Microsoft has begun decking out two new ‘regions’ of its Azure cloud service for government’s Protected information – right in the heart of the Australian government.
It’s a new partnership announced today between the tech behemoth and Canberra Data Centres, which already has most Commonwealth departments as its clients thanks to its prime twin-locations inside the government’s ICON network.
Under the deal, Microsoft will be the only major cloud provider in Australia to deliver “Hyperscale” cloud services to handle up to Protected classified government data – the highest classification currently permitted on cloud services.
Unlocking rich applications of data has been complicated by the immense size of government information and the amount that can be processed on existing analytical servers typically housed in government basements.
Early in 2018 it’ll be possible for government organisations to do much more with their data by bringing the analytics software to the data, instead of taking the data out of the security of the CDC infrastructure. Doing so will bring government a step closer to the dream of real-time dashboards using live data.
Assistant Minister for Digital Transformation Angus Taylor is one of many senior government members, including the Prime Minister, who see real-time data analytics as the path to better policymaking and delivery as part of the public service’s digital transformation potential. A proponent of small players getting a greater slice of the $9 billion the government intends to spend on ICT next year, Taylor welcomed today’s announcement for what it also means for local business:
“Global innovation in areas such as cloud technology is an essential foundation for this transformation and will ensure we can meet the expectations and needs of all Australians. So too the local software ecosystem can build its skills and innovate rapidly to first serve our local needs, then expand into global markets.”
Looking ahead, if the classification limit is raised above the currently permitted Unclassified and Protected, CDC is ready to seek accreditation for even more highly sensitive data – not that either party could ever publicly acknowledge if it did.
As even the most cautious of security agencies have confirmed for themselves, the infrastructure security at CDC exceeds most secure (and secret) government buildings. CDC chief executive Greg Boorer says the facilities were built with Top Secret classification in mind, well before any cloud was authorised for Protected.
The CDC/Microsoft monopoly inside the ICON network presents a physical lock-out for other providers, notably Amazon Web Services (AWS) and Google, who also lack the channel partners and eco depth to pull off what Azure can provide in Australia. While everybody claims interoperability and application neutrality, there will be money-counters in government who see efficiencies of scale linking whole-government software needs with cloud infrastructure.
Cloud isn’t making much of a dent in government budgets right now, but that’s probably because it’s still barely being used, certainly not enough to do much for the public good that Taylor is referring to. But there are other ICT costs tying up the funds right now, that’s what Microsoft has in its sights.
Classification — an engineering challenge with a budget impact
James Kavanagh, Microsoft Azure’s local engineering lead says less than 1% of that $9 billion ICT spend goes on cloud, and that might be because almost half of all government applications are over 10 years old and are slow to upgrade because they’re mission critical systems essential to welfare, tax and Defence.
“But the consequence of their age and their complexity is that almost 80% of all ICT budgets is just to keep the lights on,” Kavanagh says. “It doesn’t do any more than keep the systems running.”
Another 13% is spent on minor increment changes like updating tax rules as required. A mere 9% tends to go on actual transformation, new services and fundamental shifts that the public can see.
Public sector leaders look at that distribution and see a lack of innovative thinking and a cultural challenge. Microsoft looks at that and sees an engineering challenge.
“It’s not a trivial thing to have a mainframe or a mission critical system running a Cloud service,” Kavanagh says. It needs to be accessible at scale, it needs skills and capability to use it, but government also is handles classification is a way unlike any other business – and that’s where most the trouble with cloud starts.
“Even though the majority of government data is probably Unclassified, it’s often within a pool of data that might have a little bit of Protected … intermingling of different classifications is complex.”
Users want to be able to work seamlessly across Unclassified, Protected, Secret and Top Secret without a jarring experience or moving between totally different platforms. Complicated interdependencies make this extremely difficult as they move parts or all of these systems to the cloud.
“No matter how much money, in some ways, is pumped at the problem, it’s a technical challenge … and the career impacts are significant to say the least for any faux pas,” Kavanagh acknowledges, sympathetic to the CIOs who work in this town.
Data as gravity
Put data and artificial intelligence together, as Azure seeks to make possible at previously unfathomable scale with massive computing infrastructure, wonderful things can happen.
“When those two are brought together you can run algorithms on top of them, you can run machine learning, deep learning,” Kavanagh says, but to make the most of it the data and the cloud analytics have to live together. Otherwise, you’re stuck with the status quo: analytics that are always 6 months out of date.
The platform has incredible scale, which Microsoft calls ‘Hyperscale’. It can handle an identity service, or just run a website, it can run the largest SAP HANNA if you want. “Anything from you just need one machine to run a website, to you need ten thousand servers to run a genomics – let’s say a large scale, high performance computing or super computing. That kind of elasticity to be able to buy it in for an hour, or for ten minutes – and you only pay for what you use.”
Azure has only one other competitor for this kind of cloud computing scale, or three in total if you see where Google is heading. But what made CDC attractive for Microsoft is its twin-locations inside the ICON network, where transfer rates to federal agencies is virtually instant, but still providing sufficient distance between them for disaster security. Even though these sites represent Microsoft’s 41st and 42nd locations for Azure, they still sound excited by the potential for Canberra as a seat of gravity – most of their sites aren’t based around government seats of power.
“We’re going to build Canberra as a centre of gravity for cloud,” Kavanagh says. “Around those we have an ecosystem of partners. There are many more employees in our partner ecosystem than us. And then many, many more employees in government. So for us it’s a challenge of well how do we build the skills in our partners, build the skills in the government workforce? Because ultimately they’re going to build the apps. We build the platform.”
Top photo: James Kavanagh (left) from Microsoft Azure and CDC chief executive Greg Boorer.