(by Alessandro Capezzuoli, ISTAT official and head of the observatory data for professions and skills Aidr) In the 50s, George Brassens wrote a song entitled The Gorillas in which, through a brilliant metaphor, he was able to describe with irony and lucidity a concept very dear to philosophers since the time of Aristotle: the difference between idea and action. Just like in the song, even in everyday life it often happens that we find ourselves in contradictory situations in which the inability to pass from idea to action is clearly manifested. Through words we can make hazards that in many cases remain such and are not made due to objective impossibilities or underestimations of some kind. This lack of consistency most of the time creates enormous expectations in others and then enormous disappointments. To face digital transformation in the public sector with confidence, you need to be willing to deal with the exaggerated expectations placed on technology and be prepared for the huge disappointments resulting from their adoption (or non-adoption). Among the countless digital anomalies in which inconsistency is exercised are certainly the issues related to the cloud. In the Three-Year IT Plan, published by AGID and available at https://www.agid.gov.it/it/infrastructure/cloud-pa, the cloud plays a role so important that it provides a qualification strategy for the PA and a rationalization program that respects the following principles:
- improvement of service levels, accessibility, usability and security;
- interoperability of services within the Cloud model of the PA;
- reduction of the risk of «vendor lock-in», ie creation of a relationship of dependence with the service provider;
- requalification of the offer, expansion and diversification of the supplier market;
- resilience, scalability, 'reversibility' and data protection;
- opening of the market to Small and Medium Enterprises (SMEs).
The adoption of the cloud infrastructure allows, in fact, - AGID declares on the institutional website - to improve the operational efficiency of ICT systems, to achieve significant cost reductions, to make software updating simpler and cheaper, improve data security and protection and speed up the delivery of services to citizens and businesses.
On paper, the reasoning is flawless and provides a strategic line to follow to significantly improve the digitization (and organization) of the country. Where, then, is the difference between the goodness of the idea and the applicability of the action? The answer is not trivial and is to be found in the feudal and self-referential conception still prevailing in many PA. First of all, it is worth pointing out that the word cloud, although it lends itself very well to the indifference typical of conferences, hides some dangerous pitfalls due to its broad and generic meaning which must be contextualised. In Italy, there are over 11.000 data center, and more than 160.000 databases whose total cost amounts to about two billion euros, compared to the 5,8 billion spent in the public ICT sector. In practical terms, this translates into rivers of spent resources, even if it would be more correct to write squandered, in contracts and subcontracts, in consultancy and product purchases, which feed a swampy market from which citizens, the majority shareholders of those funds , have very low returns. The eleven thousand data centers, in turn, deliver public cloud services to 22.000 small institutions through a “non-system” with no governance and totally fragmented in terms of reliability and security. Generally speaking of services and reliability, however, does not help readers understand the article, so it is necessary to specify some technical aspects. When we talk about cloud services, we generally refer to a pyramid divided into three parts “Infrastructure, platform and software”.
Based on this subdivision, the provision of services is classified with a scheme represented by the table below.
The first column, entirely blue, represents the flow of traditional ICT management of an organization. The blue cells identify the cloud services that can be used. The last column represents the flow of a totally cloud-based IT management. The acronyms referred to in the diagram, IaaS, PaaS and SaaS, describe different types of cloud.
An IaaS (Infrastructure as a Service) solution provides for the external management of the infrastructure (physical servers, network, virtualization, data storage, etc). The user can manage the operating systems, applications and middleware through APIs, delegating to the supplier the issues concerning hardware, connectivity, outages, technological adjustments and problem solving.
The PaaS (Platform as a Service) type includes, in addition to the infrastructure, an additional level of application software consisting of development platforms or solution stacks. This solution provides an environment suitable for developers and programmers, who can have cloud sharing platforms and tools available, as required by the DevOps methodologies, without the burden of managing the infrastructure. Finally, the SaaS (Software as a Service) solution provides users with one or more “ready-to-use” software applications, which can be used through dashboards, APIs or web interfaces. In this case, the management burden is limited to general maintenance activities such as software updates or bug fixes. Complementing this scenario are the inherent properties of clouds, which can be public, private or hybrid.
Leaving aside the deepening of this last aspect, which would introduce a further degree of complexity, it is good to dwell on what are the real needs of a PA, also in relation to the size, human resources and internal processes of the organization. It is clear that there is no solution that is absolutely better than the others, but there is a solution that is better suited to different organizational realities. There are PAs that do not have human resources capable of managing the infrastructures, and therefore must necessarily orient themselves on the choice of SaaS services, and PAs that have diversified personnel with different abilities to guarantee a certain level of reliability in the provision of services. Obviously, the adoption of one solution does not exclude others: you can choose different clouds for different needs. For example, you can choose a SaaS service to manage email and a PaaS cloud to manage software development. As very often happens, however, the problems hardly ever concern technology but its application in those working contexts too plastered with unwritten social rules that favor clientelism and favoritism.
In a recent AGID report on the ICT assets of 990 PA it emerges that 35,4% of entities do not intend to resort to the use of cloud computing, 22,2% expect it and 42,4% use some type of service. The most used cloud services are private ones (40,2%) and the prevalent types are SaaS (49,1%) and IaaS (34,8%). The most requested software services concern e-mail, hosting, document management, file archiving, IT protocol and personnel management (payroll and attendance). Despite the obvious advantages in terms of reliability, scalability, security and cost savings, and despite the wishes of the late Digital Team, which aimed to reduce data centers to a few national poles, the resistance of the PA to the adoption of cloud solutions computing are still a lot. In many cases, the need to have an in-house data center is justified, in part, by issues related to the specificity of some processes and compliance with privacy legislation (legislation that we will die of sooner or later ...), which inspires administrator of the institutions a mad fear of incurring possible sanctions by the Guarantor and leads them to apply measures that defy reason and make it difficult to conduct any type of work activity.
It must be said, however, that these situations are often limited to some well-defined internal processes and that hardly represent “structural” needs for maintaining, for example, the management of an e-mail service. The causes of resistance to the cloud are numerous, but one of them is clearly identifiable and can be traced back to the exercise of power consequent to the management of the economic resources allocated to IT. We must not forget that the economic resources do not belong to those who manage them, but to the citizens who finance them: they must be held accountable for expenses and results. The data produced by the institutions do not belong to those who produce them, but belong to the community: between the idea of open data and the application of open data, however, there is a sense of private ownership of data, which hinders every form of sharing. There is a fear that data can be used to bring out truths other than those predetermined or that they can bring some kind of profit to those who use it differently. The idea of making data public through an accessible cloud is shared by all… as long as it remains an idea. The services provided do not have a different destiny: they are often aimed at the careers of the staff and their subdivision or fragmentation feeds internal conflicts and delimitations of areas of competence that strongly penalize the collective well-being.
It is undeniable that IT has become central in all activities carried out in the PA and that the interruption of an IT service almost always affects the provision of a public service or the interruption of a production process ... especially when the process is bound to superstructures of Marxian memory. In this scenario, the role of the IT manager plays a fundamental role: organizational skills and abilities are not enough, we must repress the temptation to give in to the delusion of omnipotence, to discharges of responsibility, to personal matters with the managers of other production areas, to interests personal and clientelisms at different levels. The difference between idea and action, in the case of digital transformation, has nothing to do with technological issues or with the choice of an IaaS cloud rather than PaaS, but it is more subordinate to the working culture.
It has to do with the dignity, conscience and sense of responsibility of workers: all issues closely linked to a cultural problem that tends to confuse, at all levels, the sense of duty with the sense of power. In every PA there are peaks of excellence and very virtuous examples of professionalism and responsibility, which not by chance come from those intellectually free, curious and independent workers, those workers who, in silence, make things work and who often face depressing working conditions and reach the results not so much "thanks" to the administration that represents them, but "despite" the administration they represent ". It will not be the cloud that will save the Public Administration, it will be the workers.