Tariq Rashid (Home Office Tech Lead) Presentation at the Open Gov Summit 2012
description
Transcript of Tariq Rashid (Home Office Tech Lead) Presentation at the Open Gov Summit 2012
Big Small Print
18/05/2012 Open Source 2
Please take part in the Consultation.
Please note:
Nothing I say prejudges the outcome of the
ongoing Open Standards Consultation.
If I mention open standards - it is for discussion and debate.
We genuinely want to hear your views andevidence.
HMG ICT Strategy 2011 – some themes
18/05/2012 Open Source 3
Strategic Implementation
Plan
ICT Strategy 2011
Public Sector Networks
End User Devices
Open Source
Open Standards
Cloud
SMEs
Suppliers
Procurement CommercialCapability
HMG ICT Strategy 2011 – some themes
18/05/2012 Open Source 4
Strategic Implementation
Plan
ICT Strategy 2011
Public Sector Networks
End User Devices
Open Source
Open Standards
Cloud
SMEs
Suppliers
Procurement CommercialCapability
What is Open Source Software?
• It’s just software like any other ...
• Defined by its license. Open Source licenses guarantee:
18/05/2012 Open Source 5
Freedom – to use it in any
way you want
Freedom – to redistribute it
(reuse)
Freedom – to access to
source code, and modify it
(Obligation) –to share
improvements built on the
work of others
Impact of Open Source Licenses
18/05/2012 Open Source 6
Reuseencouraged
Innovation, flexibility,
integration
Price to £0
Transparencyaround bugs
No monopoly over supply,
support, services
Open standards
“Darwinian” evolution
Lower barriers to entry for
SMEs, citizens
open source
Open Source Highlights
18/05/2012 Open Source 7
Wikipedia, Google, Facebook, New York Stock Exchange, London StockExchange, Citrix, Apple, Juniper, IronPort, Yahoo, NetApp, VMWare, Youtube,Flickr, Amazon, Whitehouse.gov, CIA/FBI.gov, CERN (16000 VMs), USDoD,Guardian, Disney, Cisco, French Air Force, US Navy ....
Some Potential Barriers to Open Source
More? ... ongoing effort to identify barriers
18/05/2012 Open Source 11
Systems Integrators
GovernmentCustomer
SkillsExperience
Procurement Process
SkillsExperience
Security Myths
Risk Bundling
RequirementsDisciple
Supplier MixCommercial
Design Open Architectures
Culture
Action Plan
18/05/2012 Open Source 12
HMG ICT Strategy: Open Source Implementation Plan Version 0.9 12-Aug-11
Implementation StrandActivity Product Existing Resources Dependent Resources Delivery Date
1 Material2.1 Publish Toolkit: (1) Guide for Procurers Published Guide for Procurers Sept 2011 QY/ERG Commercial/NB/CB Oct-11
2.11 Publish Toolkit: (2) OSS Option Catalogue Publish OSS Option Catalogue TR - CB - OSIG+ Oct-11
2.12 Publish Toolkit: (3) OSS Assessment Critera Publish OSS Assessment Critera TR - CB - OSIG+ Oct-11
2.13 Publish Toolkit: (4) FAQs Publish FAQs TR - CB - OSIG+/ NB/CB Oct-11
2.14 Publish Toolkit: (5) CESG Guidance GPG-38 Publish CESG Guidance GPG-38 June 2011 CESG Oct-11
2.14.1 Publish Toolkit: (5a) CESG 2 page summary of GPG-38 published externally Publish summary CESG Oct-11
2.15 Publish Toolkit: (6) PPN and guidance on secure use and OSS licenses for HMG software Publish PPN and guidance on secure use and OSS licenses for HMG software QY - CESG, Legal, ERG Oct-11
2.16 Publish Toolkit: (7) PPN and guidance on external commercial use of HMG software and OSS route Publication of guidance on external commercial use of HMG software and OSS route QY - CESG, Legal, ERG Apr-12
2.17 Publish Toolkit: (8) Policies & Processes Publish policies & processes
2.18 Publish Toolkit: (9) Implementation templates Publish template set PV - TR - NB
2.3 Update SFIA skills framework to cover essential skills, open standards, and additional skills, open source. Revised SFIA definition including Open Source references (QY) ERG - IT Professionalism Nov-11
2.4 Update "Technology in Business" programme to cover commercial, technical, economic importance of open standards, and experience of open source software ecosystem. Revised TiB programme (QY) ERG - IT Professionalism Nov-11
2.5 Identify development required for senior leaders to ensure understanding of open standards, open source. Recommendations for senior leadership development Programme response - IT Prof Team/CSL Nov-11
2.6 Define role for open source technical lead for Departments to ensure exists within staff. Role Description for Departmental Open Source Technical Lead NB - TR - PV Sept 2011 Next OSIG?
4.1 Engage with HMG ICT Asset Register to inventory open souce in HMG. Revised ICT Asset Register metamodel QY ? Oct-11
4.2 Package exemplars and reuse of open source across HMG. Catalogue of exemplars and re-use candidates Programme Team Apr-12
5.1 Provide Open Source Organisational Maturity Model to support Departments improve use of OSS, and improve annual scores. OSS Maturity Model Programme Team Apr-12
5.3 Define and establish ToR for Open Source Surgeries for HMG and wider public sector. Open Source Surgery ToR TR, QY, NB, CB Oct-11
6.3.0 Produce a TCO V0.1 to be published at the same time as the Toolkit Total Cost of Ownership v0.1 in house early version at RP request Oct-11
6.3.1 Produce model for Total Cost of Ownership, with input from London School of Economics study for use across HMG Template for calculation of TCO LSE, Gartner, VfM units/ERG Apr-12
6.6 Work with Sis to identify their commercial and procurement obsctales. HO and OGDs via OSIG. Agreed list of supplier Commercial and Procurement obstacles Supplier Forum - Departments To April 2012
6.7 Work with SIs to identify commercial or procurment barriers to wider enagement of OSS SMEs and secondary suppliers. CO via OSIF. SME and Secondary supplier action plan Departments To April 2012
11 Produce Baseline of Open Source use (current landscape state) Baseline of OSS use Prog & Departments Dec-11
13 Define metrics for measurement, to be used by Sis & OGDs Metrics Template for measurement of OSS use and value Oct-11
1.2 Ensure OGDs follow Home Office lead on Open Source actionable policies. Quality assurance of OGD policies. Assurance report for each Department Oct-11
1.4 Programme ensures OGDs follow lead on Operating Model and Project Processes Assurance report for each Department Apr-12
1.5 Survey compliance with policy across HMG (implementation of policy) Policy compliance report Apr-12
2 Uptake & Embed2.61 Ensure all Departments retain open source technical lead, report to Cabinet Office. Open Source Technical Lead contact list depends on 2.6 from Oct 2011
2.7 Capability-themed events to raise awareness of open source opportunities. Awareness events plan from Sept 2011
2.8 Commision and demonstrate model office proving OSS office and business functions. Model Office demonstrator Progress only as co-ordinator Skunkworks or Dept lead Apr-12
3.1 Establish (1) SI Forum, (2) Implementation Group, (3) Advisory Panel of experts (legal, security, commercial, technical) ToRs for SI Forum, Implementation Group, Advisory Panel of experts Jul-11
3.2 Establish governance between Cabinet Office CIO DB, Home Offie, OGDs. Governance Design for OSS Programme Jul-11
4.21 Promote exemplars and reuse of open source across HMG. Communication product for exemplars Nov-11
5.31 Run Open Source Surgeries for HMG and wider public sector. Open Source Surgeries plan ongoing
6.21 Promote and ensure uptake of Model Contract clauses, working with Buying Solutions Model Contract clauses communication plan Nov-11
6.4 Ensure HO and OGDs Commercial are using updated TCO Evidence of Departmental use of TCO model Jun-12
7 Fully establish responsibility to support and maintain OSS Function (BAU) Function definition and set up agreement April 12?
8.1 New e-Gov anual awards categories - (1) open source savings, (2) open source innovation Definition for award category Apr-12
9.1 Proactive support for open source opportunities, including intervention and solution / tech refresh to save money. Low risk quick wins, and risk managed larger savings. BAU activity? Departments BAU function Apr-12
9.2 Agree with CESG added value services offered to support OSS reuse and exploitation Apr-12
Establish assurance and compliance process for supplier performance Nov-11
Establish assurance and compliance process for OGD performance Nov-11
9.3 Reach agreement with Cabinet Office SKunkWorks to prototype / trial OSS solutions when SIs don't. Agreement on approach plan with Skunkworks QY MO'N (Skunkworks) Nov-11
9.4 Establish fuller scope and assurance for SkunkWorks projects Agreement on approach plan and with Skunkworks QY MO'N (Skunkworks) Nov-11
establish relationship and work with relevant OSS independent and international forum QY RP TR Ongoing throughout life of programme
10.1 Communications and reputation management: Media, public debates, responses to news. BAU activity QY RP Ongoing throughout life of programme
3 Measurement1.6 Survey quality of assurance for open source evalutations. Assurance Report Jan-12
5.2 Annual OSS Organisational Maturity Model returns to Cabinet Office. Assurance Report Jun-12
Monitor supplier and user constraints and opportunity management issue Ongoing
8.2 Surveys of open source policy, with published results. For (1) Departments, and (2) SIs Survey report from Oct 2011
4 Benefits Realisation
Departmental implementation
Each Department to report its current utilisation of Open Source and provide case studies (baseline landscape)
Departments
Sep-11
Each Department appoints OSS lead (as part of or within lead for Open Standards/Solutions capability) from Oct 2011
Each Dept publishes Open Source policy
Each Dept introduces project process / operating model to request open standards and assure open source evaluations.
Departments embrace OSS Toolkit use and incoprorate in change management
Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes
Each Department to update Asset Register and Configuration Management models to include relevant Open Source characteristics
Each Department to monitor availability and relevance of Open Source exemplars and re-use candidates
Each Department to identify development required for senior leaders to ensure understanding of open standards and open sources
Each Department to use Open Source Maturity Model to assess own maturity on Open Source utilisation and value
Each Department to make relevant use of Open Source surgeries
Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes
Each Department to assess impact of Procurment Guidance on local processes and prinicples and make appropriate changes
Each Department to amend Total Cost of Ownership models with relevant Open Source characteristics
Each Department to engage and contribute to OS Implementation Group
Each Department to review CESG Guidance on Open Source and assess any impact
Each Department to identify commercial and procurment barriers to Open Source
Each Department to ensure where appropriate that publicly funded software is open sourced appropriately and not handed to non-Crown bodies.
Each Department to provide relevant Open Source returns to Cabinet Office
Options v21 page security
note
OSS Toolkit
18/05/2012 Open Source 14
Commercial Principles?
Procurement Guidance
Total Cost of Ownership –
nformed by LSE Report
Options List – OSS alternatives with real
world references
Assessment Criteria for Software – “in consultation with
suppliers”
Security Guidance –CESG GPG38
Maturity Model for Departments
Early Achievement - Security
18/05/2012 Open Source 16
Open source as a category is no more or less secure than closed proprietary
software.
This means you can’t pre-disqualify open source from consideration.
CESG GPG38Cabinet Office Website for OSS Toolkit
Real World Example 2 – key infrastructure
18/05/2012 Open Source 19
£12 million
over 5 years
£2 million
over 5 years
End User Devices – open enabling architecture
18/05/2012 Open Source 20
• “Jigsaw Model”– Modular, decoupled, interchangeable, components an services– Browser, printing, authentication, encryption, monitoring, configuration, a/v, ...
• Why?– Choice, competition sustained after purchase– New pieces, retire pieces as market evolves– Right-sizing – build with some pieces– Isolation of components
• Can this be done 100% OSS?– Build demonstrator– OSS configuration– Learn and reuse OSS security patterns
Future Challenges
• Contributing Open Source?
• Security & Reputation
• Commercial and IPR
• Decisions to invest in open source
• Taking back design decisions from outsourced IT suppliers?
• Big step, internal capability
• Can you really outsource risk?
• Open Standards – public consultation
• Should open standards be free from patent royalties?
• What kinds of open standards prevent open source?
• Which open standards lower barriers to entry, widen participation in Government IT?
18/05/2012 Open Source 21
Final Thoughts
To ensure value for money, Government ICT customers MUST:
1. Understand Open Source, its ecosystem, and know about key open source technologies
2. Undertake quality options analyses including open source
3. Design open architectures – and understand why.
18/05/2012 Open Source 22