Canberra will be forced to get its head in the cloud under a new Commonwealth technology strategy. But the savings identified might be pie in the sky without leadership and more specific targets.
The new policy statement from the Department of Finance on the adoption of cloud computing services across government is the most unequivocal yet, according to Gov 2.0 advocate Craig Thomler. “[It] certainly makes the federal government’s position on cloud computing far stronger and more directive than previous versions of the policy,” he told The Mandarin.
Finance Minister Mathias Cormann and Communications Minister Malcolm Turnbull launched the policy and toolkit for bureaucrats on Wednesday. The joint foreword reads: “Under the Government’s Cloud Policy agencies now must adopt cloud where it is fit for purpose, provides adequate protection of data and delivers value for money.”
The italics are the government’s. “By making this a must — not a ‘consider’ as per the previous version of the policy — this lifts cloud to a central consideration in all ICT sourcing, rather than an optional consideration that may be ignored by some agencies,” Thomler, who heads the Delib Australia consultancy, said.
The strategy is now “cloud first”. It’s designed to be more responsive to the needs of citizens, the ministers say, while making savings to a significant government spend with layers of duplication and fragmentation. The Commonwealth spends about $6 billion annually on ICT services; combine the states and territories and the public sector accounts for 30% of the domestic market.
Under the new plan, Commonwealth entities are “required to use” cloud platforms for new ICT services when replacing systems. That’s a welcome step forward, according to Thomler.
Still, the cloud computing sector is sceptical. OzHub — a coalition of players including Macquarie Telecom, Nextgen Group, Alcatel Lucent and F5 — welcomed the policy this week but criticised the lack of targets.
It points out the United Kingdom has set a goal of shifting half its new government IT spending to cloud-based services by 2015. There’s no numbers in the Australian policy, aside from noting just $4.7 million in AusTender cloud procurement has been achieved since July 2010.
“The new Cloud Computing Policy shows intent, but lacks targets and strong central leadership,” OzHub chair Matt Healy said. “Industry is ready but the government must set real targets. We’ve been in the starter’s hands in the race for take-up of cloud computing for too long.”
If government leads the economic benefits could be significant, the report notes:
“Improved adoption of cloud services by the government sends an important signal to the private sector. If government agencies were perceived to be treating cloud services as risky, this could reduce the adoption in the economy more generally.”
‘Limited progress’, lack of knowledge
The new Commonwealth policy is, at least, frank about the “limited progress” made. But it cites some examples.
The Australian Maritime Safety Authority developed a cloud-based application tool to track the compliance of international ships. The solution has proved cheaper and faster and increased user satisfaction with better functionality and mobile accessibility.
Finance is also investigating moving the AusTender system to the cloud. A 12-month pilot aims to deliver a solution that delivers greater value for money and improved confidence with implementation advantages. At the state level, Queensland recently adopted a cloud-based mail service with Microsoft that the government claims will save $13.7 million over three years.“I have had federal agencies tell me they support cloud, provided they can host the software on their servers.”
Thomler believes agencies generally aren’t well placed: ICT teams have limited experience in cloud-based software; legal and procurement teams don’t understand the characteristics and have “unnecessary concerns or unreasonable requirements”.
“I have had federal agencies tell me they support cloud, provided they can host the software on their servers. I have also witnessed legal teams placing extensive privacy policies in place, where they didn’t realise that there are little material privacy differences between hosting on a cloud service and having a dedicated server for third-party software in a privately owned data warehouse, provided the software and data remains within an Australian jurisdiction,” Thomler said.
There is a vital education component necessary to support the plan. “The Department of Finance may be doing this already,” said Thomler. “If not, it’s likely to be the biggest area of concern — different agencies could still take different positions on cloud due to their level of experience and understanding of the area.”
One of the action points in the report talks of updating information sharing to “facilitate continual learning and establish a repository of case studies, better practice guides, practical lessons learned and information on entity solutions”. Interested state and local government organisations will be invited to participate.
And then there’s the security issue. Healy believes the Attorney-General’s information security management guidelines, also released this week, present another barrier.
“Individual agencies are now authorised to conduct their own risk assessments and approve the outsourcing of government-held private information offshore. There is an increased risk associated with data held offshore, and surveys showing that consumers and SMEs are more concerned about the security of their personal information when held offshore,” he said.
“Devolving decision-making to individual agencies on the basis of ‘steamlining decision-making’ may not constitute an appropriate privacy and security regime to protect the private information of Australians. We believe there should be a sensible balance of prudent accountability by the Attorney-General and central agencies in providing assurance to Australians that their information is safe and that redress in Australia is available should there be a breach.”
More at The Mandarin: Tom Burton: can open source cure Canberra’s Kremlin web?