The UK public sector is a standard bearer for cloud computing, and government giants that advocate for it — and implement it — include the National Health Service (NHS), the ministries of Justice and Defence, and Her Majesty’s Revenue and Customs (HMRC) department. Cost savings and a prudent use of taxpayers’ money have propelled the migration articulated in the “Cloud First” policy of 2013. Committing citizens’ data to the public cloud is the next step, and maturing capabilities around data privacy are facilitating the leap.

An early mover is the Ministry of Justice (MOJ), which plans to migrate thousands of different systems running on many different types of hosting to the public cloud. Steve Marshall, head of hosting for MOJ, detailed the reasons why the public cloud is compelling in his blog post, where he named greater agility and security alongside the expected big cost savings.

The MOJ, Marshall writes, “can reduce overall hosting costs by 60% over the long term, presenting the department with a multi-million pound saving opportunity.” Additionally, moving to the cloud makes the MOJ “better able to manage, change, improve, and secure our systems and the data they hold, as well as making it easier to make them more resilient to failure”.

In other sectors, such as financial services, adoption of public cloud has been stymied by concerns around security, compliance, vendor lock-in and fear of losing intellectual property. For government sector organisations, however, the major barrier is data privacy: Retaining citizens’ trust by ensuring compliance — wherever in the world their data is processed or hosted — is paramount.

Last year, NHS Digital released guidance on how organisations can securely store and use health and social care data, thus removing one of the last impediments to the use of the public cloud by NHS bodies. The guidance included how to store confidential patient information in the public cloud, including offshore, and paves the way for the UK government behemoth to go fully public.

Despite maturing offerings from cloud providers, migrating data or infrastructure to public platforms is no “done and dusted” decision but calls for constant vigilance. The Dutch government concluded in March of this year that its U.S. cloud provider was not General Data Protection Regulation (GDPR)-compliant, while U.S. privacy regulators admitted they haven’t been able to do any oversight in the last 2 years.

Offsetting ongoing concerns about the privacy and regulation of public cloud is the valuable experience of adopting and proving both private and hybrid cloud. A “cloud first” mind-set was embraced and implemented first by universities, education and by central government, confirms a report published this year by Eduserv and local government association, Socitm.

Based on data from 633 organisations, the study found that universities top the public sector cloud adoption rankings, with 36 per cent storing at least 10 per cent of their data in the cloud, followed by public bodies (29%) and local authorities (21%). In terms of having a cloud infrastructure policy or strategy, public bodies lead with 79 per cent having a strategy in place, followed by universities (55%), emergency services (51%) and councils (44%).

A new-found confidence in the stability and resilience of public cloud — proven by early adopters in government — has facilitated a pragmatic approach: New services are developed with a “cloud first” mentality whilst leaders are developing strategies to deal with legacy IT issues — still the biggest blocker to transformation, confirms Eduserv.

Six years on from the launch of “Cloud First”, the report raises concerns that progress in cloud adoption still faces serious challenges. “Many organisations are insufficiently mature in their IT management and information governance,” it reports. IT departments need to refine their IT delivery models, based on an improved understanding of cloud technology and its potential — and new governance models are a big part of that.