An interesting article in the Guardian recently, entitled 'How Government procedures turn small graphics into big costs', discussed how the rebranding at the Information Commissioner's Office in the UK cost over £40,000. Particular attention was paid to the web development costs (£3,982.50) which included developing the favicon.ico, at a cost of £585. While the article focused on the time and effort involved in developing and approving such a small item (a 16x16 pixel graphic), the comments to the article were of particular note. One commentator said:
"I have personally created dozens of web sites and I have never, ever, consulted any hosting operation to see if something can be uploaded. I have a server in our company offices and it's simply a matter of uploading and viewing."
Many, like this commentator, consider the public sector to be vastly overly bureaucratic and there is plenty of evidence to support this view; however having robust change management or other governance processes does not support this view.
Many forget that outsourced commercial hosting providers, such as Capita in this example, have service level agreements (SLAs) with their customers as to the performance and security of the websites under their management. If the customer is allowed to upload anything, including graphics of any size, then performance could quickly degrade and the outsourcer could be liable for financial penalties. Therefore the outsourcer must have governance processes and related policies to protect itself. Similarly if the customer were to unwittingly upload a file with a virus attached it could affect the reputation of the outsourcer. Therefore it is rational and good practice for outsourcers to have some form of governance around any content that they host, if they have a robust SLA.
Whilst it is easy to run multiple websites from a server in an office, as the commentator quoted above mentions, government websites tend to be clustered blade servers, or even mainframes, running in large data centres. A lack of change control could be disastrous in these circumstances. For the performance of a website to be measured and the hosting company to be contractually liable it would be commercial suicide to not have good governance in place.
About the author
Team Capacitas
FinOps and AI: Building the Financial Discipline for the Next Wave of Enterprise Intelligence
AI FinOps represents an evolution rather than a replacement of traditional FinOps. It extends the model into a domain where financial, technical, and product decisions are tightly interconnected.
Confidence Under Load: How We Verified AKS Readiness for Peak
How Capacitas verified AKS readiness for peak demand by validating workload performance, autoscaling, cluster capacity, monitoring, and incident response.
Building Cloud Resilience: Lessons from the AWS Outage
Learning from the Latest Outage. Events like this week’s AWS disruption highlight one clear truth: resilience must be designed, not assumed.
Bringing Order to Chaos: A Practical Guide to Chaos Testing in the Cloud
In today’s cloud-native environments, resilience is not optional—it’s critical. Chaos testing has emerged as a key practice for validating system behaviour under failure conditions.
