Following on from my last blog post, I would like to share my thoughts on the direction I believe the public sector in the public cloud is heading.
The UK government's digital strategy is vital to the country and describes how delivering services digitally will result in savings of £1.7 to £1.8 billion each year. The digital agenda is driving more self-service facilities that are empowering citizens, including renewing car tax online and filing income tax self-assessments online. It is worth noting that the strategy does not yet cover local government services or the NHS, although there are some good local initiatives emerging in these areas.
According to a SOCITM study across 120 local councils, the estimated cost of contact for face to face transactions averages £8.62, for phone £2.83, and for the web only 15 pence. Through enabling self-service capabilities, it is clear that significant operational savings can be made.
According to the Office for National Statistics, the UK population is predicted to reach an estimated 67.2 million by the year 2020. With so many citizens to serve, central and local government has a phenomenal challenge of building robust and secure solutions that can scale to meet these high user volumes.
Delivering on the strategy can be a formidable prospect, especially at a time when the technology landscape is in a constant state of flux. However, in my opinion, this should be viewed as an opportunity more than a threat; the right partner can offer advice and guidance on the best use of innovative technology for an organisation to quickly deliver on its objectives.
I believe the time is right for the public sector's adoption of Function-as-a-Service (FaaS). FaaS provides a managed runtime for executing any arbitrary code block that has been uploaded to a service. This may seem identical to just deploying a runnable artefact onto a server and having an operating system execute it, but it is not. FaaS takes care of making the function available at the scale required to satisfy the current demand but only charges for the execution count and time. Examples of FaaS include AWS Lambda, Azure Functions or Google Functions.
FaaS together with established PaaS (such as managed database and email services, etc.) – sometimes referred to as serverless technology - provides an effective solution for rapidly building a system that can scale to meet demand at a fraction of the cost of running servers. This solution wholly embraces the Pay As You Go (PAYG) pricing model to the point where you no longer pay per server, but instead per transaction. This fully aligns to the digital citizen strategy.
By combining with User Interface (UI) solutions, an entire system can be developed with an intuitive web or mobile UI for citizen use, using FaaS to applying business logic and PaaS for back-end services.
Serverless technology is inherently extensible through RESTful APIs meaning that securely accessing existing data and systems, or using open-data and third-party services, is a trivial task. However, the technology can be readily integrated with emerging technologies, such as the Internet of Things (IoT), helping with the growth of connected Cities initiatives, for example.
As discussed in Security and Serverless, serverless is not a silver bullet when it comes to security. However, it does provide distinct advantages over servers; functions are only ever executed following successful authentication, the service abstracts access to the overlying servers, it is a managed service operated by a focused-team of experts whose sole job is the operational excellence of a service already hosted on a secure platform.
Additionally, FaaS forces the adoption of a micro-services architecture, which limits the exposure to data and functions to a given service and decouples all elements using HTTPS endpoints.
At the time of writing many health care trusts are rushing to recover from a monumental ransomware attack that drastically impacted front-end services. This could have been avoided through adequate patching. As a case in point, this would not have affected a serverless solution where the platform is constantly patched and there is no access to the underlying server as an attack surface.
Of course, possibilities are not bound to just self-service facilities for citizens but can include mapping existing business processes to drive efficiency.