Council meeting. Consultation process In 2011 and 2012, a number of public seminars were carried out over cloud computing services for the purpose of developing a coherent strategy taking into account the needs, observations, and experiences of consumers and business representatives. Also in attendance were representatives of consumer organizations, associations of small and medium enterprises, the telecommunications industry, and hosting services as well as the European CIO Association. At the beginning of 2013 a web-based public consultation on future research priorities in cloud services took place. Cloud services stakeholders, including SMEs, academia, industry representatives, research institutes and user communities, were invited to the discussion. A summary report of the consultation was published in May 2013 which indicated the areas of necessary research work for the period within the Horizon 2020 Work Programme. The document defines the priority areas of future research within two objectives: Advanced Cloud Infrastructures and Services; Innovative Tools and Methods for Software Development. The European Union also takes part in a debate concerning cloud computing beyond Europe. European Union representatives, the US government, and cloud computing specialists have carried out seminars (July 2011) aimed at exchanging observations related to the legal aspects of security and service use, environment compatibility, and developing technical standards. A similar technical seminar, including experts and representatives of the Japanese government, was also organized in April After each seminar, reports were published summarizing the most important issues raised during the debates. Status of current work on cloud-related solutions carried out by selected European agencies European Network and Information Security Agency (ENISA) A consulting agency that advises member states on matters related to Internet security and contributes to the development and promotion of information systems community in the European Union, ENISA s objective is to improve network and information systems in the European Union. Critical Cloud Computing CIIP perspective on Cloud Computing 2013 Possible scenarios and threats to cloud computing solutions form the core of this report. It indicates the largeness of both advancement of security delivered by Cloud Computing suppliers and scale of potential breaches. Not only are cyber attacks and disruptions threats included, but also the impact of natural disasters and legal changes. Issues of Risk Assessment, Security Measures and Incident Reporting are raised and closed with ENISA recommendations. Security & Resilience in Governmental Clouds 2011 The main objective of this report is to specify the benefits and risks for data security as they relate to individual cloud models (community, private and public

44 44 Cloud Strategies for Public Sector in Central and Eastern Europe cloud). Moreover, the report presents recommendations for public sector entities which help to define requirements concerning the information security level guaranteed by cloud services providers. To a lesser extent, another objective of the report is to support the member states work over a development strategy for cloud computing services in terms of information security. Cloud Computing Benefits, Risks and Recommendations for Information Security 2009 This document describes the risks and possible benefits resulting from using a cloud environment. One of the most important recommendations to note from the report is a set of criteria which allow for the assessment of the risk of using cloud computing, compare the service offerings of various cloud providers, and obtain additional information from providers. European Telecommunications Standards Institute (ETSI) ETSI is an independent standardization organization in the European telecommunications industry. Test Descriptions for Cloud Interoperability 2013 This specific and technical report presents tests description for interoperability of cloud solutions, regarding OCCI (Open Cloud Computing Interface) and CDMI (Cloud Data Management Interface) standards. SLAs for cloud services 2012 The main objective of this paper is to define potential requirements for SLAs for cloud services and deliver the template SLA. QoS general characteristics, key actions to define them in a cloud-specific way and cloud services characteristics are described in this report. Initial analysis of standardization requirements for cloud services 2010 This document defines the requirements for standardizing cloud services. Status of current work carried out by selected countries related to the cloud computing use strategy United Kingdom Government ICT Strategy: Smarter, cheaper, greener The vision presented in this document indicated that an optimal use of ICT resources (by means of using cloud computing) by public sector units may bring savings amounting to GBP 3.2 billion a year. The government defined 14 key strategic areas, some of which are: The Government Cloud (G-Cloud) using cloud computing realizes use of government ICT resources, e.g. to increase capabilities, security, lower costs, and accelerate implementation processes. Data Center Strategy consolidating several hundred data centers used by the government and decreasing their number to 12. Government Applications Store (G-AS) establishing an on-line applications store for government institutions aimed at decreasing costs and accelerating purchasing processes. Shared Services resource sharing and utilizing the same applications in the cloud by many public administration units, mainly in the areas of HR, finances and purchases.

45 Cloud Strategies for Public Sector in Central and Eastern Europe 45 Figure 4.1: Great Britain ICT Strategy for Government Government ICT Strategy. Smarter, cheaper, greener January 2010 Government ICT Strategy March 2011 Partial strategies of the Government ICT Strategy: Government Cloud Strategy Greening Government ICT Strategy Government End-User Device Strategy ICT Capability Strategy October Application Store February Government ICT Strategy After coming into power in 2010, the new government released a subsequent ICT strategy in March 2011 indicating further consolidation of ICT resources, data centers, and the use of cloud computing. In October 2011, it released four partial strategies to complement the main ICT strategy: Government Cloud Strategy, Greening Government ICT Strategy, End-User Device Strategy, and ICT Capability Strategy. Government Cloud Strategy The strategy presents a vision of G-Cloud a cloud-based solution that is neither a service, a project, nor an application. It is a government program aimed at changing the purchasing process and using ICT resources at public sector organizations. G-Cloud was based on the following assumptions: shared government resources, infrastructure, software, and information accessible from various end-user devices (portable computers, smart phones, tablets); communication via a network connection often the Internet; discontinuance of the use of expensive custom-made systems; changes to purchasing and use of cheap, standard, and compatible with other systems applications; a once purchased application should be re-used by other government units; purchasing only the services that are required by the government administration; bearing costs connected with the intensity of use of a given solution; also intended to ensure scalability of services and quick adjustment to changing requirements; appropriate cloud computing standards intended to ensure the possibility to change an application or a provider;

46 46 Cloud Strategies for Public Sector in Central and Eastern Europe the principle of selecting a solution based on the public cloud whenever possible however, at all times the acceptable risk level needs to be ensured, and it needs to be proven that the selected solutions meet all requirements concerning information security assigned to a given area. The intended key component for G-Cloud was the Government Application Store, a portal, which was to be the primary source for all public administration units with any ICT needs. It was launched in February 2012 under the CloudStore name. It is an open platform, fully transparent to the administration, the market, and to citizens. It is to promote innovation, foster competition between providers, and attract new providers (enabling smaller providers to enter this market). Additionally, the portal makes it possible to assess services and providers and helps to buy the solution that fits best requirements, paying the lowest price. Because all public institutions that can use CloudStore are treated as a one customer, the prices for cloud solutions are lower than those individually purchased. The CloudStore has been launched to enable public sector units to purchase services without the tender offer process, and the offered products were to undergo prior accreditation. USA 25-point Implementation Plan to Reform Federal Information Technology Management According to this plan published in December 2010 to implement a federal IT resources management reform, the US government announced an immediate transition to the so-called Cloud First policy. The strategy outlined the following courses of action: the use of commercial cloud computing solutions by public sector units, whenever possible; the launch of private government clouds and the use of regional clouds by local and state governments; public sector commitment to use cloud computing solutions to the realization of new ICT solutions deployments, as long as a secure, reliable and cost-efficient solution is available; the government undertakes to ensure secure government platforms to facilitate the conversion to cloud computing solutions; each federal agency was obligated to identify three so-called must move services 1 ; access to cloud computing services offered by commercial providers accredited by the government for government units 2. Federal Cloud Computing Strategy The Federal Cloud Computing Strategy was a subsequent document published in February 2011 by the Federal Information Technology Management, U.S. Chief Information Officer. The document covered: benefits and compromises related to the implementation of cloud computing solutions; 1 These are supposed to be IT services intended for transfer to the cloud for the purpose of enhancing the efficiency of use of government administration IT resources. The agencies had 12 months to develop a migration plan and transfer the first of the identified services, and 18 months to transfer the remaining two services. 2 The government Cloud Environment Authorization Program was intended to enable agencies to use the existing accredited solutions or to use solutions already implemented by other agencies.

47 Cloud Strategies for Public Sector in Central and Eastern Europe 47 the decision-making structure and case studies to support agencies in the process of migrating to the cloud environment; the programs and tools available for supporting agencies in the migration process; identification of the federal government s roles and responsibilities in the acceleration of the migration process. The Strategy obligates agencies to reevaluate their IT resource use and to modify it according to the Cloud First policy in order to reflect the benefits of cloud computing (optimization of resource use, increasing their flexibility, and reducing their cost of use). The document also specified the phases of an evaluation and migration framework process. Figure 4.2: Migrating to cloud computing strategy divided by phases pursuant to the Federal Cloud Computing Strategy (USA) Select Provision Manage Identify which IT services to move and when - Identify sources of value for cloud migrations: efficiency, agility, innovation - Determinate cloud readiness: security, market availability, government readiness, and technology lifecycle Aggregate demand at department level where possible Ensure interoperability and integration with IT portfolio Contact effectively to ensure agency needs are met Realize value by repurposing or decommissioning legacy assets and redeploying freed resources Shift IT mindset from assets to services Build new skill sets as required Actively monitor SLAs to ensure compliance and continuous improvement Re-evaluate vendor and service models periodically to maximize benefits and minimize risks Source: The White House Washington, Federal Cloud Computing Strategy, 2011 Source: Federal Cloud Computing Strategy, 2011, US Dept. of Homeland Security The Federal Cloud Computing Initiative (FCCI) was launched in FCCI is administered by a working group of IT experts from over 25 federal agencies and departments. The FCCI s main objective is to popularize cloud computing solutions in the public sector by facilitating access to such services for government agencies and simplifying the tender offer procedure. Apart from the aforementioned Federal Cloud Computing Strategy, the FCCI coordinated the development of a Cloud Computing definition (according to the National Institute of Standards and Technology NIST ) and the launch of a government portal, Apps.gov. Selected initiatives supporting cloud computing development Apps.gov Apps.gov was launched in 2009 as one of the tools used by the US government to promote cloud computing solutions. Through Apps.gov, cloud computing services, including IaaS, business applications, social media software, and software facilitating an increase in government agencies productivity are made available to agencies. All applications available on the portal have undergone an initial accreditation process and are consistent with government requirements. Apps.gov is to accelerate the implementation of the cloud computing solution by streamlining the purchasing process.

48 48 Cloud Strategies for Public Sector in Central and Eastern Europe FedRAMP FedRAMP (Federal Risk and Authorization Management Program) is intended to accelerate the authorization process for cloud computing solutions. The Federal Information Security Management Act (FISMA) and NIST publications provide government agencies with guidelines regarding safe implementation and use of cloud computing services. Nevertheless, the interpretation and means of implementing these requirements and standards vary among individual agencies, which make the authorization process time consuming. The FedRAMP program enables agencies to use the results of authorization already carried out by other agencies. It is intended to help establish a consistent method of evaluating and authorizing cloud computing services and make it possible to implement an evaluate once, use many times risk evaluation model. Office of Management and Budget (OMB) budgeting guidelines The Office of Management and Budget released a general government policy regarding planning, budgeting, purchasing, and managing federal IT assets. The guidelines, released by OMB, required government agencies to implement cloud computing solutions, if such solutions are significantly more beneficial than the current ones. Moreover, OMB required all government agencies to carry out an assessment of alternative solutions offered in the cloud for: planned and currently implemented IT investments; IT investments intended to improve existing solutions; all operating IT investments; and to submit an official report on the assessment until September 2011, September 2012 and September 2013, respectively. Federal Data Center Consolidation Initiative Government analyses indicated a low level of IT resources utilization, a lack of cooperation among government agencies in regards to sharing an IT infrastructure, and the high operating costs of IT resources, e.g. the number of governmental data centers increased from 432 in 1998 to 2,094 in In response to the results of these analyses, a Federal Data Center Consolidation Initiative (FDCCI) was launched in February Its objective is: to reduce the cost of software, hardware, and labor required to operate the data centers; to increase the security of IT infrastructure used by the government; to support investments in more efficient technologies, e.g. in cloud computing; to promote the use of the so-called green IT solutions in order to reduce electrical consumption. FDCCI guidelines required government agencies to inventory their data center resources and to prepare consolidation plans in order to account for the costs in budgets created for the year Thanks to the FDCCI, the government plans on closing down a minimum of 800 data centers by the year FDCCI guidelines outline four methods to be used in the consolidation process: liquidation of redundant servers; centralization of data centers; virtualization; use of cloud computing KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

49 Cloud Strategies for Public Sector in Central and Eastern Europe 49 Other selected countries Table 4.1: Australia, Japan, Singapore Country Australia Selected information on the strategy for cloud computing utilization by public administration Cloud Computing Strategic Direction Paper published in 2011 by the Australian government describing the government s approach to cloud computing, which was developed following conferences attended by over 50 state-owned institutions, companies, and individuals. The strategy views cloud computing as a new way to provide selected ICT resources for governmental needs, and not just as a technology or a specific solution. The document also adopts a stance on the decision to use a cloud. Public administration agencies should use cloud computing services if: such services offer a good value for money; such services ensure appropriate level of security which entails meeting all mandatory requirements regarding information security. CLIC (Cloud Information Community) is a team composed of representatives of government agencies and individuals from various branches. The team is responsible for the development of subsequent documents within the realization of the strategy. The team collaborates, among others, with AIIA (Australian Information Industry Association). Cloud computing is also associated with two other government initiatives: the construction of a National Broadband Network; and the commitment to use open systems and standards, by taking into account the use of open source software, among other things. Prior to the strategy publication, the Australian government had actively used cloud computing, e.g.: many publicly available data and government Internet sites were transferred to the cloud; services, based in a public or a private cloud, were implemented by numerous other government agencies.

50 50 Cloud Strategies for Public Sector in Central and Eastern Europe Country Japan Selected information on the strategy for cloud computing utilization by public administration In Japan, the cloud computing strategy is defined by two documents published in 2010: a development strategy released by the Ministry of Internal Affairs and Communications (MIC) and a strategy released by the Ministry of Economy, Trade and Industry (METI). The Japanese strategy intends to maximize the use of cloud computing and to stimulate the development of new markets. The government should create an environment for development through financing research and development and by promoting the use of various services in the cloud. The strategy postulates: the development of a suitable legal framework specifying the principles of cloud use; the development of an advanced ICT industry with particular attention to cloud computing. The strategy also focuses on reduction of carbon emissions. Kasumigaseki Cloud a platform to be used by ministries and central government agencies (community cloud). The government plans to launch it by the year It is intended to offer shared services, allow for integration and consolidation of hardware assets, and, as a result, reduce costs and increase the quality of services for citizens. Jichitai Cloud a cloud intended to support local governments. The government has been developing this solution since 2010, and by 2015, it will include all local government units. Its aim is to reduce administrative costs related to the resident data management, tax issues, and strengthen cooperation between local governments. J-SaaS a platform providing software according to the SaaS model directed at small to medium-sized enterprises. Created by the government, J-SaaS offers services related to financial reporting, tax, security and project management, as well as analytical tools KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

51 Cloud Strategies for Public Sector in Central and Eastern Europe 51 Country Singapore Selected information on the strategy for cloud computing utilization by public administration egovernment Masterplan Collaborative Government (egov 2015) a document published by the government in Singapore in The document describes a strategy for the use of the latest ICT technologies with the purpose of creating an interactive environment promoting teamwork between the government, society, and private sector. One of the key areas of this strategy consists of a transformation of the infrastructure and services provided by the public sector through the use of the cloud, among others. The strategy guidelines assume the use of: commercial public clouds for providing services with less strict security management requirements with the purpose to reduce IT infrastructure costs; private government cloud (Central G-Cloud) for providing services with stricter security management requirements for all government units; private clouds for government agencies (Agency G-Cloud) created in case when solutions offered by the Central G-Cloud and public clouds are unable to satisfy the specific requirements of individual departments; it is required that the created cloud integrates with the Central G-Cloud. Moreover, Central G-Cloud is to serve as a platform for other centrally-governed services provided by the government, such as: SingPass (access authorization system) and e-payment services; providing applications in the form of the SaaS model to government agencies for the customers/citizens relations management and Internet service content management, among others. affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

52 52 Cloud Strategies for Public Sector in Central and Eastern Europe 5 Main Risk Areas Related to the Use of Cloud Computing in the Public Sector

53 Cloud Strategies for Public Sector in Central and Eastern Europe 53 Due to the early stage of development, conversion to cloud computing by public administration institutions is associated with many risks, both operational and legal in nature. The most important operational risks are concerned with data security, migration of data/applications to a new environment, and integration between different cloud-based solutions. However, most of these risks can also be encountered in the traditional IT infrastructure model. Many legal regulations still do not take into account the specifics of cloud computing, which leads to legislative ambiguities and risks associated with cloud use. Legal aspects that require particular attention in the event of implementing cloud-based solutions include the security and export of personal data and the protection of classified information. Main areas of operational risk related to the use of cloud computing in the public sector The following list of operational risk areas covers key issues that should be analyzed by an organization in the process of deciding whether to use the cloud. Figure 5.1: Operational risks related to the use of cloud computing in the public sector Operational risks Migration of current application/software and data to the cloud Interoperability between clouds and provider selection Data security Internet access Flexibility of contracts Relations with entities that a given user collaborates with in a cloud

54 54 Cloud Strategies for Public Sector in Central and Eastern Europe Migrating current applications/software and data to the cloud Implementing a cloud computing solution appears relatively simple when constructing an IT system from scratch. Yet, in the event of integration or migration of data to a cloud solution from a system operating on a traditional model, the organization may encounter various technical problems. A huge barrier is the lack of software compatibility between the user and the provider. The risk exists that, upon implementation, the user will not be able to launch their own applications in the provided environment (e.g. the software and provided programing environment have been developed by different producers). Another problem that might arise is access to archive data after the conversion from software used in the traditional model to software as a service (SaaS). This occurs often when electronic mailing service is transferred to the cloud, and the access to messages in the archive is hampered, or migration entails considerable costs. Interaction between clouds, provider selection Agreements concerning cloud services are usually signed for a relatively short period of time which, nevertheless, does not protect the client against the provider lock-in when a service recipient becomes dependent on the service provider. The variety of software architecture used by individual providers within cloud computing may make it impossible for the client to migrate between clouds of different providers. Using open standards and ensuring service and software integration would diminish this risk. Such an approach would simplify data transfer between clouds and, at the same time, increase competition between providers. However, it should be added that lock-ins can also be observed in the traditional model of using IT services, in particular when organizations use dedicated software. Data security The issue of data security in the cloud is broadly discussed on an international forum, and opinions on this matter vary. Using cloud computing is associated with the need to hand over control over some data to the service provider. In the case of failure on the side of the service provider, access to client-critical data may be limited, or there is a risk that data may be lost altogether. Moreover, in the cloud computing model, clients share IT resources which may expose them to the risk of a data leak. Another problematic matter is the possibility that the cloud service provider s employee accesses the cloud user s data. Furthermore, with the increase in customers for a given provider, the threat of cybercrime increases. Large data centers are an attractive target for hackers. It should be noted that cloud service providers usually employ qualified, specialist staff, and security concerns make up their core scope of work. That is why the security level guaranteed in a cloud is often unattainable by smaller entities that do not have access to expert knowledge in this field.

55 Cloud Strategies for Public Sector in Central and Eastern Europe 55 Another issue related to data security in a cloud relates to permanent data removal. Due to the constant process of creating backups, the risk exists that, in the event that a client nulls the cloud service agreement, the user will not be able to permanently remove the entrusted data from the mass memories of the provider. Internet access Dependency on Internet access by services in the cloud may be one of the greatest technical obstacles limiting the use of cloud computing solutions. Entities which do not possess an Internet connection with the adequate parameters may be unable to fully make use of offered services. A large quantity of data exchanged between the client and the cloud entails the need to have an Internet connection with required capacity. Furthermore, Internet connectivity issues may result in temporary problems with access to user s data and with it, destabilize the user s operating activity. These inconveniences may be mitigated with the use of several Internet service providers but such a solution involves additional costs. Contract flexibility Services in the cloud are usually offered in packages. As a consequence, the services required by a user are only available with other additions that the user has no interest in. Furthermore, services are often directed at many customers (such as those offered in a public cloud model) so they do not always correspond to an individual client s needs. This situation concerns especially smaller entities, which have limited bargaining power in negotiations with providers and have to use ready-made solutions. Larger institutions, due to the scale of their implementations, may often count on tailor-made offers. Relations with entities for which a given user collaborates with in a cloud Cloud computing services have not matured yet which makes many organizations approach such solutions with skepticism. Clients considering using cloud computing services should take into account the position of collaborating entities, e.g. other public administration units which may have stricter security requirements. These entities may fear being indirectly exposed to additional risk, e.g. the threat of data loss or leak. It also should be noted that cloud services providers often use services from external parties, and contracts concerning cloud services rarely mention this subject. Contracts usually only include a statement that the provider will make sure the third party will ensure an appropriate security level. This generates additional uncertainty for the client and it may affect the confidence of contracting parties to entities operating in the cloud.

56 56 Cloud Strategies for Public Sector in Central and Eastern Europe 6 Research Surrounding Cloud Computing Trends in Central and Eastern Europe (CEE)

57 Cloud Strategies for Public Sector in Central and Eastern Europe 57 The first section is a summary of observations and findings regarding general trends, approaches, and adaptations of cloud computing in Central and Eastern Europe (CEE). The items below are based on research by KPMG firms in various CEE countries. The second section contains examples of the cloud computing application in the public sector in CEE specifically by country. Additionally, the section includes country-specific details on the points discussed in Section 7. General observations and research on cloud computing trends in CEE Responsibility for IT resources Overall, responsibility for IT resources, including IT-related projects, lies at various levels of public administration. Usually, there is a ministry or agency, at times even multiple ministries/agencies, responsible for IT resources at local and national government levels. At a local level, each municipality and city office typically has its own IT department. Internal IT departments often make proposals and suggestions for software, hardware, and projects, while municipalities, city offices, and local and national governments designated ministries make the final decisions regarding purchase and implementation. Strategic documentation of IT strategy and cloud computing There are not many cloud computing-specific documents or strategies that can stand alone and be used as guides for the public sector. Instead, most cloud computing references are simple mentions within an overall, general IT strategy at a national level. Estonia, Hungary, Latvia, and Slovenia have more developed sections covering cloud computing in their IT strategies, which are related to specific cloud development plans. Data centers For the most part, CEE countries have decentralized data center systems. Governments and public administration at national and local levels maintain individual centers on-site or at a specific location. In Croatia and Hungary there are initiatives to create centralized data centers. An international KPMG study* noted that centralizing data centers and optimizing data center resources are key indicators that a country is in the process of implementing cloud computing solutions in the public sector. * KPMG International The Clarity in the Cloud: A global study of the business adoption of Cloud, 2011

58 58 Cloud Strategies for Public Sector in Central and Eastern Europe Constraints and barriers to public sector use of cloud computing services Lack of relevant regulation, restrictive regulations, data security, and EU funding are the most frequently listed barriers to converting to cloud computing. The EU funds a portion of purchased IT hardware to ensure infrastructure stability in a given country; therefore, the public sector has deemed that costs are lower when they purchase and own hardware rather than renting it, as is in the case of the cloud. Other barriers mentioned are: the current financial crisis has made investing in the cloud unappealing financially (Croatia); a strong relationship between government and IT vendors reluctant to switch from the traditional model (Czech Republic); service-level agreements (Estonia); wariness over issues related to interoperability between legacy and new systems and transfer of data to the new system (Romania). Specific laws implemented in order to facilitate the use of cloud computing services in the public sector At the moment, there are no specific laws that facilitate and define the use of cloud computing services in the public sector. Additionally, with the exception of Hungary and Estonia, there are no tender offers pending to provide cloud computing services. For Hungary, there is one tender offer pending in the first quarter of 2013 for services rendered at the national level from a telecommunication company. In the case of Estonia, there are two tender offers for cloud service-based solutions: one development is in the transport information system under the National Intelligent Transport System action plan, and the other in the construction area in the Register of Economic Activities. Types of service models used Currently, CEE countries are preparing to implement or have already implemented cloud computing service projects. However, there is no single trend of the type of cloud service models selected for the implementation. Projects are aimed toward services that must be provided by the public administration sector. Therefore, the cloud computing service models used typically range from IaaS to PaaS to SaaS KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

59 Cloud Strategies for Public Sector in Central and Eastern Europe 59 Bulgaria Country Insight: Use of cloud computing by the public sector in Bulgaria Responsibility for IT resources Governmental level Responsibility for the different aspects of IT at the government level is fragmented across public administration bodies. The IT departments within particular ministries and state agencies are responsible for the selection, purchase, and deployment of hardware, software applications, and information systems used in the respective organization. In some cases, the purchase of software licenses for use by multiple government organizations is pooled and carried out by the executive (the Council of Ministers). The communication network infrastructure which is provided to public administration (both the central and local government) is deployed, managed, maintained, and developed by the Electronic Communication Networks and Information Systems agency which is a subsidiary of the Ministry of Transport, Information Technology, and Communications. The Electronic Governance directorate within the Ministry of Transport, Information Technology and Communications is responsible for managing the implementation of the national e-governance Strategy. Local level Local government bodies, such as municipalities and city offices are to large extent responsible for all aspects of IT within their organizations. They can apply to use the communication network infrastructure which is provided to public administration bodies by the Electronic Communication Networks and Information Systems agency. Strategic documents on IT strategy for public sector/government The General Strategy for Electronic Governance in the Republic of Bulgaria The Concept for Electronic Governance in Bulgaria The Bulgarian National Interoperability Framework for Governmental Information Systems. Agency-specific strategic documents. Case Study: Ministry of Finance Services available The Ministry of Finance has created a private cloud in order to optimize the number of physical servers it manages and to provide for the flexible usage of the available system resources. This infrastructure as a service project is the first of its kind in the public administration in Bulgaria. Provision of access to the services Availability of services Rules for use of services available The private cloud is based on Microsoft System Center 2012 (SCVMM, SCCM, SCOM) and Microsoft Windows Server 2008 R2 using a failover cluster. Services are available to particular departments of the Ministry of Finance. Employees of the Ministry of Finance can use the services provided by the private cloud. 3 This document briefly states that in relation to that deployment of service-oriented architecture principle, cloud computing should be used in order to optimize IT resources, including data centers within the public administration, to increase their computational capabilities, tighten the security of information, and decrease the amount of time and monetary costs required to manage IT resources KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

60 60 Cloud Strategies for Public Sector in Central and Eastern Europe Croatia Country Insight: Use of cloud computing by the public sector in Croatia Responsibility for IT resources Governmental level IT departments within particular ministries are entitled to take decisions concerning IT infrastructure/systems/application. However, approval of ministry and/or the government is required for each larger project. A significant part of the IT projects carried out by the public sector is provided by two public companies, APIS IT and FINA, as well as a number of private companies. Central State Office for e-croatia is responsible for informatization and modernization of the public sector in Croatia. Recently, the Office has been merged with the Ministry of Public Administration, thus adding informatization and modernization tasks to the scope of the Ministry. The key role in this process belongs to the Commission for Public Administration Informatization, whose role is to steer development and coordination of all tasks and projects concerning ICT in the public sector, with a goal of system rationalization and increased quality of public services. A minor part of the provided services is financed by the EU, approximately 13%. Local level Most of the larger municipalities/towns have established IT departments, however a number of municipalities relies on services provided by the Office for e-croatia. Strategic documents on IT strategy for public sector/government The Office for e-croatia activities are defined as one of the government s top priorities. Consequently, several official strategic documents have been adopted: Strategija Razvoja Elektroničke Uprave u Republici Hrvatskoj za Razdobolje outlines the strategy for improvement of the public administration by application of information and communication technology. Centralization of all government databases based on cloud services is widely discussed. However, no official strategic document on the use of cloud computing services by public administration has so far been published. Case Study: Universities and higher education institutions Services available Virtual private servers are available to public university and higher education institutions. Provision of access 2 Mbit/s access to Internet is required. to the services Availability of services Rules for use of services available Open for every public university and higher education institution in the Republic of Croatia. Open for every public university and higher education institution in the Republic of Croatia.

61 Cloud Strategies for Public Sector in Central and Eastern Europe 61 Czech Republic Country Insight: Use of cloud computing by the public sector in Czech Republic Responsibility for IT resources Governmental level IT Strategy principles have been defined by the initiative Smart Administration which established the framework for IT services development in the public sector with the main goal of quality improvement considering all services provided by public bodies and communication improvement with all citizens and other entities. The Ministry of the Interior is accountable for the design and implementation of governmental IT strategy, however there are parts of this strategy being implemented by other ministries and governmental bodies. IT departments within particular ministries are entitled to take decisions concerning IT infrastructure/systems/application. All activities and decisions must be aligned with the central strategy (e-government). E-Government includes several key projects and activities covered within the egon program, including: Czech POINT a system with easily accessible contact points for citizens. KIVS Communication infrastructure of public administration, ensuring secure data transfer. E-Government Act the Act on electronic acts and authorized conversion č.300/2008 Coll. Basic registers of public administration safe and current database of data about citizens and state and non-state actors. ISDS Data boxes new electronic documents delivery system PVS Portal of the Public Administration (communication platform between citizens and public bodies). Local level Local administration is partially connected using central communication infrastructure and central information systems. Operative level is in the hands of individual municipalities. Strategic documents on IT strategy for public sector/government Document concerning Strategic framework for egovernment is currently being prepared. Case Study: A large public body Services available The large public body has transformed distributed IT environment (supporting core processes) to private cloud solution in the meaning of IaaS and PaaS. Provision of access to the services Availability of services Rules for use of services available Web portal compatible with common web browsers or appropriate application clients. Available only for internal employees from the public body and its subsidiaries. Supporting everyday operations by end users employed by the public body (only internal use).

62 62 Cloud Strategies for Public Sector in Central and Eastern Europe Estonia Country Insight: Use of Cloud Computing by the public sector in Estonia Responsibility for IT resources Governmental level In Estonia, the Ministry of Economic Affairs and Communications is responsible for general ICT coordination more precisely the Department of State Information Systems (RISO). Department tasks include the coordination of state ITpolicy actions and development plans in the field of state administrative information systems (IS): state IT budgets, IT legislation, coordination of IT projects, IT audits, ICT standardization, IT procurement procedures, and international cooperation in the area of state IS. The Estonian Information System s Authority (RIA), which is a subdivision of the Ministry, coordinates the development and administration of the state s information system, organizes activities related to information security, and handles security incidents that have occurred in Estonian computer networks. RIA advises public services providers on how to manage their information systems as per requirements, and monitors them. In addition, RIA is an implementing entity for the European Union structural assistance. Every ministry has its own IS development center, the most important of which are the IT and Development Center of the Ministry of the Interior, the Information Technology Center for the Ministry of Finance and Center of Registers, and the Information Systems of the Ministry of Justice. Local level The Ministry of Interior governs information society development issues for local governments under the general ICT coordination of the Department of State Information Systems. Local governments develop their information systems independently under the coordination of the Estonian Cities Association and the Municipalities of Estonia Association. Strategic documents on IT strategy for public sector/government Strategic documents concerning IT strategy include: Estonian Information Society Strategy 2013; Implementation Plan of the Estonian Information Society Strategy; Estonian Information Society Strategy 2020, which is currently in the approval phase; The Estonian Information Society Strategy 2020, which contains provisions for the development of cloud computing infrastructure and services.

63 Cloud Strategies for Public Sector in Central and Eastern Europe 63 Case Study: Data exchange Services available The data exchange layer X-Road is a technical and organizational environment, which enables secure Internet-based data exchange between the state s information systems. Public and private sector enterprises and institutions can connect their information systems with X-Road. This enables them to use X-Road services in their own electronic environment or offer their e-services via X-Road. Joining X-Road enables institutions to save resources, since the data exchange layer already exists. This makes data exchange more effective, both within state institutions as well as regarding the communication between citizens and the state. X-Road is a specific cloud for all e-government services. Provision of access to the services Availability of services Rules for use of services available Common broadband access to Internet with specific security adapter server requirements. Public and private sector enterprises and institutions can connect their information systems with X-Road. Comprehensive guidance materials include: System Integration Process of Government Information Systems; Security server user s guide; Requirements on information systems and adapter servers. The basis of the legislation is the Data Exchange Layer of Information Systems regulation of the government of the Republic of Estonia. affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

64 64 Cloud Strategies for Public Sector in Central and Eastern Europe Case Study: Post e-invoicing Center Services available Internet cloud-based services offer a reliable and highly available environment for billing management for both large and small businesses. The Estonian Post e-invoicing Center is an e-invoicing operator that offers a reliable and proven infrastructure allowing the switch to massive e-invoicing all over Estonia far before 2020, when e-invoicing should become the predominant billing method in Europe, as stipulated in European Union development plans. Services for the public sector offered by contract with the State Support Services Center of the Ministry of Finance include: Centralization of accounting within every ministry, payment through the State Treasury; Provision of access to the services Availability of services Rules for use of services available Every-day accounting in one SAP-system, supported by the Ministry of Finance; Electronic documents, including e-invoices; Electronic reports for the needs of ministries and agencies. Common broadband access to Internet. Ministries join with the Support Center and use e-invoicing Center services by agreement. There are statutes for services and common agreements regarding party liabilities and service conditions defined in service-level agreements. Case Study: VisitEstonia.com Services available The official tourist information website VisitEstonia.com, managed by the Tourist Board, utilizes cloud-based services and includes these sections: About Estonia; Things to See and Do; Destinations; Accommodation; Travel and Transportation; Travel planner. Provision of access Via an ordinary Internet connection. to the services Availability of It is open to all interested users. services Rules for use of services available No specific rules; there is a platform as a service agreement.

65 Cloud Strategies for Public Sector in Central and Eastern Europe 65 Hungary Country Insight: Use of cloud computing by the public sector in Hungary Responsibility for IT resources Governmental level Ministry of National Development State Secretary for Government Info-communications coordinate e-government developments, manages tasks related to IT infrastructure for public administration and e-inclusion. Ministry of Public Administration and Justice Central Office for Administrative and Electronic Public Services (COAEPS): as a public administration authority operates, manages and maintains the most important authentic registers. COAEPS operates the Government Portal and other public administration websites, provides IT support for conducting elections, for referendums and for national consultations as well. Governmental Information Technology Development Agency manages governmental IT projects. National Info-communications Service Company: implements and operates governmental infrastructure and supports electronic public administration applications. Local level Local authorities at each level are entitled to take decisions concerning their own IT solutions; an EU-funded ASP (Application Service Provider) solution development is in progress. Strategic documents on IT strategy for public sector/government The Ministry of National Development issued the draft National IT Strategy , which is scheduled to be approved by the government by the end of The document includes the development of public administration IT based on modern infrastructure. In the ongoing EU-funded Electronic Administration Operational Program (EAOP) of the government the second Pillar (Supporting access to public administration services) and the following project includes the cloud computing services: EAOP Foundation of Governmental Data Center and IT value-added services (Governmental Cloud).

66 66 Cloud Strategies for Public Sector in Central and Eastern Europe Latvia Country Insight: Use of cloud computing by the public sector in Latvia Responsibility for IT resources Governmental level IT departments within particular ministries are entitled to take decisions concerning IT infrastructure/systems/application. No external consultations are required. The Ministry of Environmental Protection and Regional Development (MEPRD) manages large e-government projects, including those supported by EU funds. The State Regional Development Agency (SRDA) is known in Latvia as a national regulatory authority promoting regional development. The SRDA is an authority operating under the supervision of the MEPRD, and manages state support programs and the activities of European Union Structural Funds. Currently many IT projects at the governmental level are implemented via EU funds. Since 1 June 2009 the SRDA is in charge of the functions of the Secretariat of the Special Assignments Minister for Electronic Government Affairs (after elimination of the secretariat), and thus it is now responsible for implementation of e-procurements and e-services. The SRDA maintains and develops the unified state and municipal services Internet site where categorized links to Latvian Internet resources offer the possibility for centralized access to various electronic services offered by different state and municipal institutions. The SRDA also manages the Electronic Procurement System available at This is the first e-procurement system in the Baltic states, which organizes procurements in a unified manner. Local level There are several levels of local administration, but each level is entitled to take its own decisions concerning IT solutions. For example, each city hall is entitled to take a decision concerning IT solutions that will be used by their body and subordinate units. Strategic documents on IT strategy for public sector/government Strategic documents concerning IT strategy include: Latvian National Development Plan ; The Information and Communication Technologies for the Quality of Education ; Latvia s Plan of Strategic Development ; Guidelines for Information Society Development Plan ; Latvian e-government Development Plan ; (The plan indicates the need for research into use of cloud computing and semantic webs in the public sector. The research should be carried out by the end of next year.); Electronic Skills Development Plan for ; Guidelines for Information Society Development Plan (project); Strategy of the Sustainable Development of Latvia through the year 2030; Riga City Council ICT Development Strategy Plan for 2013 to 2016 (proposes to implement cloud computing solutions) KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

67 Cloud Strategies for Public Sector in Central and Eastern Europe 67 Case Study: Web portal Services available Web portal offers centralized access to various electronic services offered by various state and municipal institutions. It is planned to use this platform for developing the main core of a decelerated electronic mail address system, and to use this portal as main communication channel with government. Provision of access to the services Availability of services Rules for use of services available Through public and local networks, Internet as authentication using internet banks, MobileID, Latvia electronic ID card. Service is open for use to citizens and businesses. Each provided service has its own description and rules of usage. The citizen must agree to the terms before receiving the service. Case Study: Riga City Council Services available One of the biggest challenges for Riga City Councils in was the ICT centralization and UEW solution implementation in local authorities, including schools. There are more than 100,000 school employees and children of school age in Riga city schools. Regarding the business case, it was impossible to distribute information electronically and there was no managed solution for Riga schools; the s of school employees were neither official nor standardized. Implementation of Microsoft Live@edu s enabled the sending of electronic versions of internal documents for employees such as salary information and personal income tax notices, which are required by Latvian law. This replaced the previously existing procedure to send documents in printed form. The scope of Microsoft Live@edu project includes providing s for all employees and pupils using the Microsoft Live@edu Cloud solution. The creation of this support made for not only the need for new hardware and network infrastructure, but also for additional workforce to support and administer it. Microsoft Live@edu services have measured up to enterprise grade requirements and can fully satisfy the regulatory obligations of the Riga City Council. Provision of access to the services Availability of services Rules for use of services available Through the local network and public network as authentication using internet banks, MobileID, Latvia electronic ID card. Employees and citizens. Described for each service separately.

68 68 Cloud Strategies for Public Sector in Central and Eastern Europe Poland Country Insight: Use of cloud computing by the public sector in Poland Responsibility for IT resources Governmental level Every ministry has its own IT department inside its organizational structure. The IT department is entitled to make decisions concerning IT infrastructure/systems/applications that are needed for the ministry. No external consultations are required. The Ministry of Administration and Digitization (MAD) is the body, which oversees the running of large e-government projects, including those supported by EU funds. There is also the IT Project Center ITPC (Centrum Projektów Informatycznych CPI), reporting to MAD. The ITPC carries out the tasks assigned by the MAD or tasks transmitted for execution by public bodies. Each public sector organization may delegate tasks related to planning, management and implementation of IT systems/application to the ITPC, however the final decision on acceptance of delegated tasks by the ITPC is subject to approval by the MAD. Currently many IT projects at the governmental level are supported by EU funds. The MAD is an implementing agency for projects that received financing in accordance with a decision by the Ministry of Regional Development within the 7-point Innovative Economy Operating Program. As a consequence of its role, MAD has the ability to monitor realization of these projects. Local level There are several levels of local administration, but each level is entitled to make its own decisions concerning IT solutions. For example, each city hall is entitled to make a decision concerning IT solutions that each institution will use. Strategic documents on IT strategy for public sector/government Państwo 2.0 Nowy Start Dla E-Administracji this document summarizes the current state of IT projects that are carried out by different ministries and other public organizations. Strategy for Development of the Information Society Program Zintegrowanej Informatyzacji Państwa this strategy document defines key challanges for digitalization of public institutions, particularly delivery of e-services by public administration to citizens and enterprises.

69 Cloud Strategies for Public Sector in Central and Eastern Europe 69 Case Study: Ministry of Administration and Digitalization Services available On the national level, there are no services available, but the Ministry of Administration and Digitalization has started a project designed for local governments. The aim of the project is to create private cloud for local government. Currently, there is an open technical dialogue being conducted, engaging entities that have experience in the following areas: Building of computing centers, with necessary IT infrastructure and IT, with necessary IT infrastructure and IT Management center, delivering private cloud solutions Provision of access to the services Availability of services Rules for use of services available Development of virtualized IT infrastructure for IaaS services provision Delivery of PaaS solutions Development of SaaS solutions Research and Development experience in cloud computing solutions. There was also a survey conducted amongst local governments representatives. The aim of the survey was to select cloud computing solution required by them. Currently there are no services available but in the survey the following services were listed: Compute as a service; Backup as a service; Storage as a service; Platform as a service in order to create e-learning; Application as services (application dedicated to schools, connectivity with citizens, forums, legal consultations; Enterprise Resource Planning (ERP); Customer Relationship Mangagement (CRM)). 2 Mbit/s access to Internet is required. Open for every unit from public sector. Detailed information is not yet available. Case Study: Ministry of Administration and Digitalization Services available MAD implemented Unified Communication as a Service (UCaaS) in the office. It concatenates fixed telephony services, tele- and videoconferences as well as other NGN services (e.g. IVR, recall, hold) in one comprehensive Service Level Agreement and one transparent charging. Development of UCaaS solution took one month. Provision of access to the services Availability of services Rules for use of services available Access through terminals provided by UCaaS supplier IP phones Cisco 6921 and Cisco Services are available to MAD employees. No specific information.

70 70 Cloud Strategies for Public Sector in Central and Eastern Europe Case Study: Ministry of Finance Services available The project of Consolidation and Centralization of Customs and Tax System, led by the Ministry of Finance, aims at creation of a platform delivering financial e-services as follows: e-customs e-taxes e-registration e-declaration Because of the periodicity of use of listed services, the Ministry decided to develop a Cloud Computing model, enabling scaling of needed computing performance and providing constant availability of e-services. The project is in progress and IT infrastructure and systems should be developed by June Provision of access to the services Availability of services Rules for use of services available Through the local network and public network with authentication. In the future, it is planned to provide one interface and work similar to bank accounts with individual account numbers and all tax and customs information in one place. It will be open for citizens and entrepreneurs. Described for each service separately.

71 Cloud Strategies for Public Sector in Central and Eastern Europe 71 Romania Country Insight: Use of cloud computing by the public sector in Romania Responsibility for IT resources Governmental level IT departments within particular ministries are entitled to take decisions concerning IT infrastructure/systems/application. No external consultations are required. The Ministry of Communications and Informational Society (MCIS) manages large e-government projects, including those supported by EU funds. There are many entities coordinated by MCIS: National Management Center for Informational Society; National Center Digital Romania ; National Institute for Research and Development in IT; National Center for Studies and Research in Communication; Romanian Post Company; Radiocom (communication company). Many of the IT projects at the governmental and private levels are supported by EU funds. Local level There are several levels of local administration, but each level is entitled to take its own decisions concerning IT solutions. For example each city hall is entitled to take a decision concerning IT solutions that will be used by that body and its subordinate units. Strategic documents on IT strategy for public sector/government Digital Agenda for Romania a document, whose purpose is to obtain EU funding for IT projects. Digital Agenda for Romania currently under development with plans to include postulates related to cloud computing. There are some specific laws and requirements, whose aim is to centralize some public administration/e-government services, but only a few have been successful (e.g. a unique public administration procurement portal).

72 72 Cloud Strategies for Public Sector in Central and Eastern Europe Case Study: National Supercomputing Program Services available Services provisioned thanks to the National Supercomputing Program include infrastructure and platform as a service. IT resources are pooled by MCIS through the National Management Center for Informational Society (from MCIS data centers). Local and central public entities can use the storage to install their e-administration or e-government applications. Provision of access Gigabit access. to the services Availability of Any entity from public sector. services Rules for use of Detailed info not available. services available Case Study: Ministry of Education Services available The main business need of the Ministry of Education was to handle peak data traffic generated each July by students applying for high-schools through an admission application. The IaaS solution based on Windows Azure by Microsoft was purchased, providing a constant server availability even in peak periods. In the rest of the year, the application usually uses internal servers and the IaaS infrastructure is not used. Deploying IaaS, the Ministry was able to develop new application functions, e.g. advanced searching. Provision of access Gigabit access. to the services Availability of services Rules for use of services available Services are available for admission application administrator. Resources are used only when they are needed and the charge is adequate to the use.

73 Cloud Strategies for Public Sector in Central and Eastern Europe 73 Serbia Country Insight: Use of cloud computing by the public sector in Serbia Responsibility for IT resources Governmental level IT departments within ministries are entitled to make proposals regarding some decisions concerning IT hardware and software, but the IT budget for each ministry depends on the overall budget dedicated to the ministries and these are accepted every year by the Serbian parliament. The Ministry of Foreign and Internal Trade and Telecommunications via its Division for Electronic Communications, Information Society and Postal Services is responsible for i.e.: Determining the policy and strategy of development of the information society in Serbia; Preparation of law, other regulations, standards and measures in the area of electronic businesses; Development and promotion of academic, i.e. educational and scientific research regarding the computer network; Protection of data and information security; International businesses in the area of information society. The Directorate for Digital Agenda, as an administrative authority within the Ministry of Foreign and Internal Trade and Telecommunications, has responsibilities including i.e.: implementing a strategy in the area of information society and electronic telecommunications; application of information and communications technology; offering of information services; development and functioning of information and communications infrastructure, improving, development and functioning of information systems of state bodies, territorial autonomy, local self-government and public services; development and application of standards in introducing information and communications technology in state bodies, territorial autonomy bodies, local self-government and public services; creating conditions for realization of projects financed by EU pre-accession funds, donations and other forms of development help in the information society and electronic communications areas; determining a strategy and development policy for electronic communications and postal services; international businesses in the area of electronic communications and postal services. Local level Municipalities and cities have their own (local) budgets and IT departments. Each municipality is entitled to take decisions concerning IT solutions that will be used and are independent in their decisions. Some municipalities do not have their own IT departments. Publicly-owned companies also have their own IT departments and are generally dependent on budgets that are accepted by the parliament. Internal distribution of the budget is decided by the company s management board.

74 74 Cloud Strategies for Public Sector in Central and Eastern Europe Strategic documents on IT strategy for public sector/government Strategy for development of information society in Republic of Serbia until 2020 together with the strategy in the telecommunications sector constitutes the Digital Agenda for Serbia. It is an act of the government which comprehensively defines the basic objectives, principles and priorities of the development of the information society and the activities which should be undertaken in the period covered by this strategy. The Strategy for development of information society in Republic of Serbia until 2020 briefly describes the importance of cloud computing services. Also, there is the Decision of the National Bank of Serbia on the minimum standards of information systems of financial institutions. Financial institutions (banks, insurance companies, financial leasing providers and voluntary pension fund management companies), including those that are publicly owned, are supervised by the National Bank of Serbia. This decision is intended to provide comprehensive guidance on internal IT processes and IT controls and includes general compliance recommendations loosely based on ISO series standards. Other relevant documents include: Strategy on domestic telecommunication industry; Strategy on electronic communications; Strategy on science and technological development Strategy on development of e-government; Strategy on intellectual property; Strategy on high speed network access; Strategy on personal data protection.

75 Cloud Strategies for Public Sector in Central and Eastern Europe 75 Slovakia Country Insight: Use of cloud computing by the public sector in Slovakia Responsibility for IT resources Governmental level Every ministry has its own IT department inside its organizational structure and is entitled to make decisions concerning IT infrastructure/systems/application that are needed for the ministry. The Ministry of Finance of the Slovak Republic (MF SR) is responsible for ICT and information society at the governmental level. The competence is granted by Act No. 275/2006 Coll. on Information Systems in Public Administration and Decree No. 212/2010 on Standards for Information Systems in Public Administration issued by MF SR. The Ministry of Finance is a provider and oversees the running of large e-government projects, including those supported by EU funds (e.g. Operational Program of Informatization of Society (OPIS)), while The Government Office of the Slovak Republic is responsible for OPIS management. Specific projects run by institutions under public administration are under the control of the Ministry of Finance. Currently, almost all of IT projects at the governmental level are supported by EU funds. Local level There are several levels of local administration, but each level is entitled to make its own decisions concerning IT solutions. For example, each city hall is entitled to decide on the IT solutions that will be used by the body and its subordinate units. But, nowadays, the Association of Cities and Villages of the Slovak Republic has developed the Common Data Center of Cities and Villages project which is implemented via EU funds. All municipalities can join this project and use shared services regarding their municipal agendas. Strategic documents on IT strategy for public sector/government In 2008, the Government of the Slovak Republic approved two basic strategic documents regarding the computerization of public administration: e-government Strategy, The National Concept of Public Governance Informatization, The National Strategy for Information Security in the SR, Action Plan for the National Strategy for Information Security of the SR , Proposal of the System of Information Security Education in the SR. These documents are updated in accordance with the progress and experiences in public IT. At the present, there are numerous documents being prepared by several working groups within MF SR: methodical materials for cloud; standards for cloud. Standards will be officially published by MF SR in the form of a decree applicable for public administration.

76 76 Cloud Strategies for Public Sector in Central and Eastern Europe There is no official document addressing cloud computing for government. But this particular area was discussed by the working group under the advisory body of the Minister of Finance including representatives of public and private sector. Some of the main goals of this working group are: to define the Government Cloud from architecture, security, services and operation points of view in accordance with NIST, ENISA and the Cloud Strategy of the EU; to define the basic standards and recommendations during 2013 they should be used in within the next EU funding period for Informatization of Public Administration; and to enable fast and effective public procurement of cloud services. In February 2013, MF SR published a recommendation entitled Project preparation for public administration information systems for its implementation into Cloud infrastructure. Case Study: Common modules at the government level Services available It is supposed that the common modules of the Public Administration Portal would be run in the governmental cloud. Common modules include: Central Web Portal; Central Electronic Registry; Central Electronic Delivery Module; Central Payment Module; Central Electronic Box Module; Central Electronic Forms Module and Repository; Module for Long-Term Archiving of Electronic Registry Records. Provision of access No information available. to the services Availability of Available to citizens and legal persons. services Rules for use of No detailed information available. services available

77 Cloud Strategies for Public Sector in Central and Eastern Europe 77 Case Study: Common data center of cities and villages project Services available At a local level a project entitled Common Data Center of Cities and Villages is in progress. All municipal agendas, e.g.: Birth records; Finance (budget, accounting and payroll); Inhabitants records; Local Taxes and local fees; Tourist traffic; Road transportation; Civil Protection; Archive and Registry systems; Waste management; Regional Development; Building authorization; Publishing of Local directives; Protection of Environment; Other additional areas. Provision of access No information available. to the services Availability of Available to citizens and legal persons. services Rules for use of No detailed information available. services available Slovenia Country Insight: Use of cloud computing by the public sector in Slovenia Responsibility for IT resources Governmental Level IT departments within ministries can decide on infrastructure/ systems/applications. Most government bodies have Internet/Intranet facilities and are linked to a government-wide network, HKOM, which connects more than 1,600 local computer networks. HKOM ( Fast Communications Network ) represents the internal governmental communication network. Local level Local government bodies, such as municipalities and city offices, are solely responsible for all aspects of IT within their organizations. They can apply to use the communication network infrastructure (HKOM), which is provided to public administration bodies by the Electronic Communication Networks and Information Systems agency. Strategic documents on IT strategy for public sector/government Strategy of efficient national IT (measures for cutting costs in IT) published in September 2012 but still has to be confirmed by the government.

78 78 Cloud Strategies for Public Sector in Central and Eastern Europe 7 Main Conclusions for Public Administration Concerning the Implementation of Cloud Computing

79 Cloud Strategies for Public Sector in Central and Eastern Europe 79 A review of the strategic documents on the use of cloud computing services in public administration in CEE countries shows that cloud computing is not yet widely present. Some countries have begun to distinguish cloud computing services from the whole spectrum of IT services, but they have not yet prepared a structured approach to determine the place and role of cloud computing services as well as rules for their use in the public sector. Based on an analysis of countries that have successfully begun to implement cloud services in public administration, a number of key elements essential to the implementation of cloud computing services in the public sector can be specified. General recommendations on the approach to implement cloud computing The following is a list of general recommendations regarding use of the opportunities that cloud computing offers. They have been compiled from the results of an international survey conducted by KPMG* and the observations and experiences of various projects undertaken by its member firms. Cloud computing requires a consistent approach, as defined by a professionally created strategy for this area. Cloud computing offers a great opportunity to optimize the use of ICT infrastructure by public administration. It is not just a new technology or service, but a new way of purchasing and using solutions based on ICT technologies by governmental institutions. For this reason, it requires a coherent and comprehensive, clearly defined created and adopted strategic approach. Solutions involving cloud computing should not only be an area of interest for IT. The natural tendency is to treat cloud computing as a topic related solely to the area of IT. Therefore, determination of the manner of potential use and planning of implementation is usually assigned to entities responsible for the information systems of public sector entities. The implementation of cloud-based solutions often requires the involvement of other departments responsible for, or performing, key processes and potential solution providers. * KPMG Exploring the Cloud: A Global Study of Governments Adoption of Cloud KPMG s Government & Public Sector Practice, 2012

80 80 Cloud Strategies for Public Sector in Central and Eastern Europe The use of cloud computing requires support from leadership. Using cloud computing may be associated with significant changes in the organization, which go beyond changes in the IT budget, such as changes in the manner of carrying out key processes and tasks, and the structure and size of the workforce. Most organizations, both public and private ones, are rather unwilling to take on such challenges. In such situations, an effective method of change management is the support or promotion of the change by people with great authority among the members of the organization. If a high-level official directly indicates the need for change, individuals at different levels of public administration will treat the change with less concern and will show more commitment. It is necessary to maintain a balance between the risks and potential benefits. The use of new technologies and solutions is usually associated with new risks, such as risks associated with data protection, information systems security, etc. Entities involved in the implementation of these technologies and solutions should be aware of these new risks and prevent them through appropriate risk management. The existence of these risks should not discourage an organization from analyzing and implementing solutions based on cloud computing. It is necessary to establish proper centers of competence. In the case of innovative solutions or complex changes, actions need to be taken aimed at the proper management of knowledge and experience in the organization. Often the entity implementing cloud computing first is the one to create standards, best practices, and certification of providers or applications. These elements can later be used by other entities, which subsequently will not need to re-invent the wheel. In order to achieve this goal, one could consider setting up a dedicated advisory body which would have the appropriate expertise and information on other implementations. It is necessary to collaborate with providers and the private sector. Public sector entities planning to use cloud computing solutions should establish a forum for collaboration with ICT solutions providers. The objective should include, among others a better understanding of their capabilities, identification of solutions that best fit the needs of the public sector or influence the development of their standards and target shape. In addition, the public sector should try to learn from the experiences of the private sector which is more advanced in the use of cloud computing for most markets. Recommendations concerning the strategy development process The following contains some directional advice on the process of creating a strategy for cloud computing as one of the key general recommendations, which were based on KPMG s experience in the implementation of similar projects and the evaluation of similar processes in other countries.

81 Cloud Strategies for Public Sector in Central and Eastern Europe 81 Figure 7.1: Recommendations concerning the cloud computing strategy development process Areas of recommendations Process management Use of knowledge and experience Leadership Responsible entry Team Experiences from other countries The European Union regulations and recommendations Focus on users and their needs Transparency and communication in the process Cooperation within the IT industry Knowledge and experience of the private sector Process management Leadership Regardless of which entity takes on the responsibility for developing a strategy, these measures, in line with the general recommendation as described below, should have strong and visible public support from key figures in the country (for example members of the government). This recommendation applies equally to both the process of creating a strategy and its implementation. Responsible entity The process of creating a strategy for cloud computing should be managed by a clearly specified public administration entity, which will take full responsibility for the delivery of the final product. Team Despite the fact that, according to the first recommendation, the responsibility for the draft strategy should rest on a certain unit of public administration, a special interdisciplinary team should also be established for this purpose. The team should comprise representatives from other public administration institutions and independent experts. In this way, the involvement of all key public stakeholders can be ensured in the project. affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

82 82 Cloud Strategies for Public Sector in Central and Eastern Europe Transparency and communication during the process The process of creating a strategy (as well as the subsequent process of its implementation) should be fully transparent, i.e. the arrangements or discussions should not take place behind closed doors, and documents (both working and final documents) should be publicly available. One of the suggestions for this would be for the responsible department to maintain a blog about work progress. The blog should work in the cloud as a signal, from the very beginning, that public administration is open to cloud computing. Focus on users and their needs During the development of the strategy, there should be a shift away from the primacy of the technical and hardware perspective as called for by the State 2.0 a new start for e-administration report. The starting point should be the end-users (which may be government employees and their customers the citizens) and their needs, and in the end, should come the functionality to meet those needs. Technical and hardware issues are important only when the aforementioned matters are defined. Cloud computing fits the presented approach particularly well. Use of knowledge and experience Experiences from other countries While working on the strategy, the organization should call on experiences from other countries. One way is, of course, to examine documents (strategies, analytical reports, research articles, and press releases) describing other governments experiences. It would be advisable, however, to contact entities responsible for similar strategies in other countries and to conduct study visits or workshops, so that information can be heard first hand from the parties involved. Poland has a unique opportunity to take advantage of the fact that other countries have already gone through this process, so it can avoid others mistakes and apply proven standards, taking into account the specificity of the country s own public administration. European Union regulations and recommendations Organizations should observe and use the results of work performed in developing the EU strategy for the use of cloud computing, and should take into account the EU recommendations in this area. Team members responsible for creating the Polish strategy should take an active part in 2013 KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms

83 Cloud Strategies for Public Sector in Central and Eastern Europe 83 the European Commission s work and engage in the European Cloud Partnership (ECP), whose creation was announced for 2012 by the European Commission. Cooperation with the IT industry It should also be noted that the work performed on the strategy should include the ICT sector. One suggestion to achieve this would be to invite business representatives from the team mentioned in the previous recommendation, or facilitate the team s collaboration with business representatives. Business can be represented, for instance, by industry leads. Knowledge and experience of the private sector Market analyses, including an international survey conducted by KPMG*, show that public administration is generally less advanced in the use of cloud computing than the private sector. As for other countries, it is also worth referring to the experiences of large enterprises in the implementation of clouds. Plenty of big businesses are already using cloud computing, hence the application of standards stemming from the business world into public administration can bring additional benefits. What elements should a strategy for cloud computing for public administration include? The following comments and suggestions relate to the content of the strategy for cloud computing for public administration. The suggestions are based on overall general recommendations and recommendations associated with a strategy development process. The suggestions were created using a content analysis of strategic documents from other countries. Figure 7.2: Key elements of the cloud computing strategy The strategy should be consistent with overall strategy of state computerization Sustainable approach Recipients Expected results Measures of success/kpi Strategy for cloud computing Responsible persons/entities Preference of cloud computing Open standards Use of existing solutions Purchasing process (Application Store) Security Differentiated approach * KPMG Exploring the Cloud: A Global Study of Governments Adoption of Cloud KPMG s Government & Public Sector Practice, 2012

84 84 Cloud Strategies for Public Sector in Central and Eastern Europe 1. The strategy should be consistent with the overall state IT strategy In particular, the strategy of cloud computing should indicate directly how it fits into the overall ICT strategy, and if it deviates from such, it should be explained in what way and why. 2. Recipients The strategy should clearly state to whom it is addressed to, i.e. who is subject to the rules provided for in it and who can use its products. 3. Responsible persons/entities The strategy should specify who is responsible for its creation and who is responsible for its implementation. Each objective and task defined in the strategy should be assigned to a person or entity responsible for its implementation. 4. Cloud computing preference The strategy should recommend public sector entities, enclosed in its scope, to include cloud computing as a potential means of satisfying their ICT needs. On the other hand, the strategy should define the approach to the decisionmaking process regarding the use of cloud computing. 5. Use of the existing solutions In its recommendations, the strategy should seek to maximize the use of existing solutions based on cloud computing, reducing the need for creation of dedicated applications to meet the standard requirements. The approach adopted in the UK, where CloudStore includes ready applications for the implementation of most of the standard functions, is an example. 6. Security The strategy should relate to one of the most important issues raised by potential users of the cloud, and that is data security. The strategy may involve the creation of guidelines for security during its implementation. Most frequently, the government unit in charge of information security is the author of such elaboration. 7. Differentiated approach Based on the security indicators, the strategy should recommend various approaches to the public sector to meet the sector s ICT needs, depending on their operating activities and processed data (e.g. identifying potential areas where the sector can use public and private clouds). 8. Purchasing process The strategy should also include aspects related to the purchasing process for the purpose of simplifying it, for example, by developing an application store (see example CloudStore), establish a system of provider certification, preparation of model contracts, etc. At the same time, the strategy should maintain fair competition between providers, full transparency of the purchasing process, and optimizing expenditure on the cloud.

85 Cloud Strategies for Public Sector in Central and Eastern Europe Standards The strategy should call for the maximum use of open standards facilitating subsequent migration, integration, and integration between applications. 10. Expected results The strategy should include estimates of the expected results. This could be, for example, savings estimated (reducing costs) when using ICT or an increase in the efficiency of processes carried out by public administration. For example, cost savings were a priority for the UK and Australia, while the US focused on an increase in performance at the same cost. Japan, in turn, emphasized the environmental aspect ( Green IT ). 11. Measures of success The strategy should specify how to measure the success of the adaptation. 12. Sustainable approach The strategy should recommend a sustainable approach, i.e. reaching a compromise between the potential benefits and risks. The strategy should also include the identified risks associated with its implementation, as well as the ways to mitigate them. Entities implementing the strategy should be aware of the risks and prevent them through appropriate risk management.

86 86 Cloud Strategies for Public Sector in Central and Eastern Europe Appendix 1: Case Studies: Use of Cloud Computing Services in Public Administration Division of discussed case studies with regard to functionalities such as citizen engagement, government productivity and internal processes (please see page 35) Citizen engagement Government productivity Internal processes applications SaaS S1: Mobile application Suffolk County, Great Britain S5: Water use monitoring platform Dubuque, Iowa United States S2: Migration of to the cloud Los Angeles City, United States S3: Optimalization of the energy consumption by the internal IT resources The General Services Administration (GSA), United States S4: Application for recording compensation and other services in the field of HR management Essex County, Great Britain PaaS I1: Private Cloud e-learning Application Local Government in Castilla, Spain P1: Application supporting sales of ecological consumer electronics and appliances Ministry of Economy, Trade and Industry, Japan P2: Application to handle recurring international fleet audit Maritime Safety Authority, Australia IaaS I2: Utilization of cloud in science Los Alamos National Laboratory, United States I4: Virtualization of servers and applications Ministry of the Economy and Public Finance, Argentina I3: National e-invoice system NemHandel National IT and Telecom Agency, Denmark I1. Spain, local government in Castilla: Implementation of a private cloud providing access to IT resources to subsidiaries in a IaaS model and e-learning applications (SaaS) Introduction: Castilla La Mancha is a region located in central Spain. The local authorities employ approximately 70,000 people, including employees in the administration, healthcare, and educational sectors. The population is more than 2 million people, most of whom live in rural, agricultural areas and small towns scattered across the region.

87 Cloud Strategies for Public Sector in Central and Eastern Europe 87 Challenge: To integrate and consolidate the IT infrastructure used by the public sector in the region, to provide local authorities with access to flexible IT resources and to introduce innovative services for the residents. Solution: Implementing a private cloud in an integrated virtualization platform technology, VCE (Virtual Computing Environment), took place in close collaboration with three companies, i.e. Cisco, VMware, and EMC. During the implementation, the number of data centers for the region was decreased from 48 to 2, which house up to 3,000 virtual servers. Results: Implementation of the cloud computing model has increased efficiency in the use of IT resources within the region. Currently, the regional government has resources, which are made available to its subsidiaries in the IaaS framework. The central system management solved the problems associated with technical management of dispersed data centers. In addition, individual units gained access to the resources with higher performance capabilities. By adapting cloud computing technologies, local authorities in Castilla accelerated the development of services provided through e-administration, which affected the quality of services for the population scattered across the region. One of the first applications to run in the cloud in Castilla is Papas 2.0, available free of charge in the SaaS model. The purpose of the e-learning program is to promote collaboration between students, parents, and teachers. The application allows children to participate in school classes via the Internet. Savings: According to estimates by local authorities, cloud model adaptation made it possible to reduce the costs associated with the purchase and operation of IT resources by 25-50%. I2. The US Los Alamos National Laboratory: Providing employees with virtual servers and memory in a private cloud model Introduction: Los Alamos National Laboratory is subsidiary of the US Department of Energy. It is one of the largest research laboratories in the world, employing more than 9,000 scientists. Challenge: An increasing demand for computing power and data storage space. An important criterion for selecting a solution was the guarantee of an effective IT infrastructure management, which made it possible to easily redistribute IT among different scientific groups, based on actual project needs. Solution: Los Alamos National Laboratory made use of IT resources in the IaaS model of private cloud computing available to its employees. One-hundred physical servers were withdrawn and replaced with 13 virtualized machines (resulting in a virtualization power of 300 servers). Results: The cloud computing model enabled the optimal use of IT assets. Using the private cloud model ensured data security. Savings: The implemented solution amounted to USD 1.4 million in savings per year (including savings in energy costs, reducing the amount of electronic waste).

88 88 Cloud Strategies for Public Sector in Central and Eastern Europe I3. Denmark, National IT and Telecom Agency: Migration of the national e-invoice system NemHandel to a public cloud Introduction: NemHandel is a Danish electronic invoicing and document exchange system for the public sector, private sector, and for between these sectors. Legislation in 2005 imposed an obligation to submit invoices electronically in a standardized XML format on all providers of products and services to the public sector. In 2007, the Danish National IT and Telecom Agency launched the platform NemHandel in order to help businesses meet these requirements. The NemHandel platform also aims to remove barriers to electronic commerce and to increase competition between small and mediumsized businesses. Currently, more than 30,000 public sector entities are registered in the NemHandel system. The infrastructure needed to operate the platform NemHandel was hosted by an external service provider. Another external party was responsible for enduser support and application maintenance. Challenges: Migrating NemHandel s IT infrastructure to the cloud was for the purpose of: Reducing NemHandel s operating costs; Increasing capacity of the current system; Construction of a system capable of dynamic scaling according to the actual demand for resources; Providing an integrated test and production environment, and allowing the operations team to exercise control over these environments; Establishing an acceptance environment with the possibility of ensuring a lower SLA to further reduce costs; Gaining experience in the cloud computing field. Solution: In mid-2009, the National IT and Telecom Agency decided to expand NemHandel s IT infrastructure based on IaaS services offered by Amazon Web Services (AWS). Provider selection was dictated by AWS relatively large market experience in cloud computing and extensive range of services, including the possibility of using servers running both in a Windows and Unix/ Linux environment. The invoice system works as follows: the supplier sends the invoice to the VAN operator, which determines the invoice receiver location by GLN number. Then the invoice is sent to the proper VAN operator or directly to the receiver institution. Before making the decision to implement the changes, the National IT and Telecom Agency determined that the production environment consisted of nine servers and, to ensure the system capacity required for the growing interest in NemHandel, they would have to expand the production environment by another four servers. The monthly cost would amount to DKK 80,400. However, the costs associated with an infrastructure of the same parameters provided in the IaaS by AWS with additional services (making it possible for the client to manage the applications, administer servers and databases, and maintain the application) were priced at DKK 26,000 a month. In addition, the cost of migrating the application was estimated to be DKK 725,000. With a monthly cost savings of DKK 54,400, the investment would pay for itself in 14 months. The Nemhandel platform migration to the cloud was completed in June 2010.

89 Cloud Strategies for Public Sector in Central and Eastern Europe 89 Results: Flexible IT infrastructure scaling depending on current demand helped reduce the cost of IT assets. By using IaaS, from the perspective of maintaining and developing applications, the operations team has gained greater flexibility in operating activities. Collaboration with AWS revealed the immaturity of certain services offered by the provider and working out mutually satisfactory solutions on an ongoing basis turned out to be time consuming. Possible migration from the cloud may be hampered by using AWS-specific services. If problems occurred, the possibility of contacting the operator and gaining immediate assistance was limited. Savings: The actual cost of migrating the application to the cloud was DKK 1.65 million, twice more than the projected cost (DKK 725,000). This difference resulted from omitting costs associated with making improvements to the application architecture to allow for a more integrated operating platform. These changes would have also been necessary in the case of expanding the platform in its original environment, assuming the platform s development in the traditional model. The actual monthly service cost amounted to DKK 21,500, which is DKK 5,100 less than estimated. However, the expected payback period was extended to 28 months due to the higher migration cost. I4. Ministry of the Economy and Public Finance, Argentina: Application and servers virtualization for financial administration services Introduction: The Department of Finance, being the unit of Ministry of Economy and Public Finance in Argentina, is responsible for provision of budget legal framework, accounting systems and technology services for financial administration in Argentina which means cooperation with 112 agencies in the whole country. Challenge: To manage centrally a network having about 11,000 users and provide security and availability. Because there were three major applications SIDIF (central administration software), SLU (Unified local system) and UEPEX (external loans execution unit) there was also the need to develop the platform providing the easy access and quick distribution to users. Solution: Implementation of Citrix XenApp and XenServer solutions. Databases and physical resources are managed by one parameterized application. Work on unifying three main applications (SIDIF, SLU and UEPEX) is in progress. The servers are organized in two farms a main one, and another used for contingencies. Results: Centralized management of infrastructure; Single backup point for all data, securing platform availability for all its users; Secure IT environment; Hardware life elongation from 3 to 8 years; Efficient usage of infrastructure, assuring availability for all of them, but paying for actual used resources; statistically, the peak number of concurrent users is 2,000.

90 90 Cloud Strategies for Public Sector in Central and Eastern Europe P1. Japan, the Ministry of Economy, Trade and Industry: Use of a commercial platform (PaaS) to provide network application supporting sales of ecological consumer electronics and appliances (SaaS) Introduction: In 2009, the Japanese government announced the national Eco Points Program, whose purpose was to encourage residents to purchase energy-efficient household equipment, including TVs, air conditioners, refrigerators, and LED lighting. After purchasing such equipment, the consumer received an equivalent of 5-10% of the purchase value back from the government in the form of Eco Points, which were used to purchase ecological products and services, as specified on a list prepared by the government. Challenge: An application project that supports transactions made in the Eco Points Program. One of the application s basic requirements was the uninterrupted application operation while responding to the dynamically changing demand for the services offered. Solution: The Japanese Ministry of Economy, Trade and Industry, responsible for the implementation of the Eco Points Program, decided to embed the applications in the cloud. The application was designed in three weeks and the Program was made available to end users in the SaaS model. The application project forecasted up to 40 million visits during peak times. It was anticipated that there would be a need to handle 20 million transactions, more than 500,000 in the first month. Results: Due to the flexible capacity of scaling IT assets provided by the force.com platform, the application worked efficiently even in times of increased demand, The application existence and functioning contributed to an increase in sales of energy-efficient household equipment in Japan and a reduction in energy consumption by Japanese households. P2. Australia, Maritime Safety Authority: The use of commercial PaaS platform to provide a network application to handle recurring international fleet audits operating in a SaaS model Introduction: The Australian Maritime Safety Authority is a subsidiary to the Department of Infrastructure and Transport. One of the entity s functions is to keep a register related with the ISM Code (International Safety Management Code). The ISM Code represents the standard for the safe management and handling of ships and pollution prevention. The purpose of the electronic register maintained by the Maritime Safety Authority is to record certificates and audit results with auditors recommendations. Information is collected in 14 ports in Australia and stored centrally in Canberra. Approximately inspections are carried out monthly. Historically, the ISM register was run in Excel. Challenge: Implementing an application to which access would be possible from different locations, in place of a register maintained in Excel. Due to the pilot nature of the project, it was also a challenge to use the commercial platform (PaaS) to design a web application (SaaS), whose model could potentially be used by other administrative units. Solution: The project, anticipating the use of commercial public cloud by the public sector, was one of the first of its kind in Australia. Officials decided to transfer the ISM register to the cloud because of the low risk of this operation,

91 Cloud Strategies for Public Sector in Central and Eastern Europe 91 the limited number of transactions, and the lack of legal ramification for storing data concerning fleets outside Australia. As a result of various delays, project completion took seven months, not the six weeks as expected in the beginning. Results: Despite the delays, the implementation time was shorter and the costs were lower compared with an implementation of a similar application in the traditional model. Replacing the register maintained in Excel with an application in the cloud allowed to minimize the cost of purchasing and managing the IT infrastructure, which the Authority would have to bear having decided to the design and maintain the application in the traditional model offering the same functionality. The experience of working on this pilot application raized concerns about the readiness of commercial providers to work with public sector organizations. End-users were satisfied with the functionality provided by the application, finding a significant advantage of the new version of the register over the version kept in Excel. Savings: The total implementation cost of the register s electronic version amounted to AUD 30,000, including designing the application, training the Authority s staff, the annual fee, and the yearly maintenance cost. The implementation cost of a similar application in the traditional model was estimated to be AUD ,000. S1. UK, Suffolk County: Implementation of a mobile application in the Saas model for the purpose of developing new standards for communication with residents Introduction: Suffolk County is located in east England with a population over 700,000 residents, most of whom live in agricultural areas, cities, and small towns scattered across the county. Challenge: To develop a new standard serving residents through the means of a web application in a SaaS model. This would enable the sending of important messages to residents mobile phones and to allow access to some services offered by the county via mobile phones. Solution: Suffolk County, being one of the first, to benefit from the Government s project Government Application Store, buying the Weejot service created by company Jadu. Weejot software is available in the SaaS model and allows for users, even those with a basic programing knowledge, to create mobile applications. The software is intuitive and compatible with mobile phones and tablets. Using G-Cloud helped reduce the time needed to carry out the tendering process operations. Results: Gaining a new channel of communication with the residents local authorities are in the process of implementing applications that will inform residents of such events as the closing down of a school or alarming weather conditions.

92 92 Cloud Strategies for Public Sector in Central and Eastern Europe S2. US, the City of Los Angeles: Migrating electronic mail to the cloud Introduction: Los Angeles is the second most populous city in the US with a population over 3.8 million. The city authorities employ approximately 30,000 people working in 40 departments located in approximately 3,000 locations. Challenge: For many years, city authorities used from Novell GroupWise, which guaranteed a relatively stable operating functionality, but was not satisfactory in terms of mailbox size, mobility, and system costs. In 2008, city authorities decided to issue calls for tender offers to provide services. Deterioration of the city s financial situation due to the economic crisis made cost reduction and efforts needed to manage the system important criteria for assessing received proposals. Moreover, the city authorities set several conditions: the need for physical separation of the IT environment used by the city from the service provider resources used commercially; the need to ensure that the data is stored within the US and takes into account the specific requirements for various departments of the city; the need to include a clause in the agreement guaranteeing the same conditions to other cities in the US. After review of the proposals, a proposal made by Google and CSC was selected. Solution: Migrating employees to electronic mail in the SaaS service was carried out in several phases, and employees were divided into several groups, for which the new service was activated successively. During the process, endusers were provided with technical support from specialists and training. During migration, problems arose resulting from the lack of integration between services offered by Novell GroupWise and Google: Difficulties in importing contact lists, often resulting in manually entering the address book; The need to use the old client due to a problem with the importing archived messages from the old client to Google. Results: As a result of migration, the electronic mail of approximately 17,000 administrative and municipal services employees was transferred to the Google cloud, obtaining an SLA of 99.9%. The implementation of the new solution allowed for a reduction in the number of administrative and municipal services employees handling the system from 16 to 7 full-time employees (FTEs), whose responsibility was limited to providing emergency assistance to end-users. The responsibility to ensure continuous system operation and new functionalities development was assumed by the provider. The negotiations led to the emergence of Google Applications for Government, a service offer targeted at public authorities.

93 Cloud Strategies for Public Sector in Central and Eastern Europe 93 Savings: Via the migration, the cost of using electronic mail was reduced annually from USD 450 to USD 150 per user. By 2013, city authorities expect savings amounting to USD 3 million for IT employee salaries, more than USD 1.6 million for computer equipment and more than USD 1.3 million for software. As the cost of implementing the system amounted to almost USD 0.9 million, the total savings will be approx. USD 5 million. S3. US, the General Services Administration: Implementation of a program to optimize energy consumption by the internal IT resources Introduction: The General Services Administration (GSA) is an independent US government agency responsible for support of administrative activities for other federal agencies. GSA s tasks include, among others, supervision of contract award procedures, providing federal agencies with office supplies, federal car fleet and office space management. In addition, GSA is responsible for developing general government policies aimed at minimizing administration s operational costs. GSA is one of the most dynamically operating entities in promoting solutions in the cloud computing field. Challenge: GSA has set itself the goal of reducing electricity consumption by internal IT resources. Solution: Implementing Fiberlink s program MaaS360 operating in the SaaS model serves to centralize energy consumption management by IT resources within the organization, allow for greater control over internal IT resources, and optimize energy consumption. Results: The software was implemented within a week in more than 17,000 workstations and servers used by GSA. The implemented solution allowed for a significant reduction in the demand for power by centralizing energy consumption management. Reducing greenhouse gas emissions by more than 2 million kg of CO 2 over a year. Upon the GSA initiative, Apps.gov was established, a government platform providing public sector entities with certified solutions in the cloud computing field. The platform aims to promote the use of the cloud computing model and to facilitate the access of government entities to providers of this technology. Savings: Over USD 200,000 savings on software compared to the status quo in a year, and a reduction in power costs by about USD 400,000 a year.

94 94 Cloud Strategies for Public Sector in Central and Eastern Europe S4. UK, Essex County: Implementing a program for recording compensation and other services in human resources management Introduction: Essex County is one of the largest counties in England. The region is located in the eastern part of the country with a population of 1.3 million people. Challenge: To implement, within a maximum of 6 months, a new program for keeping compensation records and other services in HR, ensuring timeliness and accuracy of payments, and increasing efficiency of HR processes. Solution: Essex County decided to implement an extended package, Oracle on Demand. The software operates in the SaaS model and is used for payroll management, as well as providing other services in HR. Results: Reducing the payroll process time from 18 to 4 hours; The possibility to provide the HR system to other public sector subsidiaries; Reducing IT size and human resources management costs. Savings: Over USD 909,000 of savings during the first year of the new HR system; Reducing the cost of a single pay slip by 25%. S5. Dubuque, Iowa, USA: Using a SaaS model application and platform to ongoing monitor use of water resources and energy in the city Introduction: Dubuque is a 60,000 population city in Iowa state. Being called the most livable small city in the country, it is an important centre for major retail, the medical sector and education. Challenge: The city governance committed to implement an environment friendly policy, reducing water consumption. In fact, neither citizens nor the city had detailed insight into actual water consumption. That information is necessary to promote and adopt proper water-saving behaviors among the citizens and to monitor water leaks and anomalies effectively. Solution: The City of Dubuque adopted the Smarter Sustainable Dubuque Water Pilot Study, with the cooperation of IBM. This program involved 151 households, providing them a web-based application with detailed information about water use, data analysis and insights. Participants could view their savings in dollars, gallons and carbon dioxide reduction. Data from the 9-week water consumption of program participants were compared to another 152 households that did not have access to such information. Identical smart water meters were taken into consideration.

95 Cloud Strategies for Public Sector in Central and Eastern Europe 95 Water consumption was monitored every 15 minutes. The data was collected and analysed in the cloud together with demographics and household characteristics data. Because of the short measurement period, the system helped also in the rapid notification of potential water leaks and anomalies. The city had access to both individual and aggregate data while participants could view only their own consumption. A similar platform was implemented later providing energy consumption information. Results: Promotion of water- and energy-saving behaviors among citizens; Cost-effective realization of environmental-friendly policy; Increase in leak detection 8% of participants households in comparison to 0.98% overall. Savings: 89,090 gallons were saved during the 9-week program by 151 households; 3,409 gallons per household are saved annually on average (data extrapolation), a 6.6% decrease; Up to 11% reduction of energy consumption; The annual water bill savings in Dubuque city are estimated to be USD 190,936.

96 96 Cloud Strategies for Public Sector in Central and Eastern Europe Bibliography 1. Cabinet Office, Data Centre Strategy, G-Cloud & Government Applications Store Programme Phase 2. Phase 2 Scope Report. Version No: 0.35 The Government of the United Kingdom, February Cabinet Office Government Cloud Strategy. A sub strategy of the Government ICT Strategy The Government of the United Kingdom, October Cabinet Office Government ICT Strategy: Smarter, cheaper, greener The Government of the United Kingdom, January Cabinet Office G-Cloud Programme. Strategic Outline Case. Version the Government of the United Kingdom 5. Cain M. Case Study: City of Los Angeles Migrates to Google Gmail Gartner, July Catteddu D. Security and Resilience in Governmental Clouds European Network and Information Security Agency, January Catteddu D., Hogben G. Cloud Computing Benefits, Risks and Recommendations for Information Security European Network and Information Security Agency Heraklion Department of Innovation, Industry, Science and Research IT Industry Innovation Council. CLOUD COMPUTING OPPORTUNITIES AND CHALLENGES Australian Government, October Department of Finance and Deregulation Better Practice Guide: Financial Considerations for Government Use of Cloud Computing Australian Government, Australian Government Information Management Office, February Department of Finance and Deregulation Better Practice Guide: Privacy and Cloud Computing for Australian Government Agencies Australian Government Information Management Office, February Department of Finance and Deregulation Cloud Computing Strategic Direction Paper: Opportunities and applicability for use by the Australian Government. Draft for Consultation Australian Government, January Di Maio A., Bittinger S. Case Study: Australian Maritime Safety Authority Proves That Cloud Is Nothing New Gartner Inc November European Commission Advances in Clouds: Research in Future Cloud Computing Expert Group Report Public version 1.0., Information Society and Media Directorate, European Commission Cloud Computing: Hearing with SMEs. Meeting Note. Information Society & Media Directorate-General, Software& Service Architectures, Infrastructures and Engineering Unit, November 2011

97 Cloud Strategies for Public Sector in Central and Eastern Europe European Commission Cloud Computing: Hearing with Telecommunication and Web Hosting Industry. Meeting Note Information Society & Media Directorate-General, Software& Service Architectures, Infrastructures and Engineering Unit, November European Commission Cloud Computing: Hearing with User Industries Meeting Note Information Society & Media Directorate-General, Software& Service Architectures, Infrastructures and Engineering Unit, November European Commision Cloud Computing: Public Consultation Report Information Society and Media Directorate-General, Brussels, December European Commission The Future Of Cloud Computing: Opportunities For European Cloud Computing Beyond Expert Group Report, Public Version 1.0 Information Society and Media Directorate, January European Commission Towards a cloud computing strategy for Europe: Matching supply and demand. Report from workshop 18. Information Society & Media Directorate-General, Software & Service Architectures and Infrastructures Unit, June European Commission Users Recommendations From The European Cio Association For The Success Of The Cloud Computing In Europe Information Society and Media Directorate Ref. Ares(2012) /02/2012, European Telecommunications Standards Institute CLOUD; Initial analysis of standardization requirements for Cloud services Technical report KPMG International The Clarity in the Cloud A global study of the business adoption of Cloud, KPMG IT Advisory Cloud computing: Australian lessons and experiences KPMG Australia, KPMG Exploring the Cloud: A Global Study of Governments Adoption of Cloud KPMG s Government & Public Sector Practice, KPMG The Cloud: Changing the Business Ecosystem KPMG Indian Partnership, KPMG Orchestrating the New Paradigm KPMG s Business Guidelines to Cloud Computing and Beyond Kundra V., U.S. Federal Chief Information Officer 25 Point Implementation Plan To Reform Federal Information Technology Management The White House Washington, December Kundra V., U.S. Federal Chief Information Officer Federal Cloud Computing Strategy, The White House Washington, February Kundra V. U.S. Federal Chief Information Officer State of Public Sector Cloud Computing The White House Washington, May Łapiński K., Wyznikiewicz B. Raport: Cloud Computing wpływ na konkurencyjność przedsiębiorstw i gospodarkę Instytut Badań nad Gospodarką Rynkową Warszawa 2011

98 98 Cloud Strategies for Public Sector in Central and Eastern Europe 31. Macias F., Thomas G. Cloud Computing Advantages in the Public Sector How Today s Government, Education, and Healthcare Organizations Are Benefiting from Cloud Computing Environments. White Paper Cisco, San Jose Ministry of Economy, Trade and Industry (METI) Japan resources available at Accessed in September Ministry of Finance, Ministry of Information Communication and the Arts and Info-communications Development Authority of Singapore. egovernment Masterplan Collaborative Government (egov 2015), Government of Singapore, Singapore National Institute of Standards and Technology The NIST Definition of Cloud Computing. Recommendations of the National Institute of Standards and Technology. Special Publication U.S. Department of Commerce, Gaithersburg, September General Service Administration, Federal Cloud Computing Case Studies, available at General Service Administration, Local Cloud Computing Case Studies, available at National IT and Telecom Agency Case: Migration of NemHandel to a Commercial Cloud Computing Infrastructure Ministry of Science Technology and Innovation, 2010

99 Cloud Strategies for Public Sector in Central and Eastern Europe 99 Acknowledgements This report would not have been possible without the commitment and contribution of the following individuals: Concept and direction Jerzy Kalinowski, Jan Karasek, Małgorzata Kowalczyk KPMG report development team Jan Karasek, Małgorzata Kowalczyk, Grzegorz Grabowski, Jiří Diepolt, Nebojša Janković, Marko Kavčič, Tamás Kórász, Kārlis Mālnieks, Nikola Nyagolov, Jozef Stanko, Mihai Gabriel Tănase, Marko Učkar, Rafał Górski, Ewa Jaroszyńska affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved.

100 Contacts: Jerzy Kalinowski Partner, Head of Technology, Media and Telecommunications KPMG in Central and Eastern Europe T: E: Leszek Wroński Partner, Head of Advisory KPMG in Central and Eastern Europe T: E: Jan Karasek Director Technology, Media and Telecommunications KPMG in Poland T: E: Bulgaria Lozina Alexieva Partner T: E: [email protected] Lithuania Maksimilian Prilepskij IT Advisor T: E: [email protected] Responsible for Marketing and Communications: Andrea Dintsér E: [email protected] kpmg.com/cee Croatia and Bosnia & Herzegovina Daniel Lenardić Associate Partner T: E: [email protected] Romania and Moldova Dinu Bumbacea Partner T: E: [email protected] Czech Republic Jan Krob Senior Manager T: E: [email protected] Serbia and Montenegro Dušan Tomić Partner T: E: [email protected] Estonia Teet Raidma Manager T: E: [email protected] Slovakia Jozef Stanko Supervisor T: E: [email protected] Hungary Zoltán Székely Partner T: E: [email protected] Slovenia Sonja Žnidarčič Partner T: E: [email protected] Latvia and Belarus Kārlis Mālnieks Manager T: E: [email protected] The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International KPMG Central and Eastern Europe Ltd., a limited liability company and a member firm of the KPMG network of independent member firms