Canberra’s Secure Cloud Strategy is a key element in the ongoing adoption of Cloud technology by government agencies and departments, and one of the most important tools available to government CIOs. That’s our takeaway from a qualitative survey of Federal government IT leaders, which we undertook while producing the “Perceptions of Cloud Computing in Government” whitepaper for Rubrik.
The strategy was designed to help government agencies use Cloud technology. It defines a Cloud certification model for accreditation of Cloud providers evaluated by the Australian Signals Directorate (ASD).
The idea was simple enough: once the ASD clears a Cloud platform, it can be used by government agencies to run either Protected or Unclassified DLM work. A subsequent update removed the ASD’s certification process for those who can provide Cloud services to the government. This was replaced with the Australian Cyber Security Centre’s Cloud Security Guidance which aims to guide government agencies in the comprehensive assessment of cloud service providers.
Jamie Humphrey, Managing Director at Rubrik A/NZ, welcomed the changes as he said they would streamline government cloud adoption and provide additional opportunities for the local technology industry.
However, he said agencies seeking to take advantage of cloud services would first need to bolster information management and data governance practices.
“Before any cloud migration, it’s essential to know exactly what data you have and where it’s located. Organisations with the size and scale of government departments have immensely large data sets, so the first step should always be identifying high-value or confidential data to ensure the appropriate security measures can be applied.”
When we spoke to government technology leaders — typically off the record so they could comment freely — many agreed security was the key concern of agencies. This remains the case both before adoption and once they are in the Cloud.
Interestingly that fear isn’t necessarily a deal-breaker, since agencies are keen to embrace the benefits of public Cloud.
These IT leaders recognise the benefits — such as increasing the speed of delivering new platforms which allow for continuous improvement, providing easier access to services, and reducing the effort needed for maintenance, while allowing agencies to focus on improving service delivery.
They credit the Secure Cloud Strategy with providing the framework to help them in their decision-making, saying it prepares agencies who want to shift to Cloud, and supports them through the transition.
Ultimately, though, the Government’s Digital Transformation Agency says agencies will develop their own Cloud strategies to suit their own needs.
Seven principles will guide each agency as it develops its own strategy:
- It aligns Cloud services procurement to the recommendations from the ICT procurement review.
- It moves towards a layered certification model.
- A common assessment framework will make Cloud system requirements clearer.
- A new model for contracts will make responsibilities and accountabilities of Cloud providers clear.
- The DTA will develop a platform to share knowledge and expertise of Cloud products and services. The platform will enable secure sharing of Cloud service assessments, technical blueprints, and other agency Cloud expertise, to iterate on work already done rather than duplicating it.
- The Agency will lift Cloud skills and expertise in the Australian Public Service (APS) through existing and new programs.
- It will explore and develop shared platforms that different services can use, reducing duplication.
According to the Strategy document, many Australian government agencies are adopting Cloud services to facilitate digital transformation. However, feedback from agencies highlights that this is not a quick or simple task.
Beyond security, there are a number of barriers to agencies realising their Cloud aspirations. These include a lack of knowledge and skills, as well as decades-old operating models that are difficult to change.
There is a lack of a common understanding of Cloud for the government. The government’s approach to Cloud is siloed rather than collaborative, and technology leaders lack confidence in meeting their compliance obligations.
Furthermore, some existing Government approaches don’t fit Cloud models, and there is a sense that Government applications and services are not ready for Cloud. Likewise, there is a concern about the availability of skills in Canberra to harness the Cloud opportunity.
Cost is also an issue, with concerns that Cloud computing may increase both short-term and some longer-term costs.
These barriers highlight a significant knowledge and capability gap that must be addressed and the government’s Cloud aspirations can be realised, according to the DTA.