Text size: A A A

From risk to benefit: public servants change their minds about cloud security

Only a few years ago, a lot of public service leaders saw cloud computing as a security risk; now it is mainly seen as the opposite, according to a new survey.

“Federal agencies surveyed said improving security was the biggest reason driving them to move their IT systems into the cloud,” according to a statement from Macquarie Government, which commissioned the survey from research firm Ovum. Leaders from 45 federal government departments and agencies were interviewed during February and March this year, following up on a similar poll three years ago.

“This was a dramatic reversal of attitudes from the 2015 survey, when agencies worried security would be compromised by moving data to the cloud.”

The new report, out today, also suggests the federal government’s Certified Cloud List is not the main factor for 64% of agencies when they choose a vendor. “Security is clearly a top-of-mind issue, but the CCL is currently seen as a slow process that has trouble keeping up with developments in the fast-changing cloud market,” adds the report, endorsing the new secure cloud strategy which gives agencies more freedom to make their own choices.

Interestingly, 67% of leaders said they needed security for PROTECTED level information or above, which sounds a little high to the analysts asking the questions.

“The response to this question is a little surprising, since it is clear that 67% of government agencies do not currently run their existing internal workloads at a Protected security classification,” notes the report.

“This response does say quite a lot about the ‘halo effect’, where agencies may be looking for extra security headroom as a buffer to address possible future needs. It may also reflect Protected classification as an emerging ‘gold standard’ for government workloads in the cloud.”

Ovum says its 2015 survey “picked up a strong sense of passive resistance, with an expectation that cloud would just be a passing fad and would disappear over time” — the most common reason public servants were moving to cloud services back then was because they were being told to.

According to the new report, an attitude of “We’ll do it because it’s government policy” has since given way to: “We’re ready, so let’s do it.”

From ‘tactical’ to transformation

The analysts behind the survey say the approach to cloud computing in the Australian Public Service is still mainly “tactical” at this stage, and that the next step is new “business transformation” possibilities.

Macquarie Government managing director Aidan Tudehope, who proudly states 42% of federal agencies use his services, says the results show the APS is only just scratching the surface of what is possible when agencies purchase the use of ICT products, as required, rather than sinking large amounts of investment into owning and operating them in-house.

“Departments and agencies reported many practical positives from moving to the cloud, including enhanced security, cost savings, speed of deployment, and better support and reliability,” Tudehope said.

“However, there was very little mention of the broader government digital strategy, to use cloud as a platform to transform the experience of citizens interacting with government services.”

The research firm also created a series of word clouds based on common responses, such as the following, which shows the “top business reasons” for more investment in cloud services:

The survey also asked for practical advice from respondents, based on their implementation experiences in the APS, eliciting fairly standard responses. These mainly emphasise the importance of doing one’s homework, making detailed plans, choosing the vendor carefully and preparing staff (or other end-users) for the change.

Others gave more specific technical advice. One APS staff member warns agencies “should launch in testing phase initially to avoid any information loss” — a lesson that hopefully wasn’t learned from painful experience.

“You should be open to suggestions and change continuously to improve the setup,” advises another, while at least one went against the headline findings: “Costs are low but might sacrifice security at some points.”

Surmountable challenges

Public servants who were surveyed report the transition is still creating financial management challenges, because it sometimes means agencies want to shift funding that was allocated to capital expenditure for cloud services that will provide the same capability, but are classified as operational expenditure.

“In a sense, this is a good problem to have, as it shows cloud is now assuming a larger proportion of spending by agencies,” Ovum’s chief analyst Kevin Noonan said.

“The next challenge will be to bring greater flexibility to Government accounting treatment of spending on ICT. Agencies are also embracing more hybrid cloud solutions, as they begin to address the significant challenges of moving larger legacy applications and systems to the cloud.”

According to the survey, other challenges include changes to skills and resourcing that follow the cloud transition and “a lack of focus on communicating the business benefits of cloud, case studies and good news stories” as well as the difficulty of leaving “complex interconnected legacy architectures” behind.

Most respondents found their most recent cloud implementation was either about as easy as they expected, or easier, although a significant 36% found it more difficult than expected.

Cost blowouts and “project complexity” topped the list of problems ahead of general delays and difficulties in hammering out contracts. Notably, poor availability and poor performance of the cloud service were the least common issues, adding to a sense that public sector purchasers are pleased with what the market is offering.

About two-thirds of agencies had an internal team playing the lead role rather than an external service provider, according to the survey, which includes a range of other information about where public sector investment in cloud services is heading.

Author Bio

Stephen Easton

Stephen Easton is a journalist at The Mandarin based in Canberra. He's previously reported for Canberra CityNews and worked on industry titles for The Intermedia Group.