Why the NSPCC is taking a hybrid approach to its cloud strategy
Thu 9 Mar 2017 | Ray Bilsby
Ray Bilsby, CIO at NSPCC, writes on why a hybrid cloud model is central to the charity’s IT overhaul…
Like many charities, the NSPCC is continually reviewing the way it spends money to ensure it delivers the best value. We need to be conscious that money spent on technology is money which is not available to help children who are in need of support.
In terms of infrastructure, we have a long-standing managed service contract which has delivered a resilient infrastructure. However, it has been a ‘one-size-fits-all’ scenario with mission critical services, such as Childline and adult helplines, having the same level of resilience as services such as email and accounting systems.
In the future, we aim to be more focussed on ensuring that we spend a proportionately higher amount on mission critical systems and less on our back-office systems, creating more of a tiered approach to service delivery.
The decision to introduce this now is being driven by a significant change programme called Doing More For Children. The aim of this programme is to review the services delivered through Childline and adult helplines, and find a way to reach out to more people who need our support.
This involves a review of the organisation, supporting processes, and technology, to find a way across multiple work-streams. From a technology point of view, this means a complete refresh of the Childline service, which includes updating the Childline website and replacing all the back-office systems related to Childline and our adult helpline, covering voice, contact centre software, and a new case management system delivering services on a 24×7 basis across our 14 counselling centres.
Every business has its apprehensions around cloud security and data protection, and it was definitely a factor in our discussions as we move to a hybrid cloud model
The team undertook a tender process to select a vendor who we could partner with, and Adapt, a Datapipe company, were successful. It could offer a highly resilient solution for our mission critical services at a competitive price, but we were also conscious that it had the capability to offer better prices for those services which were not required to run 24×7.
For the time-being, the legacy services will continue to be delivered through our existing service provider.
Operating in a hybrid environment
With Childline, we can’t afford to have any downtime because it could potentially put the lives of children at risk and this is the primary reason for adopting a private cloud approach for those systems. This means we can patch or upgrade the services and apply upgrades when it suits us, and upgrades can take place during the hours when we know that we are unlikely to experience high amounts of traffic on the site, without impacting the services we provide.
A managed hybrid approach allows us to ensure we get the best value, and combined with a pay-as-you-go model for hosting services, it allows us to only pay for what we are consuming and minimises the need for making big capital investments. An OPEX model works better for charities like ourselves, which need to balance the books on an annual basis.
Additionally, every business has its apprehensions around cloud security and data protection, and it was definitely a factor in our discussions as we move to a hybrid cloud model for hosting services.
Security is something that is very difficult to keep on top of, unless you have an expensive dedicated team in-house, and the potential risks are very high, so NSPCC has a contract with a specialised IS security company, which offers advice and guidance to ensure that we have the appropriate tools and governance process in place, to protect our systems and data.
When we adopt private cloud services, NSPCC has more control and influence over the solutions the service provider adopts for data protection and security. As we move through other tiers of services, we recognise that we will have less influence but still a responsibility to ensure we have adequate protection.
All of our service providers are employed to deliver contracted services, but also have a responsibility to act as trusted advisors to our IS team
Expectations of service
It is already clear that our new partner has made a significant investment to deliver services in an efficient way. It is using automation where possible, but is also recruiting highly-skilled resources to work with us to build, deliver and support the IS technology in use.
For NSPCC, we want our service providers to deliver services using staff who understand what Childline does, the impact of potential outages on children’s lives, and the importance of resolving any service issues as quickly as possible.
All of our service providers are employed to deliver contracted services, but also have a responsibility to act as trusted advisors to our IS team. I expect them to get a good understanding of how the NSPCC uses the technology they provide, and to advise us on an ongoing basis of how they can deliver services more effectively, as technology evolves and new services become available.
Over the last few years, the NSPCC has outsourced its IS services and we have approximately 20 staff in our internal IT team. Within that team, we have business analysts and project managers, delivering projects, and a service management team, responsible for business as usual service and support.
Further to this, and of increasing importance, we have a technical architect function, which ensures that the technology being deployed by individual vendors is fit for purpose across all hybrid services. This will allow us to understand how all the technologies work together as a whole so that we are best placed for innovation and advances in the services we provide in the future.