Consultation: Draft Australian Government Cloud Computing Strategy Paper

Author: 
Glenn Archer - AGIMO
Category: 
The Department of Finance Archive

The content on this page and other Finance archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

As part of AGIMO's role, we monitor new developments in the ICT environment that may benefit or affect the Australian Government. Cloud computing is a growing area of interest in ICT and we've worked together with other agencies to prepare a draft paper on the Australian Government’s possible use of cloud computing.

Whilst this paper is still in draft form we would like to seek public feedback on the proposed approach. All comments are welcome and they will all be considered for inclusion. If you have any comments on the Australian Government Cloud Computing Strategy Paper let us know what you think by commenting on this post. If you prefer not to make your comments public, you can email our team at aga@finance.gov.au. We’ll review the comments we receive by 31 January 2011, prior to finalising the cloud strategy. I look forward to receiving your feedback. Glenn Archer Acting Deputy Secretary, AGIMO.

Comments (10)

The recent draft report on the Australian Government cloud computing strategy is further evidence that the Australia Government is diligently examining what has become a rapidly maturing model for governments, enterprises and other sectors to use 'cloud' based ICT services, as real alternatives to the historical model of internally hosted, operated and managed hardware and software.

As someone who has been closely involved in the cloud computing in nearly all of its forms across several professional assignments over the past ten+ years and who has also had significant experience in bespoke in-house software development, I believe that we have reached a point of maturity where more and more workloads historically run internally, can and should be re-evaluated to determine if/how they could be better responsibly provisioned and operated on a services basis within a shared cloud environment at lower cost, at equivalent or higher functionality and with greater flexibility , speed of delivery, without sacrificing security, privacy, control or increased risk.

As the Managing Director of Yammer Asia Pacific, the provider of the SAAS based Yammer enterprise social media platform, we have observed very rapid growth in adoption of Yammer as an important tool for collaboration by over 113 Australian Federal, State and Local Government departments and by over 20,000 government users (including education) around Australia. Given this level of usage, Yammer is already a significant Government cloud based Software as a Service provider, that has been adopted by Government departments large and small to quickly deliver value and enable government employees to powerfully connect, build working coalitions, learn about what is going on in their work environment, promote innovation and increase engagement, and to broadly help them use the right information in more effective and secure ways.

As is appropriate, risk, privacy and other related considerations remain central to both users and providers of cloud services such as Yammer and to this end Yammer today has undertaken numerous comprehensive risk assessments, including site visits, penetration testing and rigourous inspection of back-end operations, support, engineering and other security functions. Today, Yammer counts within its enterprise licensed customer base, some of Australias largest Banks, world leading research institutions, pharmaceutical companies, top accounting firms, Fortune 10 and numerous Fortune 500 enterprises.

In a rapidly emerging market segment, provisioning Yammer via a SAAS based model, has enabled Yammer to rapidly add functionality and enhancements to its platform and provide many other operational benefits to its clients, without sacrificing the ability for Yammer to also be branded, tailored, customised and integrated with existing in house or other cloud based services to create a seamless user experience for Enterprise Social media.

I also draw to your attention recent government related articles and useful research on the excellent egovau blog, case study information from the WA department of Health and Queensland Government and very relevant research in the latest McKinsey Quarterley.

(sorry links omitted due to your comments SPAM filter)

I commend this draft paper and look forward to Yammer continuing to work across Federal, State and local government areas on this, as well as the equally exciting broader Gov 2.0 agenda.

_______________________________
Simon Spencer, MD Asia Pacific
Yammer Inc.

With evolution of more deeper insights and increased adoption to cloud computing areas, I believe the goals and objectives might also have to take into consideration with respect to Government, Citizens, Departments / Agencies with a next generational view considering social media and nature of collaborations along with the cost take out efficiencies.

Policy might need to consider few more perspectives of Service Management, Policy Governance management which will be vital for sustenance

Across countries, there are more work load use cases being done and successes evolved, more scientifically evaluated for its success and would be good to review the use cases laid out for pilot evaluation and its success of being right for other agencies / departments evolution

While the infrastructure and associated directions to cloud is very vital for different cloud deployment models, application view to the cloud strategy and alignments will be key as it relates to agencies, departments, G2G, G2B, G2C service delivery

Your human-verification arrangements are error-prone.

They deleted the text when I asked for a verification code I could actually read.

The brief section on 'Potential Risks and Issues of Cloud Computing' (pp. 14-15) seriously underplays the problems. The Strategy therefpre creates the likelihood of cavalier behaviour by agencies with data that is sensitive, and that has been gathered from companies and individuals by legal compulsion.

Analyses of user requirements are to be found here:

Clarke R. (2010a) 'User Requirements for Cloud Computing Architecture' Proc. 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing, Melbourne, Australia, 17-20 May 2010 (eds. Parashar M. & Buyya R.), pp. 625-630, PrePrint at http://www.rogerclarke.com/II/CCSA.html

Clarke R. (2010b) 'Computing Clouds on the Horizon? Benefits and Risks from the User's Perspective' Proc. 23rd Bled eConference, 21-23 June 2010, at http://www.rogerclarke.com/II/CCBR.html

Clarke R. (2010c) 'Cloud Computing: Managing for Benefits and Managing the Risks' Sourcing and Vendor Relationships 11, 1 (July 2011), Cutter Consortium

Clarke R. (2011) 'The Cloudy Future of Consumer Computing' Xamax Consultancy Pty Ltd, 2010, Submitted to the Bled eConference, June 2011, at http://www.rogerclarke.com/EC/CCC.html

As an Australian citizen, I wish to express my concern that the Strategy Paper seems to leave open the door for agencies to host Apps and Data on cloud servers located off-shore, provided they can "tick the box" that the data remains private and secure.

Section 3 contains some thoughts on "Legal & regulatory" (including a reference to the U.S. PATRIOT Act), "Privacy" (including a reference to the [Commonwealth] Privacy Act (1988)) and "Security", but still leaves the door open for agencies to make their own assessments as to whether or not they can host private data on corporations and individuals on off-shore provided data-centres in a "Cloud" model.

I would prefer to see the Australian Government mandating the strict use of data centres located in Australia, operated by Australian companies (or government agencies) under Australian law for the benefit of Australian citizens, even if this may have a higher short-term cost. The mid- to long-term cost of off-shoring any/all of our national and private data is simply too high.

+1

I'm sure DSD would agree.

You can't ensure Information Security without controlling the Physical Infrastructure.

Here are a few immediate comments that occur to Kevin Noonan and myself from Ovum’s perspective:

(1) The paper should include a more complete review of the cloud capabilities of local ICT companies. The environmental scan in the document does a great disservice to the number of local firms that have already made considerable investments in enterprise-grade cloud services. These include locally owned firms, and multinationals who have built cloud infrastructure in Australia.

(2) The section on Potential Risks and Issues of Cloud Computing should be complemented by columns which discuss the potential risks and issues of agency-specific on-premise computing, multi-agency shared services and old-style hard-wired outsourcing. The “status quo” also has many risks and issues … some of which may be greater than the risks and issues of cloud computing.

(3) It would be useful to provide a more thorough discussion of the legal and compliance implications of the use of global public cloud services vs. locally-hosted cloud services for different types of workload. This would clarify the relative merits and safety of each option and avoid the generalized overstatement of risks that really only apply to particular workload/cloud provider scenarios.

(4) The immediate imperative is to provide pre-worked solutions to some of the apparent legal, regulatory, policy and procurement process blockers so that each agency doesn’t have to trip over the same hurdles and waste effort reinventing the wheel.

(5) Generally our experience is that cloud computing shouldn’t be just an academic discussion. Agencies should be encouraged to experiment with some of the more low risk cloud services to assess their strengths and weakness and learn how to mange the new model.

(6) The paper could benefit from a more strategic perspective of cloud computing in the Australian ICT industry. There is a chicken and egg problem here. Cloud is "too risky" for government because the onshore vendors are relatively immature ... but onshore vendors need demand confidence to invest. Signaling government demand will stimulate onshore cloud investment, with the result that all agencies (federal, state and local) will have greater access to more robust and trustworthy cloud-style ICT services in the future.

Re: Steve Hodgkinson / Ovum comment.

I agree with Steve's analysis here, there is a 'chicken and the egg' challenge for locally provisioned cloud offerings where ongoing demand will certainly drive investment both by australian and overseas businesses as this area matures, scales and provides a quality product.

Whatever way a department elects to provision an IT based solution, there is always risks that need to be mitigated effectively. While the risks implicit within the cloud model have been noted in the comments above, the risks, challenges and total cost burden of running your own mature datacenter infrastructure are also certainly not insignificant.

No one would be recommending a 'Cloud for everything' extreme at this point.. but certainly Cloud remains an emerging enabling technology model where continued use will deliver productivity, drive agility, create financial and many other benefits to government and Australians.

The shift towards a “Cloud” platform is especially significant in the context of the growing interest in the more widespread application to government of the tools and culture of Web 2.0. This trend, generally described under the banner of “Government 2.0”, is already having a big impact on the way governments around the world approach core tasks of policy development, regulation and legislation, service design and delivery and especially more effective, authentic engagement with citizens and communities.

In each of these critical government functions, the imperative is to dramatically lift the capacity for “anywhere, anytime” communication and collaboration between government agencies, between agencies and citizens and between citizens themselves. To that extent, it is inevitable that the ‘cloud’ will increasingly become the indispensable platform on which these new services and capabilities are provisioned. The shift towards ‘cloud’ should therefore be seen as a central piece in the continuing push for reform and renewal across all facets of government.

Cisco views both Public Cloud, and potentially a Government operated (and / or moderated) Cloud, as enabling platforms for the recommendations of the Government 2.0 Taskforce.

Further to this, we recommend that data provided for public consumption be in a form suitable for use by applications to harness and leverage the data into intelligent uses. Providing the data using standard based APIs would encourage mashups, blogs, wikis and other bespoke delivery vehicles. Agencies may wish to provide appropriate public access to “raw” data, thereby harnessing the user community to present the data in creative new ways and/or on new platforms with minimal development effort from the agency.

A range of community based application development could see public data leveraged onto smart devices, portable computers and into other applications that provides economic advantage and day to day benefits to Australian Citizens.

On the technical side of Cloud infrastructure, most “Cloud” deployments today are either virtualised, efficiently run data centres, or public facing services with proprietary Application Programming Interfaces (APIs). APIs for applications, acquisition of resources such as computing power and storage, and machine image management must be available to make applications suitable for network clouds. Proprietary APIs do not typically allow for the sharing of resources between different clouds. Using proprietary APIs in Private Government Clouds would cause additional cost at a later date if interoperability is required to share services between agencies, or leverage market offers from local Service Providers.

We recommend the Government establishes a baseline set of API standards as this area evolves, to minimise poor investment, particularly in Private Clouds that may need to interoperate with a Government Community Cloud (for example, where one agency using on demand computing resources from another agency due to seasonal mission requirements). This approach will also enable a layer of “brokering” between the agencies and providers whereby services can be leveraged consistently, reliably and with simple portability.

“The opinions expressed in this blog are my own views and not those of Cisco.”

This post is now closed for comment. Thank you for participating in this discussion. Thanks also to those who provided feedback by email. We very much value the time and effort put into assisting us with further refining the paper and we will now consider this in the context of finalising the Australian Government Cloud Strategic Direction paper.

If you have any further comments, you can direct them to aga@finance.gov.au

Regards

Glenn Archer

Last updated: 28 July 2016