Blog posts

Delivering a keynote for Agile India’s Digital Transformation day, I reprised my “Revolution NOT evolution: UK Government’s digital transformation journey” talk capturing my early reflections after leaving GDS. Starting with a potted history of the UK Government Digital Service, I drew out a set of reflections: Starting with a website let us get close to lots of users, really quickly Digital is a chance to reclaim values and history The problem is rarely tech / The solution is never (just) tech I particularly focused on the importance of groups of allies in driving transformation, calling out GDS’ predecessors and broad global network, but also stressing the importance of providing leadership to shape and direct what can otherwise be loose networks into powerful movements. ...

The more we live online, the more vulnerable we are to asymmetric attacks and bad actors. Where once physical limitations kept us safe, the digital nature of the Internet lets attackers scale, adapt, and hide. What’s needed is more than awareness or vigilance—it’s antifragility. Resilience is the best defense a country can deploy, as this talk will explain. I shared a few stories and thoughts at the first FWD50 conference in Ottawa on what resilience looks like in practice, the importance of focusing on users and simplicity, and the vital role and unique opportunity governments have to improve matters. ...

For the inaugural FWD50 conference in Ottawa, Canada, I was part of an expert group laying out the big picture of digital government. My presentation focused on security and leadership, drawing out four lessons: Take responsibility Focus on outcomes Empower teams Change the environment Find more on the FWD50 website.

One of the factors many organisations (including governments) agonise over when deciding whether to use public cloud services is whether or not services and data can be stored “off shore”. It’s not a topic we tend to discuss very well. “Off shore” usually means stored in data centres in other countries but can sometimes mean in facilities within the originating country but operated by foreign-owned companies. For UK organisations looking at infrastructure as a service that conversation is dissipating now that the three biggest players all have UK data centres, but switching to UK data centres is really just dodging the issue rather than looking at how and why decisions are made.It was great to hear Ian McCormack from NCSC addressing offshoring in his spot in the keynote at the AWS Public Sector Summit in DC recently. ...

A couple of weeks back I made my first visit to Ukraine, to keynote the (outdoor!) ITEM conference in Dnipro. It was one of those trips where you don’t really feel like you see the place. Due to flight troubles (the culmination of many frustrations with Ukrainian Airlines) I arrived at my hotel in Dnipro at 3am, and departed at 5.30 the next morning. That, combined with delivering two talks, hosting two Q&A sessions, being interviewed for two different video shows, and being on a panel meant the whole day is a bit hazy in my memory, but a few things stand out. ...

360 days from now the General Data Protection Regulation (GDPR) comes into force. Anyone handling personal data from an EU citizen or subject (and the Information Commissioner has been clear we should assume that includes Brits regardless of what happens around EU exit) will be held to new standards in how they obtain, store, process and dispose of that data. I was asked to speak about compliance at Salford Centre for Professional Development’s event on GDPR, and used it as an opportunity to try to encourage everyone to think beyond compliance. ...

It’s been nearly two months since I left GDS. It’s high time I talked a bit more about what’s next for me. I was really pleased with everything we got done in my last few weeks at GDS. Alongside the inevitable handover tasks, we made a big announcement about the future of government networking), began to share a draft policy about APIs and expanded the guidance around the “Cloud First” policy. I remain very grateful to the many brilliant colleagues who helped get all that done. ...

In my last post on Cloud-native organisations I said: “we should be clear about the principles that apply and help our people understand what we need to watch out for when choosing technology.” As the responsible people in an organisation we need to be thinking about things like: We need to be confident that when people leave our organisation we retain access to information on the work they’ve been doing We need to be sure that the sensitive information we handle in our organisation can only be accessed by authorised people Where we have time-sensitive business commitments, we need to be confident that third-party software will be available for us to use when we need it The specifics like how important that is, what types of information, etc. will be context sensitive. ...

I spoke recently at the OpenGov Leadership Forum in Manila and at Cloud Expo Europe. At both I started to explore a theme from my final GDS blog post: cloud-native organisations. //speakerdeck.com/assets/embed.js “Cloud” is a nebulous term. At the start of both talks I explained that, while there are formal definitions that I’ve found useful, for me it’s just a useful term for starting a conversation about what’s currently happening at the collision point of “the internet” and “computing tools”. Most of the time for technology, I don’t draw a distinction between the impact of cloud, agile, devops and a number of other inter-related movements. ...

This was my final post on the Government technology blog The government technology landscape has shifted significantly since we made our commitment to Cloud First nearly 4 years ago. Departments have become more mature in their uptake of cloud services and with this maturity comes a need for further guidance. To support this need, we’ve added further clarification to our cloud guidance and policy and we’ll continue to expand this content in the coming months. ...