Tariq Rashid (Home Office Tech Lead) Presentation at the Open Gov Summit 2012

Government ICT Strategy:Open Source

Tariq Rashid, Home Office

May 2012

Big Small Print

18/05/2012 Open Source 2

Please take part in the Consultation.

Please note:

Nothing I say prejudges the outcome of the

ongoing Open Standards Consultation.

If I mention open standards - it is for discussion and debate.

We genuinely want to hear your views andevidence.

HMG ICT Strategy 2011 – some themes


Strategic Implementation

Plan

ICT Strategy 2011

Public Sector Networks

End User Devices

Open Source

Open Standards

Cloud

SMEs

Suppliers

Procurement CommercialCapability

What is Open Source Software?

• It’s just software like any other ...

• Defined by its license. Open Source licenses guarantee:


Freedom – to use it in any

way you want

Freedom – to redistribute it

(reuse)

Freedom – to access to

source code, and modify it

(Obligation) –to share

improvements built on the

work of others

Impact of Open Source Licenses


Reuseencouraged

Innovation, flexibility,

integration

Price to £0

Transparencyaround bugs

No monopoly over supply,

support, services

Open standards

“Darwinian” evolution

Lower barriers to entry for

SMEs, citizens

open source

Open Source Highlights


Wikipedia, Google, Facebook, New York Stock Exchange, London StockExchange, Citrix, Apple, Juniper, IronPort, Yahoo, NetApp, VMWare, Youtube,Flickr, Amazon, Whitehouse.gov, CIA/FBI.gov, CERN (16000 VMs), USDoD,Guardian, Disney, Cisco, French Air Force, US Navy ....

The Problem


New Approach – not just top down


Open Source Surgeries

[email protected]


Some Potential Barriers to Open Source

More? ... ongoing effort to identify barriers


Systems Integrators

GovernmentCustomer

SkillsExperience

Procurement Process

SkillsExperience

Security Myths

Risk Bundling

RequirementsDisciple

Supplier MixCommercial

Design Open Architectures

Culture

Action Plan


HMG ICT Strategy: Open Source Implementation Plan Version 0.9 12-Aug-11

Implementation StrandActivity Product Existing Resources Dependent Resources Delivery Date

1 Material2.1 Publish Toolkit: (1) Guide for Procurers Published Guide for Procurers Sept 2011 QY/ERG Commercial/NB/CB Oct-11

2.11 Publish Toolkit: (2) OSS Option Catalogue Publish OSS Option Catalogue TR - CB - OSIG+ Oct-11

2.12 Publish Toolkit: (3) OSS Assessment Critera Publish OSS Assessment Critera TR - CB - OSIG+ Oct-11

2.13 Publish Toolkit: (4) FAQs Publish FAQs TR - CB - OSIG+/ NB/CB Oct-11

2.14 Publish Toolkit: (5) CESG Guidance GPG-38 Publish CESG Guidance GPG-38 June 2011 CESG Oct-11

2.14.1 Publish Toolkit: (5a) CESG 2 page summary of GPG-38 published externally Publish summary CESG Oct-11

2.15 Publish Toolkit: (6) PPN and guidance on secure use and OSS licenses for HMG software Publish PPN and guidance on secure use and OSS licenses for HMG software QY - CESG, Legal, ERG Oct-11

2.16 Publish Toolkit: (7) PPN and guidance on external commercial use of HMG software and OSS route Publication of guidance on external commercial use of HMG software and OSS route QY - CESG, Legal, ERG Apr-12

2.17 Publish Toolkit: (8) Policies & Processes Publish policies & processes

2.18 Publish Toolkit: (9) Implementation templates Publish template set PV - TR - NB

2.3 Update SFIA skills framework to cover essential skills, open standards, and additional skills, open source. Revised SFIA definition including Open Source references (QY) ERG - IT Professionalism Nov-11

2.4 Update "Technology in Business" programme to cover commercial, technical, economic importance of open standards, and experience of open source software ecosystem. Revised TiB programme (QY) ERG - IT Professionalism Nov-11

2.5 Identify development required for senior leaders to ensure understanding of open standards, open source. Recommendations for senior leadership development Programme response - IT Prof Team/CSL Nov-11

2.6 Define role for open source technical lead for Departments to ensure exists within staff. Role Description for Departmental Open Source Technical Lead NB - TR - PV Sept 2011 Next OSIG?

4.1 Engage with HMG ICT Asset Register to inventory open souce in HMG. Revised ICT Asset Register metamodel QY ? Oct-11

4.2 Package exemplars and reuse of open source across HMG. Catalogue of exemplars and re-use candidates Programme Team Apr-12

5.1 Provide Open Source Organisational Maturity Model to support Departments improve use of OSS, and improve annual scores. OSS Maturity Model Programme Team Apr-12

5.3 Define and establish ToR for Open Source Surgeries for HMG and wider public sector. Open Source Surgery ToR TR, QY, NB, CB Oct-11

6.3.0 Produce a TCO V0.1 to be published at the same time as the Toolkit Total Cost of Ownership v0.1 in house early version at RP request Oct-11

6.3.1 Produce model for Total Cost of Ownership, with input from London School of Economics study for use across HMG Template for calculation of TCO LSE, Gartner, VfM units/ERG Apr-12

6.6 Work with Sis to identify their commercial and procurement obsctales. HO and OGDs via OSIG. Agreed list of supplier Commercial and Procurement obstacles Supplier Forum - Departments To April 2012

6.7 Work with SIs to identify commercial or procurment barriers to wider enagement of OSS SMEs and secondary suppliers. CO via OSIF. SME and Secondary supplier action plan Departments To April 2012

11 Produce Baseline of Open Source use (current landscape state) Baseline of OSS use Prog & Departments Dec-11

13 Define metrics for measurement, to be used by Sis & OGDs Metrics Template for measurement of OSS use and value Oct-11

1.2 Ensure OGDs follow Home Office lead on Open Source actionable policies. Quality assurance of OGD policies. Assurance report for each Department Oct-11

1.4 Programme ensures OGDs follow lead on Operating Model and Project Processes Assurance report for each Department Apr-12

1.5 Survey compliance with policy across HMG (implementation of policy) Policy compliance report Apr-12

2 Uptake & Embed2.61 Ensure all Departments retain open source technical lead, report to Cabinet Office. Open Source Technical Lead contact list depends on 2.6 from Oct 2011

2.7 Capability-themed events to raise awareness of open source opportunities. Awareness events plan from Sept 2011

2.8 Commision and demonstrate model office proving OSS office and business functions. Model Office demonstrator Progress only as co-ordinator Skunkworks or Dept lead Apr-12

3.1 Establish (1) SI Forum, (2) Implementation Group, (3) Advisory Panel of experts (legal, security, commercial, technical) ToRs for SI Forum, Implementation Group, Advisory Panel of experts Jul-11

3.2 Establish governance between Cabinet Office CIO DB, Home Offie, OGDs. Governance Design for OSS Programme Jul-11

4.21 Promote exemplars and reuse of open source across HMG. Communication product for exemplars Nov-11

5.31 Run Open Source Surgeries for HMG and wider public sector. Open Source Surgeries plan ongoing

6.21 Promote and ensure uptake of Model Contract clauses, working with Buying Solutions Model Contract clauses communication plan Nov-11

6.4 Ensure HO and OGDs Commercial are using updated TCO Evidence of Departmental use of TCO model Jun-12

7 Fully establish responsibility to support and maintain OSS Function (BAU) Function definition and set up agreement April 12?

8.1 New e-Gov anual awards categories - (1) open source savings, (2) open source innovation Definition for award category Apr-12

9.1 Proactive support for open source opportunities, including intervention and solution / tech refresh to save money. Low risk quick wins, and risk managed larger savings. BAU activity? Departments BAU function Apr-12

9.2 Agree with CESG added value services offered to support OSS reuse and exploitation Apr-12

Establish assurance and compliance process for supplier performance Nov-11

Establish assurance and compliance process for OGD performance Nov-11

9.3 Reach agreement with Cabinet Office SKunkWorks to prototype / trial OSS solutions when SIs don't. Agreement on approach plan with Skunkworks QY MO'N (Skunkworks) Nov-11

9.4 Establish fuller scope and assurance for SkunkWorks projects Agreement on approach plan and with Skunkworks QY MO'N (Skunkworks) Nov-11

establish relationship and work with relevant OSS independent and international forum QY RP TR Ongoing throughout life of programme

10.1 Communications and reputation management: Media, public debates, responses to news. BAU activity QY RP Ongoing throughout life of programme

3 Measurement1.6 Survey quality of assurance for open source evalutations. Assurance Report Jan-12

5.2 Annual OSS Organisational Maturity Model returns to Cabinet Office. Assurance Report Jun-12

Monitor supplier and user constraints and opportunity management issue Ongoing

8.2 Surveys of open source policy, with published results. For (1) Departments, and (2) SIs Survey report from Oct 2011

4 Benefits Realisation

Departmental implementation

Each Department to report its current utilisation of Open Source and provide case studies (baseline landscape)

Departments

Sep-11

Each Department appoints OSS lead (as part of or within lead for Open Standards/Solutions capability) from Oct 2011

Each Dept publishes Open Source policy

Each Dept introduces project process / operating model to request open standards and assure open source evaluations.

Departments embrace OSS Toolkit use and incoprorate in change management

Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes

Each Department to update Asset Register and Configuration Management models to include relevant Open Source characteristics

Each Department to monitor availability and relevance of Open Source exemplars and re-use candidates

Each Department to identify development required for senior leaders to ensure understanding of open standards and open sources

Each Department to use Open Source Maturity Model to assess own maturity on Open Source utilisation and value

Each Department to make relevant use of Open Source surgeries

Each Department to assess impact and implications of changes to SFIA and TiB and implement relevant changes

Each Department to assess impact of Procurment Guidance on local processes and prinicples and make appropriate changes

Each Department to amend Total Cost of Ownership models with relevant Open Source characteristics

Each Department to engage and contribute to OS Implementation Group

Each Department to review CESG Guidance on Open Source and assess any impact

Each Department to identify commercial and procurment barriers to Open Source

Each Department to ensure where appropriate that publicly funded software is open sourced appropriately and not handed to non-Crown bodies.

Each Department to provide relevant Open Source returns to Cabinet Office

Action Plan


Options v21 page security

note

OSS Toolkit


Commercial Principles?

Procurement Guidance

Total Cost of Ownership –

nformed by LSE Report

Options List – OSS alternatives with real

world references

Assessment Criteria for Software – “in consultation with

suppliers”

Security Guidance –CESG GPG38

Maturity Model for Departments

IT Process


Early Achievement - Security


Open source as a category is no more or less secure than closed proprietary

software.

This means you can’t pre-disqualify open source from consideration.

CESG GPG38Cabinet Office Website for OSS Toolkit

Real World Example 1 – public web site


Real World Example 2 – key infrastructure


£12 million

over 5 years

£2 million

over 5 years

End User Devices – open enabling architecture


• “Jigsaw Model”– Modular, decoupled, interchangeable, components an services– Browser, printing, authentication, encryption, monitoring, configuration, a/v, ...

• Why?– Choice, competition sustained after purchase– New pieces, retire pieces as market evolves– Right-sizing – build with some pieces– Isolation of components

• Can this be done 100% OSS?– Build demonstrator– OSS configuration– Learn and reuse OSS security patterns

Future Challenges

• Contributing Open Source?

• Security & Reputation

• Commercial and IPR

• Decisions to invest in open source

• Taking back design decisions from outsourced IT suppliers?

• Big step, internal capability

• Can you really outsource risk?

• Open Standards – public consultation

• Should open standards be free from patent royalties?

• What kinds of open standards prevent open source?

• Which open standards lower barriers to entry, widen participation in Government IT?


Final Thoughts

To ensure value for money, Government ICT customers MUST:

1. Understand Open Source, its ecosystem, and know about key open source technologies

2. Undertake quality options analyses including open source

3. Design open architectures – and understand why.


Vision - Open Standards & Open Source


• Open Standards help create a level-playing field, lowering barriers to entry

• Open Source software provides competition on this field

• We choose software because we want it, not because we have to

Tariq Rashid (Home Office Tech Lead) Presentation at the Open Gov Summit 2012

Documents

Transcript of Tariq Rashid (Home Office Tech Lead) Presentation at the Open Gov Summit 2012