The 2014-15 financial year, particularly this latter half, is shaping up to be the year government in Australia finally starts journeying in earnest into the cloud. In the past two months alone we’ve seen stock photos of fluffy clouds blowing into articles about both Federal and State ventures. The New South Wales government for instance is reportedly forging ahead with its own cloud agenda, with state government agencies gaining access to a range of new cloud-based services aimed at improving services to taxpayers via the new GovDC Cloud Connect Platform. Queensland published an addenda to their ICT Strategy that mandates a preferred option cloud-based solution. Even the ever hesitant South Australia, with their long overdue cloud policy still in the distance, have taken their first steps towards a whole-of-government cloud panel with plans to start taking application for a pre-approved data centre scheme by end March.
But the biggest sign marking a milestone for the public cloud has arrived courtesy of the Department of Finance Whole of Government Cloud Policy.
A definite improvement on the 2013 version it replaces, Finance’s updated government cloud policy, launched last year, more closely aligns Australia with the ‘cloud first’ positions taken by the British and US governments. And while it’s less of a ‘fearless march into the cloud’ and more of a ‘cautious shuffle at ICT refresh points” it does provide the requirement for all Gov agencies to evaluate cloud services against other available options in terms of value for money and adequate management of risk. It’s a positive step forward and now Finance has provided a tool to help agencies meet that requirement.
Eliminating the pain and risks of blindly navigating the profusion of cloud services and vendors, and marking the first significant watershed moment since the new cloud policy came into play, the Department of Finance has established the Whole of Government Cloud Services Panel.
Complementing their endorsement of the Cloud as a viable option for Government, the decision to introduce a Panel, as opposed to the previous Multi Use List approach, means that the procurement process has already been conducted. Value for money has been identified and agencies no longer face the drawn out, resource draining exercise of going out to tender for ICT needs above relevant thresholds – which they frequently are.
The coming service catalogue will make things even easier for procurement teams by enabling agencies to easily compare the services being offered: then it’s just a matter of requesting quotes. Given that Panelists could only opt in on a limited number of services, that catalogue will be workable too.
No more excuses!
The fiscal imperatives have come to bite. Australia’s financial position is not what it was two years ago. ICT is expensive and if the cloud service providers on this Panel promise anything, its savings.
Then there’s the question of security? Data security has always been the public cloud nay sayers stumbling block of choice but their objections have been losing momentum and are further challenged by this Panel. From here agencies can access the very best cloud platforms, those offering effective physical and logical security and a portfolio of security certifications, such as market leader Amazon Web Services. Looks like that ‘meets security requirements’ box should finally get ticked fairly regularly. In essence it already has been, via a number of workloads moving to public cloud and forging a path for others to follow. But it is still in the key differentiators of Data Security as well as Access Control and Service Partnerships that the Public Cloud Service Providers will need to score well against their non-cloud competitors.
Assessing the assessment
I understand that Finance are now planning to provide further information and documentation regarding use of the Panel to the CIO network, and I suspect too that in some cases there may be the need for agencies to review their ICT procurement assessment criteria. It will be interesting to see how rigorous the evaluation of cloud services will be. No doubt there will be distinct differences from one agency to the next and further distinction across the uptake of SaaS vs PaaS vs IaaS. Equally interesting will be the kinds of reasons that CIOs and their evaluation teams nominate for not embracing the cloud option at refresh points – what trends, gaps and areas for improvement will emerge? Finally, while a review does not appear to be built into the scheduled actions relating to the new cloud policy, one will surely occur. This will be the true test of the success of the policy, and its trusty Panel, and I for one will be keeping a watchful eye on Senate Estimates hearings in the coming financial year or two.