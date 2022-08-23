DTA making safe and secure progress on cloud journey

The Digital Transformation Agency (DTA) is in the business of building online systems that permit secure access to government services via cloud technology. The process began in 2017 with the development of a strategy to modernise the public service.

A DTA inquiry submission outlined the thumbnail sketch of the secure cloud strategy (SCC), which aims to give agencies “a clearer understanding of how government can harness the opportunity of cloud to increase agility, reduce duplication, increase efficiency and improve competition to get value for money from ICT investment”.

The 35-page SCC, which was amended last year, sets out the key objectives in getting cloud technologies adopted across the public service. It also guides agencies on the transition to cloud services.

When evaluating technologies, agencies are encouraged to use cloud services as the default option, ensure services are designed for the cloud environment and take advantage of automation provided by cloud services.

“The secure cloud strategy has been developed to guide agencies past these obstacles and make sure everyone has the opportunity to make the most of what cloud has to offer,” the DTA’s strategy document says.

“This is not a simplistic ‘lift and shift’ view of the transition. Instead, the strategy aims to lay the foundations for sustainable change, seizing opportunities to reduce duplication, enhance collaboration, improve responsiveness and increase innovation across the Australian Public Service.”

So, how is the shift to secure cloud technologies going?

The DTA outlined progress on its cloud-first policy in the 2020-21 annual report. This reporting period coincided with much of Australia going in and out of coronavirus lockdown and working remotely.

“A part of this is a migration to the use of Microsoft Teams for video conferencing (VC) solutions as well as providing multiple other VC solutions for use at the DTA to engage with other APS departments/agencies and the public,” the annual report says.

“Over the past year, we have rolled out a cloud-native secure internet gateway and security information and event management monitoring solution, securing our offices, devices, information and people.” The report says software such as Microsoft 365 has allowed the agency to scale its operations as required.

The DTA worked with several departments to create secure “cyber hubs” and eliminate the need for agencies to build their own services. “The cyber hubs will align to government’s reuse objectives by delivering centralised and robust cyber capabilities for all agencies to use.”

The DTA also brought in administrative workarounds to enable agencies to access cloud-based software and services more easily. It established a bank of reusable contract clauses so agencies could products created by other agencies in their operations.

It also appointed more government sellers with cloud expertise through the telecommunications and cloud marketplace panels and expanded the hardware and software marketplace.

TDIF and digital identities

The DTA has also been working to ensure online security via the trusted digital identity framework (TDIF).

DTA’s Matthew Sedgwick explains that service providers operating in the Australian government digital identity system (AGDIS) must undergo TDIF accreditation to ensure they meet the government’s strict guidelines to protect privacy and provide security to the user.

The TDIF allows the use of cloud infrastructure and all accredited participants who connect to the AGDIS use various methods, including cloud solutions.

Australia’s digital identity system comprises agencies, private sector businesses and other mechanisms designed to work together to deliver a secure way to prove someone’s identity online to access government services.

The first accredited identity providers under the TDIF are myGovID, which is operated by the ATO, and Australia Post’s Digital iD. Others will be added as the system develops.

The TDIF’s purpose and scope haven’t always been clear to politicians who have sought to ask the DTA questions during Senate estimates. One Nation Senator Malcolm Roberts wanted to know how many people the agency expected would take up the offer of establishing a digital identity.

“The so-called ‘trusted digital identity’ entails finding all commonwealth government records for every adult Australian, creating a digital identity in each person’s name and then adding that data into their digital identity,” Roberts said.

“In other words, this is a giant data-matching exercise. Is that correct?”

DTA CEO Chris Fechner said this interpretation was inaccurate. “The digital identity is a mechanism for citizens, through their own choice, to establish a trusted and secure mechanism to engage with government services,” Fechner said.

“The information that’s stored inside the digital identity is entirely up to the discretion of the citizen … it’s not used for any other purpose than for proofing the identity of the citizen so that they can use services.”

Fechner told estimates in April 2022 that 7.9 million digital identities had been created. He said growth depended on people’s willingness to move onto the system and that it was “scaled for full enrolment”.

“As new services are created by the government that require identity then people can make choices as to how they do it,” Fechner said. “We’ve worked very closely with the privacy commissioners. We’ve done all of the work that’s necessary to look at the protections for citizens.

“[Digital identity] isn’t used for one-to-many matching. It isn’t used to track people’s movements. It’s simply a mechanism to support secure, safe and convenient access to services through a proven identity.”