Skip to main content

The internet is a good thing

Posted by: , Posted on: - Categories: Delivery, Users


Tom Read1

When we approached delivering new common technology services for the Cabinet Office and the Department for Culture, Media & Sport, we decided early on that the internet should be used, rather than blocked.

The days of the department blocking access to social networking sites and other consumer digital services are over: we want the civil service to be “of the internet”, to make it a fundamental part of how civil servants work.

The strategic direction of enterprise technology, not just within government, is for end user devices to become simpler and lighter, and for more application services to be consumed through a browser. In the consumer world, this trend is already well advanced: consumers rarely complain about the lack of a client install for Facebook or internet banking; most services are delivered through the internet to a browser or a mobile app.

We are using the internet and cloud services in a number of ways, each of which supports user needs and business needs.

1. Cloud productivity apps

User need: As a user, I need to work on single documents with colleagues so we can get work completed more quickly.

Business need: As CTO, I want to reduce the amount of time and money we spend on deploying software updates and patches so we can focus on the important stuff.

Solution: Google Apps for Work
Detailed user research and lab testing showed that the Google Apps productivity suite best met user needs for the Cabinet Office and DCMS. Other solutions (e.g. Microsoft’s 365 suite) also scored highly but the advanced collaboration and flexible working features of Google Apps were the best fit for our needs. Careful legal and security assessments were conducted to establish whether the services were suitable for use at the official security classification in government.

Being a pure SaaS solution delivered through a browser, Google Apps is updated with new features and bug fixes regularly without any work from the IT department. This brings commoditised continual improvement to a key set of services.

2. Infrastructure-as-a-Service

User need: As an IT manager, I want to buy in heavily commoditised infrastructure services so I can focus money and resources on more niche technology services

Solution: Infrastructure-as-a-Service through the Digital Marketplace

The further a technology service is from our users, the more we wanted to treat it as a commodity rather than something to build and manage ourselves. Users care about performance and availability, but they aren’t interested in the type of server or SAN. We made the decision to buy our infrastructure as a service from the Digital Marketplace rather than invest in hardware. This enables us to focus on the more value adding elements. It also gives us the flexibility to move our data centre estate to a new provider if we are not happy with the service, or if we outgrow it. In turn, this enables us to keep up to date with latest moves in the commoditisation of technology services and to continually drive value.

3. Always on VPN

User need: As a user, I want to work from anywhere so I’m not tied to a single office building.

Business need: We want users to be able to work away from the office to promote flexible working, make people more productive and cut down on unnecessary travel

Solution: always-on VPN

The Cabinet Office is a relatively small department but operates across a large number of sites. Additionally, we have a fairly mobile workforce and users expressed a need to have the same level of service from home or from a coffee shop as they have in the office. To meet this need, our Technical Design Authority architected a solution that has an identical user experience in or out of the office. This is achieved by having an “always-on” VPN client that provides a secure, encrypted private tunnel across the public internet to our IaaS data centres. This enabled us to buy standard internet circuits or commodity private circuits to connect our buildings, eliminating the need for circuits with bespoke encryption overlays.

4. Open internet tools

User need: as a user, I want to be able to choose my own applications so that I can work the way I want to, and use the most productive tools.

Business need: we want to reduce the time spent selecting, procuring and delivering applications to users who often know better than the IT department

Solution: Open internet tools

We are operating a “yes-first” approach to open internet tools. This follows guidance from GDS on using these tools to help Civil Servants to be more productive. Web access is open to most services, and blocked where there is an established threat rather than by default. On devices (laptops, phones, tablets) we provide a basic checking service before making apps available for users to install. This makes sure that the applications are trusted, compliant and have an appropriate level of security for use at OFFICIAL.

Applications our users are actively using include Evernote, Trello, Workflowy, Twitter, Eventbrite  and many more.

We’re always looking for new ways to bring the latest technologies into the department. If you have any suggestions, please do let us know below.

Follow Tom on Twitter and don’t forget to sign up for email alerts for the Cabinet Office technology blog.

Sharing and comments

Share this page


  1. Comment by bob posted on

    Let's just hope users don't install malware as well

  2. Comment by Tom Read posted on

    Thanks, Bob. This post is all about using cloud services which don't require any installs. Good protection against malware, too, as the build can be kept locked and light.

  3. Comment by Chris posted on

    What is being done about official data being stored in cloud services such as Evernote and Trello. Or is that now permitted?

    • Replies to Chris>

      Comment by Catriona McGrath posted on

      Dear Chris,

      Applications are evaluated against the Cloud Security Principles to ensure that they meet the requirements for working with OFFICIAL data. Access is restricted to users and devices and managed centrally. Single sign-on and other security options are used where available. End users are provided with general guidance on using cloud services and specific guidance on the application concerned.