NSW moves closer to ‘cloud-first’ strategy


news The New South Wales Government has given further signs that it is moving to adopt the kind of ‘cloud-first’ IT procurement strategy which jurisdictions such as the United States, United Kingdom and New Zealand have pursued over the past several years, in a move which could fundamentally change the way the state buys and uses technology.

Australia’s public sector has in the past notoriously been averse to purchasing products and services which fall under the cloud computing umbrella. While pure play cloud and software as a service vendors such as Salesforce.com, Google, Amazon Web Services and others have experienced a solid level of success in various aspects of Australia’s private sector with their solutions, the fact that most such services have been hosted offshore has prevented such companies from making strong in-roads into Australian governments at any level — federal, state and local. Similarly, companies such as Microsoft, Oracle and SAP which offer both SaaS and on-premises models have continued to see strong public sector demand for their traditional solutions, with only slow uptake of their SaaS options.

However, if the NSW Government has its way, much of this may be about to change.

In a submission late last month (PDF) to an inquiry being held by the NSW Parliament’s into the procurement and management of ICT services in the NSW public sector, the state’s Department of Finance and Services, which oversees central IT strategy for the state, gave several clear indications that it was interested in broadly shifting the state’s IT procurement practices to what it described as an “as a service” model. The state’s new ICT Strategy, the document said, featured “a shift from owning and managing infrastructure, to acquiring hardware and software through as-a-service models”.

“Agencies have traditionally purchased and operated their own hardware and software,” the document noted. “This approach has resulted in fragmented and inconsistent ICT systems across the sector. Outdated and incompatible systems impact effective and efficient service delivery, and increase costs and duplication. The ICT Strategy outlines how the public sector will, where appropriate, move to an ‘as-aservice’ orientation whereby a third party provider owns the ICT infrastructure, and agencies purchase only the services they need.”

“This model of ICT procurement provides agencies with opportunities to lower costs and improve the cost-effectiveness of service delivery. As-a-service models mean that agencies pay only for the services that they use rather than asset acquisition and ongoing maintenance. A service orientation offers flexibility and agility in ICT service provision, and allows Government to achieve better value for its ICT investment.”

Finance’s submission told the inquiry that the move represented “a significant step change” in the way that the NSW public sector purchased and managed its ICT, and as such, its departments and agencies would require an expanded set of skills and capabilities to deal with the shift, “particularly in vendor management” – including the negotiation and management of service agreements.

Part of the NSW Government’s new approach, the submission noted, was a strong focus on implementing virtualisation across its operations, with agencies now being required to develop and execute virtualisation plans and consolidate their infrastructure to the several new datacentres which the state government is currently building.

The comments come as NSW has this year given a number of other indications of a shift to a ‘cloud-first’ style IT strategy. In May, for example, several major New South Wales Government agencies, the Department of Trade and Investment and Transport for NSW unveiled major and wide-ranging plans to imminently purchase Software as a Service-style IT solutions, detailing the new interest in the cloud computing paradigm through tender initiatives kicked off at the time.

One of those tender initiatives has already resulted in a major cloud computing deal. In July, German software giant SAP won a substantial deal with the the Department of Trade and Investment which it described as its biggest deployment of its Business ByDesign software as a service suite globally, and its first cloud platform win in the local public sector. The $14.5 million deal will see SAP deploy a cloud-based ERP platform to the department, consolidating many other legacy systems onto the one centralised platform along the way.

Transport for NSW (which was formed from the merger of the NSW RTA, maritime, transport construction authority and Country Rail groups) was also talking to the industry in May about SaaS packages. The tender documents have gone offline, but an article by ZDNet.com.au details the fact that in March, the agency went to the market with a proposal to abandon in-house infrastructure and migrate 35,000 email accounts, 25,000 desktop environments and some 2,000 BlackBerry devices to new systems, all labelled “as a service”. ZDNet quoted Transport NSW’s tender documents as follows:

“The group CIO is actively promoting a strategy of ‘as a service’, recognising the potential for leveraging the economies of scale and expertise of the private sector in the delivery of core technology platforms and capabilities to government.”

In a separate briefing in October, NSW Finance Minister Greg Pearce noted that the state was developing a new cloud computing strategy, including talking to IT vendors about the development of a dedicated private cloud platform which could be used by departments and agencies across the NSW public sector.

NSW’s move to the cloud comes at a sensitive time for state governments in terms of their ability to deliver on IT projects and service delivery. Most of Australia’s state governments – notably Queensland, Western Australia, Victoria and NSW – have suffered major issues with IT over the past several years, with a string of audit reports noting billions of dollars in wasted investment and a strong trend of IT projects blowing their budgets and sometimes failing to deliver on their initial aims.

At a briefing in Sydney this week held by VMware, CSC Australia chief technology & innovation officer Bob Hayward noted that large enterprises in Australia had been slower than other industry segments (such as small businesses and startups, for example) to adopt cloud computing technologies, and CSC had found it harder to sell such solutions into large organisations than it had anticipated, with many large groups burdened with legacy systems and restricted by compliance regulations.

However, he said, in the past six months he had seen “a real shift” in the market, with large organisations now showing a much stronger interest in cloud computing solutions. The executive agreed with the idea that cloud computing offered state governments a chance to take a different approach to IT project and service delivery that could allow them to avoid some of the disasters suffered in the past; and he noted that NSW wasn’t the only government taking this path, highlighting other moves in Queensland and Western Australia, for example.

It’s very good to see this kind of fundamental IT paradigm shift going on within the NSW State Government. I’ve said it a number of times recently, but I really do believe that the Coalition administration in NSW does really “get” IT and has a real chance at improving IT project and service delivery in the state in a hugely positive way.


  1. With the push of Amazon services into Australia, along with the increasing local offerings, the notion that “cloud” had to be offshore is no-longer strictly true, and really hasn’t been for a while now.

    Views are changing. It’s healthy to see.

    • Amazon is still a USA company, and when you combine that with the Patriot Act it will still keep many people from using it (eg. Government departments, etc).

      • Ahhh … playing the “scare them with the Patriot Act card” huh?

        This is more perception than reality however … though it is an issue that needs careful consideration. The Patriot Act is used as a “monster under the bed” to frighten children. When you look at the facts objectively it is not necessarily a material obstacle to the use of public cloud services for all agencies nor for all categories of data. The trick is to focus on the policy and service delivery outcomes being sought … rather than on a narrow process or regulatory compliance view. The fact is that there are already agencies in Australia using US-based public cloud services after looked at the risks of off-shore data hosting. It just a matter of looking at the real issues and making pragmatic trade-offs of the benefits and the risks.

        • I reckon some of the elephants in the room with off shore (even on shore) cloud are:

          1. changes in taxation revenue – as you can see the US is heavily pushing both corporately and governmently to push cloud into foreign countries to disrupt taxation revenue to the host government (and divert the wealth back to the US – and via exotic tax havens).
          2. patriot act access – this can be a real challenge for government as direct impact and corporates as indirect impact. For example, if you are say in country X and happily conducting business using Google Apps, the US decides that country X is now part of the axis of evil and Google et al must vacate the market, you are screwed. Countries will also have a new front opened up to them along side trade embargoes – ie potential withdrawal of cloud services to their citizens and companies when they attempt to negotiate with the US govt.
          3. cloud providers will become easy large targets of well aggregated, organised and accessible data for penetration. Sure, Google shrugged off one social engineering incident, but I’m sure there’s heaps more that went undetected. More likely to target Google than some obscure government department.
          4. cloud provider failures – these will be spectacular in comparison with software/hardware company failures of the past. Vast numbers of businesses will fail as their provider goes dark. While there won’t be many failures, their impact will be impressive (look at the impact of edge cases such as Megaupload and the collateral damage they caused).

          • Hey Thateus,

            The world is indeed a scary scary place. In a pragmatic sense, however, under-invested, under-skilled and over-stressed in-house IT departments are also pretty scary … and too often insecure … we are just familiar and complacent about their risks and constraints … like an old comfy pair of slippers.

            We will all be much more comfortable when there are enterprise-grade cloud services providers resident or hosted onshore … which will happen in due course as momentum and confidence … and demand … grows. There is a demand vs. supply chicken and egg thing here. My argument is that governments need to show policy leadership to stimulate the growth of the Australian-based cloud services industry by putting their demand of the table and buying cloud services.

            In the near term, it is better to build agile skills by adopting the most mature enterprise-grade cloud services on offer (which in the case of SaaS still tends to mean off-shore solutions) … but this will evolve over time. The local IaaS market is already growing in depth.

            Cloud provider failures will, of course, be an issue. Caveat emptor and have a tested plan B …

  2. At this point the NSW government has the best grip on the opportunities of cloud services of any of the Australian government jurisdictions. I’m on the record of describing NSW Trade & Investment’s SAP Business ByDesign ERP project as being the most exciting government cloud services project anywhere in the world this year.

    The reason is because it brings together the threads of cloud services, more agile project management and shared services in one initiative. It truly is a leadership-driven project aimed at transforming the agency’s approach to ICT by taking advantage of the opportunities of Internet-age solutions. It will set a new benchmark for how much an ERP systems should cost, how long the project should take, how executives frame requirements in a more practical manner and how shared services operate in government.

    Fingers and toes crossed!!

  3. The NSW government has of course ensured the protection of our personal information in its deal with SAP. It has, hasn’t it?

    • I believe so Jack … there is a mix of off-shore and on-shore data hosting depending on security/privacy requirements. This appears to have been well considered at senior executive level and the expectation is that the overall level of data security will be significantly higher than the current under-invested, fragmented and insecure mess.

      In any case, this needs to be put in the context of the generally low level of actual (as opposed to assumed) information and data security in government owned ICT facilities. Read the last decade of information security audit reports in any state government to gain a better appreciation of the accepted “status quo” of agency data security. Try this one, for example:


      Conclusion of this report? (a direct quote from the exec summary … page 2) “The government is not able to provide assurance that it is safeguarding its holdings of personal information because its policy has not been properly implemented.”

      Or this one:


      Conclusion (page 5): “None of the agencies we tested had adequate systems or processes in place to detect, manage or appropriately respond to a cyber attack. only one agency detected our attacks.”

      These sort of conclusions have been consistently expressed in such reports in all jurisdictions for over a decade.

      Why? (this is my opinion) Under-investment. Ageing assets. Lack of leadership and accountability. Nonsensical cycles of random/political organisational changes. Under-investment. Poor definition of process and practice. Poor adherence to process and practice. Poor staff training. Low staff morale. Under-investment. etc. etc.

      I spoke at the DSD CyberSecurity conference in Canberra this year … I felt like a sacrificial goat up on stage do my “cloudy is as cloudy does” thing … but anyway it actually went pretty well. After me there was a presentation from an Australian chap, Wayne Ronaldson, who competed in DefCon18 in Las Vagas. It was a social engineering hacking challenge … 25 corporations were targeted … most were ‘captured’ in 10-15 minutes. Only one successfully defended itself. Google. Why? Because data protection is their core business. Because they invest accordingly. Because they have modern assets. Because they define their processes and are audited to compliance with standards like ISO27001 and SAS70 Type II. Because they train their people well. Because their people are well led and well motivated … maybe?

      Folks need to wake up. The reality is that agencies need to learn how to participate safely in the global digital economy. People+Process+Technology. In the end, the only hope for data safety is for agencies to learn how to safely use public cloud services for appropriate applications and data categories so that they can focus their meager resources on those applications and data categories which must continue to be operated on-premis or in closed private cloud arrangements due to legitimate legal or practical reasons (as opposed to spurious reasons in defence of vested interests).

      The best way to look at this is to acknowledge that the status quo is fundamentally and irretrievably broken (many audit and review reports attest to this). The problem is that current mess has emerged during a decade of pretty buoyant funding. Looking forward, there is just not enough money, managerial wit or skills available for agencies to do all IT in-house to the required levels of quality. New thinking is required.

      Deal with it … take a deep breath … and consider the alternatives.

      We should admire the executive team at NSW Trade & Investment for having the leadership nous to see this clearly and for having the intestinal fortitude to actually pursue a more sustainable path against criticism from folks that are trying to defend the indefensible.

      … IMHO ;-)

Comments are closed.